Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Downloader.xs, not desktop and no toolbar [RESOLVED]


  • This topic is locked This topic is locked

#31
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please double click on Spybot to run it.
Then go to the recovery tab and place check marks next to everything in there and have spybot remove them.
===========================
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Also delete\uninstall anything that we used that is left over.

Then your log is clean of malware.
=========================================
Now let's fix those cd\dvd drives.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass
==================================
Let's have you uninstall the DVD-Drive and then have you reboot and let windows reinstall the drivers for it. To do this, do the following:
  • Go to START-->RUN and type devmgmt.msc
  • In the new window that appears, click the + symbol next to CD/DVD-ROM Drives.
  • Locate the drive in question and right-click it and choose UNINSTALL.
  • Once it's finishing uninstalling, reboot your computer.
Once it's rebooted, try putting a DVD in it again and see if the same thing happens.

----------------------------

If after rebooting you are still having problems, try the following:

Click Start then Run and type regedit...click "Ok"

In the left pane, expand (click +) HKEY_LOCAL_MACHINE, then SYSTEM, then CurrentControlSet, then Control, then Class, and click on {4D36E965-E325-11CE-BFC1-08002BE10318}

Right click on {4D36E965-E325-11CE-BFC1-08002BE10318} and choose Export. Name this file "filters" and save it to your desktop. This file can be deleted when it is determined it is no longer needed.

In the right pane, if either UpperFilters or LowerFilters are present, right click on it and choose Delete...accept the deletion. Delete both if they are both present.

Close Registry Editor and reboot.

----------------------------

If after doing that your drive still doesn't show up, please download CDGone from HERE. Once it's downloaded, extract the files to your desktop and open the READ ME FIRST.TXT file and follow the instructions there.

Post back with how things are going after doing the above.
========================================
Let me know if that fixes the Cd drive issue.

Edited by kahdah, 12 April 2008 - 06:41 AM.

  • 0

Advertisements


#32
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I got my DVD player back, YEAH!!!! THANKS so much is there anything else I need to do. I really really appreciate all of your help. I know it has taken a while to get my computer straightened out. Not sure what got it in this shape to begin with. The computer guy who came over last weekend to try to help put RegSeeker and a Folder called backup on my desktop, should I get rid of these too. THANKS again and I will donate through Paypal in a bit.
  • 0

#33
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes delete the folder called backup and you can uninstall Regseeker.

ALso uninstall Suoerantispyware and anything else we used.
After that your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
  • 0

#34
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Thank you so much for your help, I truly appreciate it. I felt like all hope was lost after the tech left and I was still having problems! Have a great weekend.
  • 0

#35
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Hi I just did the Ad-Aware and it found a few things and I removed them and two were registry items apparently. Now my Task Manager bar is not working when I do ctrl alt delete and it is shaded gray. Any ideas if I deleted something out I should not have. THANKS
  • 0

#36
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Just an update. I deleted the backup file the technician had put on here along with Regseeker and it seemed that the task manager bar left after that and does not work, the DVD player is not working again, and I am getting Spybot is finding all kinds of things like CoolWWWsearch, 180solutions, 2020Search, etc. THANKS
  • 0

#37
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is fine about what Spybot and adaware finds it is common that they find leftovers although it would only raise a concern if you could not remove any of them.

Strange about that task manager thing do this for that.
===================================


Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and let me know how it goes.
  • 0

#38
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
GOT it. THANKS!!!
  • 0

#39
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
So everything back to normal?
  • 0

#40
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
Yes just that one website I cannot gain access to, but I can through FireFox, but not on internet explorer. http://192.168.1.254/ It is my wirespeed dual connect through Bellsouth that I get on occasionally if my DSL line is acting up. I can get to it via FireFox though. THANKS again for all of your help, I truly appreciate it. I hope you got the Paypal I sent.
  • 0

Advertisements


#41
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes I did and thank you.
I wasn't sure who sent it because of the different screen names compared to real names. :)

Try to add it as a trusted site in Internet Explorer.
  • 0

#42
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
I tried to add it, but it says it only takes HTTPS addresses and this one is an HTTP. THANKS AGAIN!
  • 0

#43
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yes you will have to type it in like this >Https etc..
  • 0

#44
medt

medt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
GREAT THANK YOU AGAIN!!
  • 0

#45
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your log is clean. :)

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Ad-Aware-Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SPYAD- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
=================================
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP