Jump to content

essexboy

Trusted Malware Techs
  • Content Count

    752
  • Joined

  • Last visited

Everything posted by essexboy

  1. Here we go famous last words " This looks relatively easy " Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmqu.exe] C:\WINDOWS\system32\kdmqu.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\muwatibi.dll wzhatx.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. AND FINALLY FOR NOW Disable resident protections (Antivirus...); you'll re-enable them after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt)
  2. essexboy

    "Bad Image" error message.(resolved)

    Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Do not show hidden files and folders. Click Yes to confirm. Click OK. Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. XPNow to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? Keep safe :wave:
  3. essexboy

    Problems with csrsc and VMwareservice

    The OTScanit will produce a text file. It could be quite large, so if you upload it to mediafire and post the sharing link I will download and then analyse it
  4. essexboy

    "Bad Image" error message.(resolved)

    Looks good - now the big question How is your computer running ?
  5. essexboy

    Problems with csrsc and VMwareservice

    According to that you are re-infected. I am running threat expert on my system at the moment to see if it is reporting right But for confirmation as something seems a bit hickey To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All Users Check the Radio button for Rootkit check YES Under Additional Scans check the following:File - Lop Check File - Purity Scan Evnt - EventViewer Errors/Warnings (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  6. essexboy

    Problems with csrsc and VMwareservice

    That is the legitimate file, notice the difference in spelling The main question is how is your computer running now ?
  7. essexboy

    "Bad Image" error message.(resolved)

    Still a few to remove though Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Unregister Dlls] [Registry - Safe List] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "NAV" -> %UserProfile%\Local Settings\Temp\IXP000.TMP\NAV09EN.exe ["C:\Documents and Settings\Student\Local Settings\Temp\IXP000.TMP\NAV09EN.exe" /RELAUNCH /RUNONCE /NOPROMPT] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks YN -> "{5600363C-B1A7-464C-9D48-B57A901A74FA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [] [Files/Folders - Created Within 30 Days] NY -> jzita.sys -> %SystemRoot%\System32\drivers\jzita.sys NY -> uelypeco.dll -> %SystemRoot%\System32\uelypeco.dll NY -> tumjcqfy.dll -> %SystemRoot%\System32\tumjcqfy.dll NY -> fzduom.dll -> %SystemRoot%\System32\fzduom.dll NY -> odevclnw.exe -> %SystemRoot%\System32\odevclnw.exe NY -> ycgytx.dll -> %SystemRoot%\System32\ycgytx.dll NY -> semfoybw.ini -> %SystemRoot%\System32\semfoybw.ini NY -> ilVycccf.ini2 -> %SystemRoot%\System32\ilVycccf.ini2 NY -> ilVycccf.ini -> %SystemRoot%\System32\ilVycccf.ini NY -> iadqziwq.job -> %SystemRoot%\tasks\iadqziwq.job NY -> -263714966 -> %SystemDrive%\-263714966 [Files/Folders - Modified Within 30 Days] NY -> iadqziwq.job -> %SystemRoot%\tasks\iadqziwq.job NY -> jzita.sys -> %SystemRoot%\System32\drivers\jzita.sys NY -> uelypeco.dll -> %SystemRoot%\System32\uelypeco.dll NY -> tumjcqfy.dll -> %SystemRoot%\System32\tumjcqfy.dll NY -> fzduom.dll -> %SystemRoot%\System32\fzduom.dll NY -> odevclnw.exe -> %SystemRoot%\System32\odevclnw.exe NY -> ycgytx.dll -> %SystemRoot%\System32\ycgytx.dll NY -> semfoybw.ini -> %SystemRoot%\System32\semfoybw.ini NY -> ilVycccf.ini -> %SystemRoot%\System32\ilVycccf.ini NY -> ilVycccf.ini2 -> %SystemRoot%\System32\ilVycccf.ini2 NY -> flvtoavi.ini -> %UserProfile%\Desktop\flvtoavi.ini NY -> -263714966 -> %SystemDrive%\-263714966 [File - Lop Check] NY -> iadqziwq.job -> C:\WINDOWS\Tasks\iadqziwq.job [Purity] [Empty Temp Folders] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. THEN Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  8. essexboy

