Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked




  • Retired Staff
  • 19,711 posts
  • MVP
Open Notepad and copy the text in the code box below into it. Now click Save As and name the file: "TFTP3184.bat".
Make sure the Save as Type is "All Files"

dir %Systemdrive%\TFTP3184.* /a h /s > files.txt
start notepad files.txt

Now double click on TFTP3184.bat and let the batch file run. Once it is complete NotePad will open. Copy the contents of that output into your next post.
  • 0





  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Volume in drive C is HPNOTEBOOK
Volume Serial Number is 709E-3C03

Directory of C:\Documents and Settings\All Users\Start Menu\Programs\Startup

08/11/2003 09:57 AM 0 TFTP3184
1 File(s) 0 bytes

Directory of C:\Documents and Settings\Owner\Desktop

10/27/2005 09:15 PM 85 TFTP3184.bat
1 File(s) 85 bytes

Directory of C:\Documents and Settings\Owner\My Documents

10/27/2005 09:07 PM 85 TFTP3184.bat
1 File(s) 85 bytes

Directory of C:\Documents and Settings\Owner\Recent

10/27/2005 08:58 PM 554 TFTP3184.txt.lnk
10/27/2005 01:35 PM 974 TFTP3184.zip.lnk
2 File(s) 1,528 bytes

Directory of C:\New Folder

10/27/2005 09:09 PM 85 TFTP3184.bat
1 File(s) 85 bytes
  • 0




  • Retired Staff
  • 19,711 posts
  • MVP
Click to download sm.reg
Double click it to let it extract itself. (open itself)
Then open the folder it creates and double click the sm.reg
If it promts you with anything like "Do you wish to merge..." or anything, choose YES.

Now, let's kill that file

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TFTP3184
  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Reboot the computer normally, then post another HijackThis log. Also let me know how the destop is working now, as well :tazz:
  • 0




  • Retired Staff
  • 19,711 posts
  • MVP
User does not want to continue to try and remove the last offending file, nor does he want help in restoring the desktop function. We have advised him in chat of the options, and he chooses to just have recommendations for future protection.

Here are some items that you will want to add to your to-do list:

These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future:
I would strongly recommend reviewing and installing the following applications if you dont currently have them running on your system:

Use Anti-Virus Software
It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online and stand-alone Anti-Virus programs:
Virus, Spyware, and Malware Protection and Removal Resources

Update your AntiVirus Software
It is imperitive that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls

Spyware/Adware Detection and Removal Programs:
Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE
How to use Ad-Aware SE to remove Spyware
[/list]Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D
How to use Spybot to remove Spyware
[/list]I strongly recommend using both of these programs to catch most spyware/adware

Prevention Programs:
  • SpywareBlaster -- SpywareBlaster will prevent spyware from being installed.
  • SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to which is your local computer.
  • Google Toolbar -- Get the free Google Toolbar to help stop pop up windows.
Other Necessary Programs:
  • A More Secure Browser
    Internet Explorer is not the most secure and best browser.
    There are safer and better alternatives available. I recommend using Firefox
Be sure to also keep up with Windows and IE updates.

Windows Security and Critical Updates

Internet Explorer Security and Critical Updates

And also see TonyKlein's good advice
So how did I get infected in the first place?

Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically.

  • 0




  • Retired Staff
  • 19,711 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP