Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan trouble Smitfraud


  • This topic is locked This topic is locked

#1
virushater

virushater

    New Member

  • Member
  • Pip
  • 4 posts
Hello Every body :) ,

This is the first time I am writing and I really think my Computer neesd ur divine intervention.I use windows XP and I have loads of Windows hotfix patches that the automatic updates give me.
I have two problems ;) , kindly answer my questions.

1) I was beseiged by www.quicknavigate.com ;) , no matter what I typed in the address bar quicknavigate is all that opened and soon after that the status bar would disappear and I got very frustrated.I then updated my McAfee VirusScan and also downloaded this software called SPYBOT SEARCH & DESTROY from this site called www.download.com and scanned my computer and finally got rid of the quicknavaigate webpage though I still think I am having some problems.

2) Last night when I was using my computer I think Smitfraud found its way into my computer and now thanks to it I dont have my desktop image any more.i think I found a wp.bmp in my system and deleted it without thinking twice. VirusScan and Spybot S&D dont find anything wrong in my computer but i smell impending doom.I read other ppls threads and run the aboutbuster and winsockfix softwares u have on ur site. but no results.the Display properties are as blank as they can be.When connected to the internet my web browser keeps opening up pages that tell me my computer is being attacked and its being monitored and pages with MSN logos that tell me to click on certain links to download virus removal tools but i just close them since they look very suspiciouos. Also in the system tray a yellow triangle with an exclamation marks keeps popping up and tells me to My computer is being tracked and its at a risk.Help me, I need to get rid of this stuff from my computer.

I can only boot thru my harddisk.Can u also tell me about a few good tasks I can do regularly to keep my computer running in a good condition and also protected from Viruses,trojans and thearts.Aslo suggest a nice firewall.Heres my Hiack this log
Logfile of HijackThis v1.99.1
Scan saved at 5:13:36 AM, on 5/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\popuper.exe
D:\WINDOWS\System32\msole32.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\WINDOWS\System32\intmonp.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\SAIF\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - D:\WINDOWS\System32\hpADF3.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE LG Web Camera driver
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe"
O4 - HKLM\..\Run: [MSN Messenger] D:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\System32\stimon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://movie-browser.com/tl7000.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.119.64.2 212.119.64.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.119.64.2 212.119.64.3
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe



Thanks :tazz: keep up the good work
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi virushater and welcome to the Geeks to Go Forums.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

My name is Trevuren and I will be helping you with your log.

1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from your Desktop.

4. Download the most current version of Hijackthis (v.1.99.1) to a folder of its own. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Please click on the "My Computer" icon, then the C: drive icon. Next Right click on the desktop and choose NEW from the list available then> Folder' and name the folder 'HijackThis'. The end result should resemble something like this C:\HijackThis\

B. Download Hijackthis from:HERE

C. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

D. Close ALL windows except HJT

E. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

F. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
virushater

virushater

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Trevuren I am so glad to hear from u ;) .

As u told me I have followed all the expert advice u have given me and now I am posting the HijackThis Logfile as requested.

Once again thanking u Trevuren.Have a nice day :tazz: .

Signed
Virushater


Logfile of HijackThis v1.99.1
Scan saved at 5:57:56 AM, on 5/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\msole32.exe
D:\WINDOWS\popuper.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\System32\intmonp.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - D:\WINDOWS\System32\hpADF3.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE LG Web Camera driver
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\System32\stimon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://movie-browser.com/tl7000.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi virushater,

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Make double sure to disable Spybot's Tea Timer for now, as it can interfere with the fixing of problems.

Open Spybot and and make sure you are in Advanced mode (check it in the 'Mode' menu). Go to the Tools section and click resident and then uncheck the box for Tea Timer.

Then, reboot

2. Disable WinPatrol

Right click the running icon of winpatrol, and choose exit.
-------------------------------------------------------------------------

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

I need you to copy all of the Killbox file paths below and paste them into Notepad.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

D:\wp.exe
D:\wp.bmp
D:\bsw.exe
D:\Windows\sites.ini
D:\Windows\popuper.exe
D:\Windows\System32\wldr.dll
D:\Windows\System32\helper.exe
D:\Windows\System32\intmon.exe
D:\Windows\System32\shnlog.exe
D:\Windows\System32\intmonp.exe
D:\Windows\System32\msmsgs.exe
D:\Windows\system32\msole32.exe
D:\Windows\System32\ole32vbs.exe
D:\WINDOWS\System32\hpADF3.tmp
D:\WINDOWS\System32\wldr.dll


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

D:\Program Files\Search Maid
D:\Program Files\Virtual Maid
D:\Windows\System32\Log Files
D:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - D:\WINDOWS\System32\hpADF3.tmp (file missing)
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://movie-browser.com/tl7000.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab


Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.

