Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Was doing all the steps in Malware Removal[RESOLVED]


  • This topic is locked This topic is locked

#1
KatW

KatW

    Member

  • Member
  • PipPip
  • 19 posts
Hi Everyone,

I can not get on the Internet at home so I came to work so I can download the W2fix. So can you tell me what I need to do when I get at home? Can I just copy it to a floppy and then take it home and run it on my home computer? I have Windows 98 at home and Windows XP here at work.

I had a Trojan Horse Virus and cleaned that up and a lot of the popups or so I thought. I was still getting some popups so I came to your site and was doing all the steps in the Malware Removel. I had used Ad-Ware and it found 186 pieces of Malware and I put them in quarintine but I somehow deleted all of them. So when I restarted my computer I could longer get on the Internet.

This grandma needs your help. I use my home computer all the time at home to do website so any help will be appreciated.

Thanks,

KatW.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

I suggest giving us a HijackThis log afterwards also. There might be other things lurking in there.

Download WinsockFix and put it on a floppy. Take it home and copy that file to your computer. Now double click on it and unzip the exe file that's in there. Next double click on WinsockFix.exe to run it.
  • 0

#3
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

Wow, I can not believe you have replied so fast. Thank you, Thank you, Thank you!!!!! I will go home now and try this. I will send you a log as soon as I can.

Thanks again,

KatW.
  • 0

#4
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

Well, I copied the W2fx to a floppy (I hope I did this correct) but when I went home and put the floppy in and tried to open it I kept getting this message.

"This program has preformed an illegal operation and will shut down. Quit all programs, and then restart your computer. If the problem persists, contact the program vendor."

Then once I click off that another message came up.

"Restrictions"

"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

I am not very good at copying things so maybe if you can tell me how to do this maybe I did something wrong.

Thank you so much,

KatW.
  • 0

#5
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi KatW, let me take a look at your HijackThis log.

Can you try unzipping that WinsockFix zip file at work and then burn the winsockfix.exe on a CD? Try that at home.

But give me a HijackThis log anyway. I want to see if anything else might be lurking in there. :tazz:
  • 0

#6
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

Well, I did get it to work after I clicked on the link you gave me in the email instead of the one on the site. I will send in the report tonight or tomorrow when I get home.

Now, I am not able to get online yet there might be some issues (they were having line problems and put me on a temperary line. Long story.) with my ISP so I am going to talk to him today. Would this affect my ISP login in anyway?

I appreciate you being so patient with me.

I can not thank you enough.

KatW.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
So it did work? If you run that on your home computer, you should be able to go online.

Now I'm thinking that it might not be a problem with your computer but your ISP since you said they were having some line problems.

It shouldn't affect your login. Once everything is back up, you should be able to login as usual.
  • 0

#8
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello again,

I called my ISP and he did changed my log on info so I will be able to get back on line as soon as he resends me the info.

I was getting an error message when I tried to get on a few days ago so I think it must of been when I accidently deleted the things that were in the Quaratined part of Ad-Ware because I think the ISP had me on a temporary account some how while he was getting the lines fixed.

Do you still want me to send you the log information?

Thanks,

KatW.
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, post the log here. I'll take a quick look.
  • 0

#10
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, Thanks.
  • 0

Advertisements


#11
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

Well, the weekend is over and I have just finished using all the things you told me to do and have also used HiJackthis and saved a copy of the log. Hope you can open the attachment.

Thanks again,

KatW.

Attached Files


  • 0

#12
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

I just wanted you to know what my ISP and I have been dealing with today just in case it might be related to my malware problem. It has to do with my email. I use Outlook Express and it was working fine (could be just an ISP problem) now I can not send out email. I can receive it but not send it. So when you are looking at my log maybe it will tell us if there is a problem there that would cause this problem.

Just thought you should know about this.

Thanks,

KatW
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, we definitely have something here.

Before I forget to ask again, did you read the read me topic yet? If not, see the first link below in my signature (at the very bottom) and follow the steps there. No need to run another HijackThis scan since you gave me one here already. But run Ad-aware and Spybot and the virus scans. Then do the below and give me a new HijackThis log:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [OyjuF] C:\VCSYOOX.EXE
O4 - HKLM\..\Run: [AutoLoadert2sN1ITTNNNI] "C:\WINDOWS\SYSTEM\VFWDLG32.EXE"
O4 - HKLM\..\Run: [t93j36O] VFWDLG32.EXE
O4 - HKCU\..\Run: [cystRWi7W] VDOOOL32.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weat...Transporter.cab?
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...lls/install.cab
O16 - DPF: {5CA42785-ABC3-11D2-9F81-00104B2225C5} (Immersion Web ActiveX Control) - http://www.immersion...gins/ImmWeb.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\SYSTEM\VDOOOL32.EXE
C:\VCSYOOX.EXE
C:\WINDOWS\SYSTEM\VFWDLG32.EXE
VFWDLG32.EXE


Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.
  • 0

#14
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks so much.

I have run Ad Ware, Spybot and my virus protection but I didn't do it the way you just told me so I will do that tonight or tomorrow.

I can not thank you enough for all your help.

KatW.
  • 0

#15
KatW

KatW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello,

Well, I did everything you said and I did read and do the read me topic. Some of the things you told me to check and fix in the log I sent you were not there but I checked and fixed the ones that were there.

Thanks,

KatW.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP