When you enter your post, the window that you use has some icons that you can click to speed up the tagging process - the "quote" button is the speech bubble.For your first paragraph please may you elaborate
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you look at the log now, you will see O2 and O20 lines that were "missing" before - this was as a result of the Vundo infection.
There would have been others before the infection was cleared which would normally have become visible when HJT was renamed - why yours didn't play nicely is a mystery, hopefully a one-off.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.
Preparation
1) You will need to set Windows to show All Hidden Files and Folders
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **
2) You will also need to know how to boot into Safe Mode.
Instructions can be found here.
3) Log off from the internet and disconnect your modem cable for the duration of the fix.
Removal
1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKCU\..\Run: [e6783ac1.exe] C:\Documents and Settings\Alex\Local Settings\Application Data\e6783ac1.exe
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} -
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked
2) Boot into Safe Mode.
3) Remove any/all of the following files/folders that you can find:
Files
C:\Documents and Settings\Alex\Local Settings\Application Data\e6783ac1.exe
As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'
Folders
C:\Program Files\ToolBar888
As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'
4) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.
5) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.
6) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.
7) Boot into Normal Mode.
That should see the back of the last of your troubles.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You are running an old version of Sun Java which needs updating:
- Go here and click on the Download button to the right of Java Runtime Environment (JRE) 5.0 Update 8.
- Accept the license agreement by clicking the radio button.
- Under Windows Platform - J2SE™ Runtime Enviroment 5.0 Update 8, click the Windows Offline Installation, Multi-language link.
- Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment and then reboot your PC.
- Navigate to and delete the following folder, if it exists: C:\Program Files\Java.
- Finally double click the installation file that you downloaded earlier.
As long as the above goes OK, I want you to run your PC as normal for a few days. When you are happy that everything is fine, do the following:
Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.
The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!
Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.
Sign In
Create Account