Regards,

Trevuren

  • 0

#5
virushater

virushater

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Trevuren, :tazz:

As requested I carried out all the steps u asked me to do . I am sending the Hiack this log and the log from the Panda Online scan. I want u to know how much I appreciate ur helping me in this.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:41 AM, on 5/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\WINDOWS\System32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.saudi.net.sa
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE LG Web Camera driver
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\System32\stimon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


and the log from the online scan is ....


Incident Status Location

Spyware:Spyware/New.net No disinfected D:\WINDOWS\NDNuninstall*.exe
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/CWS No disinfected D:\Documents and Settings\SAIF\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/MyWebSearch No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected D:\Documents and Settings\SAIF\Favorites\online dating.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Anti Spam.url
Adware:Adware/Virmaid No disinfected Windows Registry
Adware:Adware/Virmaid No disinfected D:\WINDOWS\system32\perfcii.ini
Spyware:Spyware/New.net No disinfected D:\WINDOWS\NDNuninstall6_38.exe
Spyware:Spyware/New.net No disinfected D:\WINDOWS\NDNuninstall6_72.exe
Adware:Adware/SuperSpider No disinfected D:\Documents and Settings\SAIF\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\SAIF\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Online Gambling.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Online Pharmacy.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Spyware Removal.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Network Security.url
Adware:Adware/Popuper No disinfected D:\Documents and Settings\SAIF\Favorites\Anti Spam.url


Thanking u and lemme know if I haev to do any thing more.

Virushater
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi virus hater,

1. .

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

2. Please provide me with the log from EWIDO as well as a fresh HJT scan.


Trevuren
  • 0

#7
virushater

virushater

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Trevuran,

As requested I am sending the Ewido scan and a fresh HT log. i wanted to ask u a question regarding my computer , its more of a confusion. ;)
I run multiple anti spyware/malware software tools and scans like the spybot S&D, Adware from Lavasoft, Panda active scan and so on and after all the scans the tools say no problems anymore but then a fresh scan always seems to reveal something critical or sinister.i am worried I might never be able to enoy surfing like before, My computer looks and acts fine but seems a bit slow with 2-3 applications running.

My Ewido scan results are below.

--------------------------------------------------------

-
ewido security suite - Scan report
--------------------------------------------------------

-

+ Created on: 4:53:28 PM, 5/26/2005
+ Report-Checksum: 24E65CC8

+ Date of database: 5/26/2005
+ Version of scan engine: v3.0

+ Duration: 12 min
+ Scanned Files: 64911
+ Speed: 4.69

Files/Second
+ Infected files: 29
+ Removed files: 29
+ Files put in quarantine: 29
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016722.scr -> Spyware.MyWebSearch -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016723.DLL -> Spyware.MyWebSearch -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016724.SCR -> Spyware.MyWebSearch -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016725.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016726.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016727.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016728.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016729.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016730.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016731.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016752.DLL -> Spyware.MyWebSearch.c -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016753.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016754.DLL -> Spyware.MyWebSearch -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP86\A0016757.DLL -> Spyware.Wesbar -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP91\A0017892.exe -> Trojan.Puper.f -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP91\A0017930.exe -> Trojan.Puper.f -> Cleaned with

backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP91\A0017938.dll -> Spyware.MaidBar.b -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP97\A0017988.dll -> Spyware.MaidBar.b -> Cleaned

with backup
D:\System Volume

Information\_restore{7609FC41-2E70-4CA4-AAA4-FBA5E040172

F}\RP98\A0018039.exe -> Trojan.Puper.f -> Cleaned with

backup
D:\WINDOWS\NDNuninstall6_38.exe ->

Spyware.NewDotNet -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@40702958[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@burstnet[2].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@ads.monster[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@monsteraction[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@monster[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@search.msn[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@a[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@ads.mediaturf[1].txt ->

Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and

Settings\SAIF\Cookies\saif@server.iad.liveperson[2].txt

-> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End


And the HJT log


Logfile of HijackThis v1.99.1
Scan saved at 12:16:55 PM, on 5/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.saudi.net.sa
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE LG Web Camera driver
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\System32\stimon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.118.133.101 62.149.114.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.118.133.101 62.149.114.7
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe


Thank you for all th help u have extended to me over the last few days,Have a nice day.

Regards
Virushater :tazz:
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
That is the price one pays when running all this antispyware/malware . They are, for the most part, enormous resources hogs. Please follow these directions and it may get better for you.

Hi victim,

Congratulations, your new log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
1. Right-click "My Computer", and then left click "Properties".
2. Left click on "System Restore Tab"
3. Check box beside "Turn Off System Restore"
4. Left click on "Apply"

TO ENABLE SYSTEM RESTORE
1.Remove check mark from "Turn Off System Restore"
2.Click on "Apply"

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


3. Finally, Re-hide your System Files and Folders to prevent any future accidents.


Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP