Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

aurora popup, nail.exe [RESOLVED]


  • This topic is locked This topic is locked

#16
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Did you run the HijackThis fixes in my last post?
  • 0

Advertisements


#17
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Ignore my last question. Here's a new set of instructions:

First, if you haven’t already, please uninstall Shareaza.

Then, open HijackThis
  • At the first screen, click the Open the Misc Tools Section
  • Click on the Main button
  • Clear the box next to Run HijackThis at startup…
Exit out of HijackThis for now.

Reboot into safe mode.


Go to Start->Run and type in services.msc and hit OK. Then look for LogServerShell and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Repeat the same thing for TaskManagerShell

Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

Close all browsers, windows and unneeded programs.

Open HijackThis and do a scan and place checks marks next to the following items:

O8 - Extra context menu item: Download with &Shareaza - res://F:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - F:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: reset5 - F:\FCKYOU2\SYSTEM32\reset5.dll


Click Fix Checked

Using Windows Explorer, find and delete the following items:

F:\FCKYOU2\SYSTEM32\reset5.dll
F:\Program Files\Shareaza\ (<~~ entire folder)
F:\Program Files\CMAPP\ (<~~~ entire folder)


Now, let's remove some bad services:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in the box: LogServerShell
  • Click "ok", then reboot
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • click on "delete an NT service"
  • Copy and paste this in the box: TaskManagerShell
  • Click "ok", then reboot
Reboot into Normal Mode.

Post back here with both the Ewido scan log (the newest only) and a new HijackThis log.
  • 0

#18
shenzie2007

shenzie2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, I did everything you said to do. All seems to be clean, as far as I know, but I'll let you be the judge of that.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:51:49 PM, 8/31/2005
+ Report-Checksum: C3B2052

+ Scan result:

No infected objects found.


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 11:41:55 PM, on 8/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\FCKYOU2\System32\smss.exe
F:\FCKYOU2\system32\winlogon.exe
F:\FCKYOU2\system32\services.exe
F:\FCKYOU2\system32\lsass.exe
F:\FCKYOU2\system32\svchost.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\system32\spoolsv.exe
F:\FCKYOU2\system32\cisvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\FCKYOU2\System32\svchost.exe
F:\FCKYOU2\Explorer.EXE
F:\Program Files\ClamWin\bin\ClamTray.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\FCKYOU2\TPPALDR.EXE
F:\Program Files\Gaim\gaim.exe
F:\Documents and Settings\Shenzie\Desktop\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Babylon Client] F:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [ClamWin] "F:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [DXDllRegExe] F:\FCKYOU2\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKLM\..\Run: [TPP Auto Loader] F:\FCKYOU2\TPPALDR.EXE
O4 - HKCU\..\Run: [ClamWin] F:\Program Files\ClamWin\bin\ClamTray.exe --logon
O4 - HKCU\..\Run: [Gaim] F:\Program Files\Gaim\gaim.exe
O4 - Startup: IconPackager.lnk.disabled
O4 - Global Startup: Microtek Scanner Finder.lnk = F:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://f:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://f:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://f:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://f:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
  • 0

#19
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Last instruction:

Disable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading unselect Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Congrats, your Log is clean! :tazz:

An update that I recommend is: Windows XP Service Pack 2. Since you're junkware free, the time to get it is NOW. Service Pack 2 is a MAJOR upgrade for XP. It adds numerous security and software patches, as well as new features and functionality. You will also be adding another layer of protection against future threats.

In the future, here are some suggestions to keep your computer more secure.
Use a firewall - If you’re on a broadband connection, this shouldn’t even be an option. You can get a good, FREE firewall from ZoneLabs called ZoneAlarm here.

Make sure that you keep Windows up to date - Microsoft is constantly releasing updates to plug holes in their OS. It’s a good idea to take advantage of these as frequently as possible. As a matter of fact, if you’re lazy like me you can set Automatic Updates by right clicking on My Computer and selecting Properties . Then click the Automatic Updates tab, then click the Automatic radio button then click OK.

Make sure you have an up-to-date virus scanner – This is super important. Heck, it typically doesn’t even matter which one that you use… just pick one and keep it updated. A free virus scanner can be had from Grisoft, called AVG. Get it here.

You can also get a more secure browser – Not a necessity at all, but most exploits are manufactured to attack Internet Explorer. For the time being, browsers such as Opera and Firefox aren’t nearly as exploitable… yet.

Practice safe browsing – Just some run of the mill things to keep you safer. Don’t open email attachments even from people you know unless you know the attachment is coming. Try to stay to larger websites… it’s the smaller… less public ones that typically give you trouble (*this isn’t to say NEVER go there, just minimize it*). Also, try to stay legal: warez (stolen software) and file sharing apps (Kazaa, Torrents) tend to have grotesque amounts of spyware associated.

These are just some helpful tips. Enjoy malware-free computing!

Edited by Guse, 01 September 2005 - 06:17 AM.

  • 0

#20
shenzie2007

shenzie2007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you! Thank you so much for your help! :tazz:
  • 0

#21
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP