-
Content Count
262 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Everything posted by jwbirdsong
-
Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply .
-
Would you repeat the OEMoveIt instructions from above except start your computer to SafeMode first. (The only file you really need to copy/paste into the box is C:\WINDOWS\system32\iifdbxv.dll. You don't need to do the rest of the list. That should get rid of it. Post a fresh Combofix log plz. Also post a Panda log (below) Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Compa
-
Let me have a look at this son-of-a-gun before we getr rid of it. Please go here to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\WINDOWS\system32\iifdbxv.dll In the comments, please mention that I asked you to upload this file Click on Send File Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose
-
Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit >
-
Sorry connection problems last two days.. Yeah iot seems to as often as not. Copy the following to Notepad and save to your desktop as combofix-do.txt Files:: C:\WINDOWS\SYSTEM32\iifdbxv.dll Folder:: C:\VundoFix Backups Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbxv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{634C7583-74C6-4FEF-BD06-9721761A6815=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634C7583-74C6-4FEF-BD06-9721761A6815}] Now drag the file you just made on top of ComboFix and
-
Go to the folder C:\Program Files\Trend Micro\HijackThis\ and Right click on HijackThis.exe then choose Rename. Change it to newhj.exe (If you have a short cut on your desktop for HijackThis it will no longer work.) You can just run the file from here when needed or right click the newly renamed file and create a new shortcut and place it on your desktop. Please download VundoFix.exe (by Atribune) to your Desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove t
-
You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Couple of things, You friend seems to be running different Anti_Virus programs(AVG and Avast) ...While one is a MUST have running two can/will cause them to fight for resources and control of system and can cause slow down and errors. She should pick one and uninstall the other. Please go here to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\WINDOWS\expro.dll
-
You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Open HijackThis and click on Do a system scan only. Place a check mark next to the following: O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\windows\ddesupport.dll O21 - SSODL: msole - {BB35535F-AFB3-4BCF-A263-3ADC9DF204FF} - C:\windows\msole.dll Close ALL other open windows and programs and click Fix checked. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will op
-
Download Combofix to your desktop. Doubleclick combofix.exe Follow the prompts. Don't click on the window while the fix is running, because that will cause your system to hang. When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post this log in your next reply .
-
Hello, * Please download FixwareOut from one of the following sites: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe http://downloads.subratam.org/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. If your firewall gives an alert about downloading an additional file from the internet,make SURE to allow it. Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads please post the
-
As far as deleting the 'moved' files..we'll remove them once you are ALL clean; there is not much sense in deleteing a folder if we may just recreate it later...the file that are in those folder are safe for now... Go to start>run>type in cmd hit enter Enter the following lines, one at a time with Enter after each one. sc stop ereventlog sc delete ereventlog Close the command window now. Open HiajckThis and put a check next to O4 - HKLM\..\Run: [pcmedic] C:\Program Files\pcmedic\pcmedic.exe Icon Close ALL windows and click fix checked. Now DELETE the Combofix you have on your Desktop.
-
Well I guess since it's been 3 yrs since you posted this question i'll get areound to answering it now...Although I'm afraid I'm gonna ask more questions than give answers just now. When you are getting the Zapchast trojan warning is it JUST in _restore or elsewhere too?? Give locations if possible. The Firewall/Remote issue is not surprising as they are closelt related AND often affected by various infections. The following steps will reset to the DEFAULT settings. Copy the following to a new Notepad and save to the Desktop as "fwdef.reg" Make sure to use the quotes when you are naming the f
-
Well it's true what Matt said about finals etc but I've been out of college for 35 years or so so it didn't really pertain to me..lol No I live in the US post me one final(?) HijackThis log please
-
Open HijackThis and check the following O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O4 - HKLM\..\Run: [asro] C:\WINDOWS\asrotray.exe Close ALL other windows and programs (even this one) and click Fix checked. Yeah just do the clear cache and cookies that I posted for EVERY profile the computer has. How is every thing running now?? PS AVG popped up like that because an infected file was being "read or written to" IE read my Panda... It's normal.
-
Please download OTMoveIt by OldTimer: Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose "Copy"): C:\WINDOWS\asrotray.exe C:\ktf\ C:\WINDOWS\system32\onpcs.dll C:\WINDOWS\system32\apo.dll C:\WINDOWS\system32\a3p.exe C:\WINDOWS\asrotray.exe C:\WINDOWS\system32\ccman.exe C:\WINDOWS\system32\carion.exe C:\WINDOWS\rundl64.exe C:\WINDOWS\system32\mswasie.exe C:\WINDOWS\system32\drivers\erelog.exe C:\WINDOWS\nerochk.exe Return to OTMoveIt, ri
-
That's only like 1/4 of what should be in the combofix log..will you try and run it again plz. Don't worry about quatentee folder just yet..we'll deal with it in time. If you still havent rebooted since it ran..manually reboot and run it again plz.
-
the line and all below it are just my 'signature'. they are in every post I make. I said a good start because there WILL be more to do. Although what I posted will go a long way to stopping a lot of your problems. You have SEVERAL, MAJOR infections.....we will NOT fix them all in one step, no matter how long and detailed it is.
-
Well you have got a couple of different infections...some Korean trojans probably an IRC bot or two...but you have a couple of unknowns also. So as a first step I'd like to do a little file collecting. First (and this is VERY important)..Delete the HijackThis from your desktop. Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop
-
Download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*]Once the update has completed select the "Scanner" icon at the top of
-
Don't I know you from somewhere?? First let me apologize for kinda of "losing" you over the holiday weekend. I know we had thought you were about resolved but you had asked some questions that I never got around to answering. Just as a reminder Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall s
-
Please go here to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\WINDOWS\msn64.exe In the comments, please mention that I asked you to upload this file Click on Send File You need to print this out or save a copy to Notepad for reading because you can NOT have IE/FF or any browser open while doing the fix. Open HijackThis and click on Do a system scan only. Place a check mark next to the following: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O4 - HKLM\..\Run: [OSA64] C:\
-
Sorry I seem to have lost track of this over the long holiday weekend... Would you post a fresh HijackThis log for me plz
-
Aerosmith--Lord of your thighs
-
http://www.syrlug.org/docs/HOWTO/MultiOS-HOWTO.html
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.