jwbirdsong

Trusted Helpers
 View Profile  See their activity

  • Content Count

    262

  • Joined

  • Last visited

 Content Type 

Posts posted by jwbirdsong

  3. Frustrated College Student[INACTIVE]

    in Malware Removal

    Posted

    By the "still doing it" you mean the Standby mode issue right.

    Well it doesn't APPEAR to be caused by spyware. But let's look a little deeper to make sure.

    Sorry about the long delay. Not sure what happened. I may have just missed/overlooked/not received the notice of your reply,

    Delete the Combofix you now and have and get a new/updated copy from HERE and post a fresh log from it along with a log from the following:

    Download and scan with SUPERAntiSpyware Free for Home Users

    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.

      [*] Click the "Close" button to leave the control center screen.

      [*] Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

      [*] On the left, make sure you check C:\Fixed Drive.

      [*] On the right, under "Complete Scan", choose Perform Complete Scan.

      [*] Click "Next" to start the scan. Please be patient while it scans your computer.

      [*] After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

      [*] Make sure everything has a checkmark next to it and click "Next".

      [*] A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

      [*] If asked if you want to reboot, click "Yes".

      [*] To retrieve the removal information after reboot, launch SUPERAntispyware again.

      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.

      [*] Click Close to exit the program.

  7. Computer Getting Pop-ups And Running Slower Than Usual.

    in Malware Removal

    Posted

    Please download VundoFix.exe to your desktop

    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    Download Combofix to your desktop.

    Doubleclick combofix.exe

    Follow the prompts.

    Don't click on the window while the fix is running, because that will cause your system to hang.

    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

    Post

    • Combofix log
    • C:\vundofix.txt

    in your next reply .

  8. Frustrated College Student[INACTIVE]

    in Malware Removal

    Posted

    Please run the F-Secure Online Scanner

    Note: This Scanner is for Internet Explorer Only!

    • Click on the Start Scanning button at bottom of page.
    • Accept the License Agreement and the ActiveX install.
    • Once the ActiveX installs,Click Full System Scan
    • Once the download completes,the scan will begin automatically.
    • The scan will take some time to finish,so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.

    2.

  9. Frustrated College Student[INACTIVE]

    in Malware Removal

    Posted · Edited by jwbirdsong

    Couple of things regarding Combofix

    1) your whole log didn't post.....

    2) You are running it from IE. 

    Running from: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E0SSA7A3\ComboFix[1].exe

    This is from clicking OPEN instead of Save. Make SURE you save the file to your Desktop and run it from there. and then repost your log

  11. Seamonkey From Mozilla

    in Windows 10, 8, 7, Vista, and XP

    Posted · Edited by jwbirdsong

    Yeah I've used Seamonkey prolly close to 2yrs now..

    Went to it when discontinuing Mozilla1.7 was still just a rumour. I won;t use anything else now.

    The one big downside to it is since it's a full suite the initial loading/startup is a little slower than FF. After initial load it run great.

    It has an import wizard so you can import both your contacts and Emails. Give 'er a shot...not much to lose in trying it out.

    I'm glad I did

    It also has the option to use Enigmamail through/with the Email client for Encryption/Email signing.

  12. Frustrated College Student[INACTIVE]

    in Malware Removal

    Posted

    Download SDFix and save it to your desktop.

    Double click SDFix.exe and it will extract the files to C:\SDFix

    Please then reboot your computer in Safe Mode (without Networking) by doing the following :

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.

    • Open the C:\SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back here along with a Combofix log..(below)

    Download Combofix to your desktop.

    Doubleclick combofix.exe

    Follow the prompts.

    Don't click on the window while the fix is running, because that will cause your system to hang.

    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

    Post this log in your next reply .

  13. Help Analyzing Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    Sorry for the delay..had a crazy week end.

    Looks like your Active X controls are just shut off.

    Let see if we can get a scan going.