    Problems with csrsc and VMwareservice

    Now lets clear the waifs and strays and see what remains Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  9. essexboy

    "Bad Image" error message.(resolved)

    OK lets have a go shall we Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - AppInit_DLLs: ogjhcm.dll ycgytx.dll djrzyk.dll hrobui.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Files C:\Windows\system32\ogjhcm.dll C:\Windows\system32\ycgtx.dll C:\Windows\system32\djrzyk.dll C:\Windows\system32\hrobui.dll :Commands [purity] [emptytemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. FINALLY FOR NOW To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All Users Check the Radio button for Rootkit check YES Under Additional Scans check the following:File - Lop Check File - Purity Scan Evnt - EventViewer Errors/Warnings (last 10) Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  10. essexboy

    Problems with csrsc and VMwareservice

    Lets move swiftly on then to clear a few more 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: KillAll:: Driver:: RkHit VMwareService srwsvc File:: c:\windows\system32\mlJYrSjK.dll c:\windows\system32\drivers\RKHit.sys c:\windows\system\VMwareService.exe c:\windows\system32\drivers\srwsvc.sys 3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES 4. Save the above as CFScript.txt 5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.
  11. essexboy

    Problems with csrsc and VMwareservice

    Hi kristen lets get the big boy on it first and see what that reveals Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  12. essexboy

    Recurring Trojan and Rootkit warnings

    Comes up clean this time Glad to be off assistance
  13. essexboy

    Recurring Trojan and Rootkit warnings

    Yes there is a Java script trojan somewhere on that page and Avast does not like it. I received three warnings. Unfortunately I do not know enough about web crafting to assist But your system is OK ?
  14. essexboy

    Help me get rid of this malware

    Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Do not show hidden files and folders. Click Yes to confirm. Click OK. Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. XPNow to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? Keep safe :wave:
  15. essexboy

    Help me get rid of this malware

    This looks to be the last.. How is your computer now Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Kill Explorer] [Unregister Dlls] [Win32 Services - Non-Microsoft Only] YY -> (WinSpoolSvc) Windows Spool Services [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\csrsc.exe [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\windows\system32\csrsc.exe -> %SystemRoot%\system32\csrsc.exe [C:\windows\system32\csrsc.exe:*:Enabled:Microsoft Enabled] [Files/Folders - Created Within 90 days] NY -> adv -> %SystemRoot%\System32\adv NY -> cool-toolbar-1.exe -> %SystemRoot%\System32\cool-toolbar-1.exe NY -> curiki.dll -> %SystemRoot%\System32\curiki.dll [Files/Folders - Modified Within 90 days] NY -> curiki.dll -> %SystemRoot%\System32\curiki.dll NY -> i4jdel0.exe -> C:\Documents and Settings\Paul\Local Settings\Temp\i4jdel0.exe [Empty Temp Folders] [Start Explorer] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  16. essexboy

    Help me get rid of this malware

    Lets now do a deep search for hidden meanies To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio button for Rootkit check YES Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following:File - Lop Check Reg - BotCheck File - Additional Folder Scans File - Purity Scan Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  17. essexboy

    Help me get rid of this malware

    Hi there try this for starters Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  18. essexboy

    Redirected Google selection

    If that scan was from your home and you can get windows updates then you should be good to go
  19. essexboy

    Recurring Trojan and Rootkit warnings

    OK then subject to no further problems Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep We will now confirm that your hidden files are set to that, as some of the tools I use will change that Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Do not show hidden files and folders. Click Yes to confirm. Click OK. Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. XPNow to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method: Select Start > All Programs > Accessories > System tools > System Restore. On the dialogue box that appears select Create a Restore Point Click NEXT Enter a name e.g. Clean Click CREATE You now have a clean restore point, to get rid of the bad ones: Select Start > All Programs > Accessories > System tools > Disk Cleanup. In the Drop down box that appears select your main drive e.g. C Click OK The System will do some calculation and the display a dialogue box with TABS Select the More Options Tab. At the bottom will be a system restore box with a CLEANUP button click this Accept the Warning and select OK again, the program will close and you are done Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: SpywareBlaster to help prevent spyware from installing in the first place. SuperAntispyware Run weekly to keep your system clean It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Secunia Software inspector To check your programme update status Microsoft Windows Update To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? Keep safe :wave:
  20. essexboy

