didom
-
Content Count
27 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by didom
-
-
When i went to uncheck the 'Hide protected operating system files (recommended)' it said that if i delete or edit them it could make windows unoperable, which I thought was a bit risky. wacko.gif Could you please reassure me, and tell me why i need to do this, just so i can be sure it wont break my computer.
It's safe! You have to make all the hidden files visible because some files may be hidden and then you can't delete them! when you are clean we can hide them again!
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Step #1
Please run Notepad and copy the following text into a new file:
attrib -r -s -h %systemdrive%\Recyclerdel %systemdrive%\Recycler
attrib -r -s -h %systemdrive%\Recycled
del %systemdrive%\Recycled
shutdown /r /t 0 /f
Save the file as recyclerem.bat and make sure the "Save as type" field says "All files".
This is how the batch must look afterwards:
Double-Click on the file recyclerem.bat, a small DOS type window should open and close immediately.
Step #2
We need to make sure all hidden files are showing so please:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Step #3
Reboot Your System in Safe Mode:
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Step #4
Find and delete these files and folders (if they are still there):
C:\WINDOWS\SYSTEM32\msvol.tlb <= this file
Reboot your computer normally.
Step #5
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan
Save the Panda ActiveScan log. Start HijackThis and perform a new scan.
Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
- Click Start.
-
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Step #1
Scan again with HijackThis and check the following items:
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp2B3B.tmp
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
After checking these items, close all browser windows except HijackThis and click "Fix checked".
Step #2
We need to make sure all hidden files are showing so please:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Step #3
Reboot Your System in Safe Mode:
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Step #4
Find and delete these files and folders (if they are still there):
C:\Program Files\Microsoft AntiSpyware\Quarantine\F1235B3D-60B5-40FA-96FC-ADEF23\C87A2E04-AE09-4F3D-A34C-937AC7 <= this folder
Reboot your computer normally.
Step #5
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan
Save the Panda ActiveScan log. Start HijackThis and perform a new scan.
Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
- Click Start.
-
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Don't run it yet!
We need to make sure all hidden files are showing so please:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Reboot Your System in Safe Mode:
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Scan again with HijackThis and check the following items:
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp9F11.tmp
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\RunServices: [isass] C:\WINDOWS\system32\Isass.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxuk101AXGB
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
After checking these items, close all browser windows except HijackThis and click "Fix checked".
Find and delete these files and folders (if they are still there):
C:\Program Files\PartyPoker <= this folder
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt (C:\smitfiles.txt) log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
- Click Start.
-
Please look here for a solution:
-
Ok let's try this:
Hello, we are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.
Reboot into Safe Mode!
Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.
Typing this will start the program, and a box should appear telling you how much longer the process should take.
Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
- My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.
Once the scan is complete:
Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.
Please reboot, and let me know if anything has changed.
Also, please rehide the protected files:
- My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
- My Computer
-
Can you see the AWS folder in the Command Prompt?
-
Thanks everyone! I had a great day!
-
Can you get into the C:\Program Files\AWS-folder
And then try this command: del *.*
-
Please try this command:
del C:\Program Files\AWS\*.*
-
DELTREE C:\Program Files\AWS
That should delete the whole folder ...
-
Please try this through the command prompt:
DELTREE C:\Program Files\AWS
-
You can download en run this script:
http://www.kellys-korner-xp.com/regs_edits...hiddenfiles.vbs
To Enable/Disable Show Hidden Files/Folders....
-
Step #1
Scan again with HijackThis and check the following items:
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
After checking these items, close all browser windows except HijackThis and click "Fix checked".
Step #2
We need to make sure all hidden files are showing so please:
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Step #3
Reboot Your System in Safe Mode:
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Step #4
Find and delete these files and folders (if they are still there):
C:\Program Files\AWS <= this folder
Step #5
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the (Safe Mode with) Command Prompt menu item.
- Press the Enter key.
Step #6
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.
Typing this will start the program, and a box should appear telling you how much longer the process should take.
Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:
- My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.