    Open IE and click on Tools>Internet Options>Security(tab)> Make sure the Globe(Internet) is hilightedthen click Default Level>Apply>Click the Advanced (tab)>Restore Defaults>Apply>OK

    Reboot and try the F-secure scan again OR the following..either is fine.

    Using Internet Explorer please do an online scan with Kaspersky Online Scanner

    Click on Kaspersky Online Scanner

    Click "I accept"

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        • Extended (If available otherwise Standard)

        [*]Scan Options:

        • Scan Archives
        • Scan Mail Bases

      [*]Click OK

      [*]Now under select a target to scan select My Computer

      [*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

      [*]Now click on the Save report button.

      [*]Call it Kaspersky.txt

      [*]Expand the arrow beside "file types" and save as .txt file.

      [*]Save the file to your desktop.

      [*]Copy and paste that information in your next post.

    *Note

    If you have Internet Explorer 7 installed:

    If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.

    Page will reload and you should be able to carry on scan.

    If the KAV log has your email all over it -- please attach it rather than copy/paste.

    Make SURE to watch your IE screen for the YELLOW Information Bar that may pop up at top of IE windows about ActiveX..Just click the bar and choose Install if it pops up

  15. Help Analyzing Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    I'm starting to think that maybe it's not my computer

    I have a tendancy to agree, I'd really like to see a scan tho.

    This one will run on your computer instead.

    Download Dr.Web CureIt to the desktop:

    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    • Double click the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, in the menu, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.

    Post the Cureit log and a HJT log please

    Have you tried re-installing the HP Update software yet??

  16. Help Analyzing Hijackthis Log[INACTIVE]

    in Malware Removal

    Posted

    After DSS cleaned all that stuff out...looking pretty good.

    Let's look from another angle

    Please run the F-Secure Online Scanner

    Note: This Scanner is for Internet Explorer Only!

    • Click on the Start Scanning button at bottom of page.
    • Accept the License Agreement and the ActiveX install.
    • Once the ActiveX installs,Click Full System Scan
    • Once the download completes,the scan will begin automatically.
    • The scan will take some time to finish,so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • Click the Show Report button and Copy&Paste the entire report to your Desktop and post a copy here please, along with a fresh HijackThis log.

    2.

  17. Ie Safety Features[INACTIVE]

    in Malware Removal

    Posted

    Please download SmitfraudFix (by S!Ri) to your Desktop. (Don't worry about using this, even though some AV's will say that parts of it are malware, they are not.)

    Now, you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.

    Once in Safe Mode, double-click on SmitfraudFix.exe

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.

  19. Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]

    in Malware Removal

    Posted

    Well sometime it is nice to start with a fresh clean install.

    To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

    SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

    IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

    More info and download is available at links in the following article by TonyKlein

    Make SURE to read How Did I Get Infected in the First Place??

  20. Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]

    in Malware Removal

    Posted

    Well sometime it is nice to start with a fresh clean install.

    To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

    SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

    IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

    More info and download is available at links in the following article by TonyKlein

    Make SURE to read How Did I Get Infected in the First Place??

  25. Wowfx.dll Is Not A Valid Windows Image[RESOLVED][INACTIVE]

    in Malware Removal

    Posted · Edited by jwbirdsong

    You've got a pretty infected machine there; plus you have NO active Anti_Virus installed.

    Install and AV program..there are some good free ones in my signature,,,Pick one and install it (or choose one of your own)

    Download SDFix and save it to your desktop.

    Double click SDFix.exe and it will extract the files to C:\SDFix

    Please then reboot your computer in Safe Mode (without Networking) by doing the following :

    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.

    • Open the C:\SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back here along with a Combofix log..(below)

    Download Combofix to your desktop.

    Doubleclick combofix.exe

    Follow the prompts.

    Don't click on the window while the fix is running, because that will cause your system to hang.

    When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

    Post this log in your next reply .