    Recurring Trojan and Rootkit warnings

    Ah OK I see why it is not going the naming on your temp files has been amended to C:\Documents and Settings\G--- W---\ I should have noticed that earlier OK I will now try it again. How is your computer now ? Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Files %SystemRoot%\System32\TDSSitpe.dat %SystemRoot%\System32\texnjkxy.ini C:\WINDOWS\Temp\TMP1E.exe C:\WINDOWS\Temp\TMP2A8.exe C:\WINDOWS\Temp\TMP2AC.exe C:\WINDOWS\Temp\TMP2AD.exe C:\WINDOWS\Temp\TMP2AE.exe C:\WINDOWS\Temp\TMPF.exe C:\DOCUME~1\GINAWO~1\LOCALS~1\Temp\SIntf16.dll C:\DOCUME~1\GINAWO~1\LOCALS~1\Temp\SIntf32.dll C:\DOCUME~1\GINAWO~1\LOCALS~1\Temp\SIntfNT.dll :Commands [purity] [emptytemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  21. essexboy

    Recurring Trojan and Rootkit warnings

    Yep Avast does get a bit touchy about OTScanit, purely because of what it does OK some did not want to go first time around so lets hit them with a harder tool and this should finish it off Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below starting with :Processes to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  22. essexboy

    Redirected Google selection

    A quicker solution as it is your router that is infected Disconnect your system from the internet, and your router, then… Double Click mbam-setup.exe to install the application. Launch Malwarebytes' Anti-Malware, then click Finish. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. =============================================== Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using. Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs. =============================================== Please post the Malwarebytes log and let me know how things are running now :thumbsup:
  23. essexboy

    Recurring Trojan and Rootkit warnings

    No problems there, my wife is impatient as well OK the removal of the job should have slowed it down some, so now lets remove the residue. Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. [Unregister Dlls] [Files/Folders - Created Within 90 days] NY -> TDSSitpe.dat -> %SystemRoot%\System32\TDSSitpe.dat NY -> texnjkxy.ini -> %SystemRoot%\System32\texnjkxy.ini [Files/Folders - Modified Within 90 days] NY -> TDSSitpe.dat -> %SystemRoot%\System32\TDSSitpe.dat NY -> texnjkxy.ini -> %SystemRoot%\System32\texnjkxy.ini NY -> SIntf16.dll -> C:\Documents and Settings\G--- W---\Local Settings\Temp\SIntf16.dll NY -> SIntf32.dll -> C:\Documents and Settings\G--- W---\Local Settings\Temp\SIntf32.dll NY -> SIntfNT.dll -> C:\Documents and Settings\G--- W---\Local Settings\Temp\SIntfNT.dll NY -> TMP1E.exe -> C:\WINDOWS\Temp\TMP1E.exe NY -> TMP2A8.exe -> C:\WINDOWS\Temp\TMP2A8.exe NY -> TMP2AC.exe -> C:\WINDOWS\Temp\TMP2AC.exe NY -> TMP2AD.exe -> C:\WINDOWS\Temp\TMP2AD.exe NY -> TMP2AE.exe -> C:\WINDOWS\Temp\TMP2AE.exe NY -> TMPF.exe -> C:\WINDOWS\Temp\TMPF.exe [Empty Temp Folders] The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. NOW TO CLEAR THE ORPHANS Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Logs required : OTScanit report, MBAM log and a new Hijackthis. Plus any more alerts ?
  24. essexboy

    Recurring Trojan and Rootkit warnings

    The trigger file does not appear to have been removed. So I will kill that and do a deeper investigation Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - AppInit_DLLs: miturx.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Files C:\WINDOWS\tasks\vnblmgtx.job :Commands [purity] [emptytemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. FINALLY FOR NOW To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link. Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop. Close ALL OTHER PROGRAMS. Open the OTScanit folder and double-click on OTScanit.exe to start the program. Check the box that says Scan All User Accounts Check the Radio button for Rootkit check YES Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days Under Additional Scans check the following:File - Lop Check Reg - BotCheck File - Additional Folder Scans Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  25. essexboy

    URGENT!PLEASE HELP ME!(resolved)

    They were only important to the infection not windows
×