Once the scan is complete:
Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.
Please reboot, and let me know if anything has changed.
Also, please rehide the protected files:
- My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.
- Click Start.
-
Scan again with HijackThis and check the following items:
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
After checking these items, close all browser windows except HijackThis and click "Fix checked".
Then reboot your computer and post a fresh HJT log!
-----------------------------
09 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)Did you installed WeatherBug yourself?
Are you able to run your computer in normal mode again?
-
So it's on your desktop now? If it's not please download it to your desktop!
- Restart the computer.
- As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
- Use the arrow keys to select the (Safe Mode with) Command Prompt menu item.
- Press the Enter key.
Probably you will see this: C:\DOCUMENTS AND SETTINGS\SHANE DANKWORTH
If not type: CD DOCUMENTS AND SETTINGS then hit enter and type: CD SHANE DANKWORT and hit enter again.
Now you'll be in C:\DOCUMENTS AND SETTINGS\SHANE DANKWORTH
Type: CD DESKTOP and hit enter.
Type: COPY bfu.zip C:\fixwareout\SUB and hit enter.
Then you can exit the command prompt by typing: EXIT
Then try the wareoutfix again!
- Restart the computer.
-
Please download bfu.zip (no need to unzip it!!!) and copy it to this folder C:\fixwareout\SUB
Then try to run the wareoutfix again!
-
YW
-
Ok, your HijackThis log is also clean....
This log looks clean!
- Don't forget to re-hide all files and folders. To re-hide all files and folders:
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading deselect "Show hidden files and folders".
- Check the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
[*]This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....
Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.
Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.
This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.
Please post back if you are still having any problems....
- Open My Computer.
- Don't forget to re-hide all files and folders. To re-hide all files and folders:
-
I mean the scanlog from panda, not a fresh HijackThis log...
-
Please run the scan again and post the log....
-
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan
Save the scan log and post it along with a new HijackThis Log in your next reply.
-
Scan again with HijackThis and check the following items:
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exeAfter checking these items, close all browser windows except HijackThis and click "Fix checked".
Make sure all hidden files and folders are visible (Instructions )
Reboot your computer into safe mode (Instructions)
Find and delete these files and folders (if they are still there):
C:\Program Files\Media Access <= this folder
Reboot your computer back into normal mode.
Your log shows that you have disabled some startup programs using MSConfig.
This is not recommended because I cannot clearly see everything that is loading on your computer at startup.
To enable all startup items quickly please follow these instructions:
- Start | Run | type msconfig | OK
- If not already selected go to the General tab.
- Under Startup Selection select "Normal Startup - load all device drivers and services".
- Click Apply and then Close.
- When given the option, please choose to restart the computer.
- Post a new log when you are done.
- Start | Run | type msconfig | OK
-
I could not get that LQFix to work.
What went wrong?
Please try this:
Please download miekiemoes' LQfix batch here:
http://users.telenet.be/bluepatchy/miekiem...tools/LQfix.zip
Unzip it to the desktop but do NOT run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run LQfix.bat. When finished, restart your computer in normal mode and please post a new HijackThis log.
-
Scan again with HijackThis and check the following items:
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
After checking these items, close all browser windows except HijackThis and click "Fix checked".
Then reboot your computer.
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan
Save the scan log and post it along with a new HijackThis Log in your next reply.
Pleeease Help Me
in Malware Removal
Posted
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
Step #1
Please run Notepad and copy the following text into a new file:
Save the file as recyclerem.bat and make sure the "Save as type" field says "All files".
This is how the batch must look afterwards:
Double-Click on the file recyclerem.bat, a small DOS type window should open and close immediately.
Step #2
We need to make sure all hidden files are showing so please:
Step #3
Reboot Your System in Safe Mode:
Step #4
Find and delete these files and folders (if they are still there):
C:\WINDOWS\SYSTEM32\ncompat.tlb <= this file
Reboot your computer normally.
Step #5
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan
Save the Panda ActiveScan log. Start HijackThis and perform a new scan.
Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.