Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer 2005 popup [RESOLVED]


  • This topic is locked This topic is locked

#1
kbnorhelp

kbnorhelp

    Member

  • Member
  • PipPip
  • 13 posts
please help me remove this problem. i have followed all the instructions for new members. here is my Ewido and Hijackthis log.

HJT LOG DELETED BY kbnorhelp :tazz:

Edited by kbnorhelp, 03 September 2005 - 09:46 PM.

  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi kbnorhelp and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.
  • Click on My Controls at the top right hand corner of the window.
  • In the left hand column, click "View Topics"
  • If you click on the title of your post, you will be taken there
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thank you


HJT LOG DELETED BY kbnorhelp :tazz: exe

Edited by kbnorhelp, 03 September 2005 - 09:46 PM.

  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • Please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\system32\ssttr.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:


    O2 - BHO: MSEvents Object - 827DC836-DD9F-4A68-A602-5812EB50A834}-C :\WINDOWS\system32\ssttr.dll
    O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll


  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please post a new HijackThis log as well as the vundofix.txt file from the vundofix folder into this topic.
Regards,

Trevuren

  • 0

#5
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
not sure what happened...i clicked on killvundo.bat...it started to run, i pressed any key to continue, it would not allow me to type your instructions...then a fatal error accured, followed by the blue screen of death, i manually rebooted. i did not delete anything from the new hijack list, here it is along with vundofix log.

HJT LOG DELETED BY kbnorhelp :tazz:

Edited by kbnorhelp, 03 September 2005 - 09:47 PM.

  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Killbox here: http://www.downloads...org/KillBox.exe and put it on your desktop

Open Killbox

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file


Copy & paste the full path of the file below into the Killbox topmost box.

C:\WINDOWS\system32\ssttr.dll

With the full path to the file name in the topmost textbox, Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

It may not delete.

Use killbox to delete the file you were not able to delete as follows:

Open Killbox

Check the following boxes:

Delete on Reboot

With the full path to the file name in the topmost textbox. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click YES

Note: Killbox will let you know if the file does not exist.

After the reboot scan with hijackthis and fix the following if it is still listed

O2 - BHO: MSEvents Object - 827DC836-DD9F-4A68-A602-5812EB50A834}-C :\WINDOWS\system32\ssttr.dll
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll


Reboot and Post a new hijackthis log

Regards,

Trevuren

  • 0

#7
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
dup post deleted

Edited by kbnorhelp, 03 September 2005 - 12:37 AM.

  • 0

#8
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
..."Note: Killbox will let you know if the file does not exist." yes it did, it said - pending file renameoperations registry data has been removed by external process - i then clicked ok - reboot did not occure - i then did a manual reboot, upon reboot a shedder error came up along with an Ewido message which said the following;
infected object found
file: ssttr.dll
path: c:\windows\system32
infection:spyware.virtumonde

i cleaned it.
same message occures with it boot IE as well.

ran HJT - check the two object you specified

you guessed it they are still there.

this is crazy EMO

HERE IS THE LOG

HJT LOG DELETED BY kbnorhelp :tazz:

Edited by kbnorhelp, 03 September 2005 - 09:48 PM.

  • 0

#9
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Let's give this another go but with a twist. This has been working is some cases.

  • Please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • Please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\system32\ssttr.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    O2 - BHO: MSEvents Object - 827DC836-DD9F-4A68-A602-5812EB50A834}-C :\WINDOWS\system32\ssttr.dll
    O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll


  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots, immediately run a Panda Online Scan and let it remove anythings it wants. Panda Online Scanner
  • After Panda has finished, run HJT and post a fresh log.

Regards,

Trevuren

  • 0

#10
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
as i said earlier, when i doubleclick on killvundo - i fail to see where to type the path. it says press any key to continue
  • 0

Advertisements


#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please Zip your copy of the VUNDOFix and add it as an attachment to a post so I can check to make sure that it isn't a dammaged copy.

Thanks kbknorhelp,


Trevuren
  • 0

#12
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
:) I was trying to use a copy i downloaded from another members post, before you started helping me. I downloaded the copy in your post to me and it worked. However, after i pressed enter, F6, enter , my nortons wouldn't allow HJT this to load, i clicked on allow once and it ran HJT. Also, in the log O2-BHO: MS etc ...was not there...i did fix O20-Winlogon etc ...which did have (file missing) on the end. After reboot i ran nortons, every thing seems to be working, here is my last log. Thank you very much you are freaking awesome! :tazz:

HJT LOG DELETED BY kbnorhelp :)

Edited by kbnorhelp, 03 September 2005 - 09:49 PM.

  • 0

#13
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
for good measure i ran Ewido here is the log and a new HJT log ...system is running fine now.

HJT LOG DELETED BY kbnorhelp :tazz:

Edited by kbnorhelp, 03 September 2005 - 09:49 PM.

  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Using Windows Explorer, navigate to the C:\Windows\System32 Folder.

2. Locate, and DELETE All files named rttss. They will have various extensions, such as:
  • ini
  • ini1
  • ini2
  • bak1
  • bak2
  • and so on.
3. REBOOT your system

4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#15
kbnorhelp

kbnorhelp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
none found
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP