trojan and possible aol hijack[CLOSED]
Started by
tiffany
, Apr 17 2005 02:58 AM
#16
Posted 05 May 2005 - 11:22 PM
#17
Posted 06 May 2005 - 01:03 AM
There is one more thing I need you to do before you start to follow my instructions that I will post soon. I need you to create a permanent folder for HJT. If you run it from the temp folder, the backups wont' be saved. Double click on "My Computer" then on your "C" drive. Click on "file" at the top and then "new folder". Cut and paste your HJT program into there.
Also, turn off your WinPatrol protection program until we are finished and I tell you your log is clean. Having it on can interfere with the fixes, and cause you to not be totally cleaned up, or some of the tools we may need to work properly.
Also, turn off your WinPatrol protection program until we are finished and I tell you your log is clean. Having it on can interfere with the fixes, and cause you to not be totally cleaned up, or some of the tools we may need to work properly.
#18
Posted 06 May 2005 - 01:24 AM
ok Tiffany, the log isn't that bad actually! I promise! A few steps, then some prevention/safety tips, and you'll be good to go!
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain
09 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
Wild Tangent
Please note any other programs that you dont recognize in that list in your next response
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\web\related.htm
Reboot normally, and Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Post a reply here with a fresh HJT log and the copy of the log from Ewido.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain
09 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Please remove these entries from Add/Remove Programs in the Control Panel(if present):
Wild Tangent
Please note any other programs that you dont recognize in that list in your next response
Please delete these files using Windows Explorer(if present):
C:\WINDOWS\web\related.htm
Reboot normally, and Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Post a reply here with a fresh HJT log and the copy of the log from Ewido.
#19
Posted 12 May 2005 - 04:09 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users