Jump to content

thatman

Trusted Malware Techs
  • Content Count

    128
  • Joined

  • Last visited

Posts posted by thatman


  1. Hi tashkent

     

    You have the latest version of VX2. Download L2mfix from one of these two locations:

     

    http://www.atribune.org/downloads/l2mfix.exe

    http://www.downloads.subratam.org/l2mfix.exe

     

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

     

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

     

    Kc ;)


  2. Hi r7yea

     

    Congratulations! Your system is CLEAN

     

    Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.

    Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html

    Spybot Tutorial

    Disable Spybot Tutorial

     

    Winpatrol Free

     

    Ad-Aware SE Personal Edition Free

    AdAware Tutorial

     

    Turn of system restore

    Disabling or enabling Windows XP System Restore

    WIndows ME

    Defrag your hard drive. Turn system restore back on and create a new restore point.

     

    Tony Klien: So how did I get infected in the first place

     

    How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here

     

    It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

    Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

    Restrict the actions of potentially dangerous sites in Internet Explorer.

    Consumes no system resources.

     

    Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

     

    It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

     

    These next two steps are optional, but will provide the greatest protection.

    1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.

    http://www.mozilla.org/products/firefox/

     

    2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

    You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.

    http://www.java.com/en/download/manual.jsp Windows (Offline Installation)

     

    After doing all these, your system will be thoroughly protected from future threats.

     

    Have a nice Day.

     

    Kc :tup:


  3. Hi r7yea

     

    You have the latest version of VX2. Download L2mfix from one of these two locations:

     

    http://www.atribune.org/downloads/l2mfix.exe

    http://www.downloads.subratam.org/l2mfix.exe

     

    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

     

    IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

     

    Now run option 2

    Close any programs you have open since this step requires a reboot.

     

    From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log, and we'll clean up what's left. :)

     

    IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

     

    Kc

    ;)


  4. Hi r7yea

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Please download and install AD-Aware se.

    Click Here on how setup and use it - please make sure you update it first. Don't run yet.

     

    Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

     

    Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/

    This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

    Ewido will auto-udate. Don't run yet

     

    Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Run Ewido full scan. Save the scan.log.

     

    Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm

    O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm

    O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\suxcoins.dll

    Click on Fix Checked when finished and exit HijackThis.

     

    Run Ad-aware se let it remove all it finds

     

    Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

     

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)

    c:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm

    C:\Program Files\1-Click Answers\Html\atiemenu.htm

    C:\WINDOWS\system32\suxcoins.dll

     

    Let the system reboot as normal.

     

    Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

    It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

    Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button

    When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the log From Panda virus scan. We will need them to remove previous infections that have left files on your system.

     

    Run HijackThis and post the new log.

     

    Kc

    ;)


  5. Hi UndertakerPOH

     

    Congratulations! Your system is CLEAN

     

    Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.

    Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html

    Spybot Tutorial

    Disable Spybot Tutorial

     

    Winpatrol Free

     

    Ad-Aware SE Personal Edition Free

    AdAware Tutorial

     

    Turn of system restore

    Disabling or enabling Windows XP System Restore

    WIndows ME

    Defrag your hard drive. Turn system restore back on and create a new restore point.

     

    Tony Klien: So how did I get infected in the first place

     

    How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here

     

    It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

    Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

    Restrict the actions of potentially dangerous sites in Internet Explorer.

    Consumes no system resources.

     

    Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

     

    It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

     

    These next two steps are optional, but will provide the greatest protection.

    1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.

    http://www.mozilla.org/products/firefox/

     

    2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

    You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.

    http://www.java.com/en/download/manual.jsp Windows (Offline Installation)

     

    After doing all these, your system will be thoroughly protected from future threats.

     

    Have a nice Day.

     

    Kc :tup:


  6. Hi dublon

     

    Congratulations! Your system is CLEAN

     

    Microsoft® Windows AntiSpyware (Beta) 2000 and XP ONLY.

    Please download SpyBot V1.4 http://www.majorgeeks.com/download2471.html

    Spybot Tutorial

    Disable Spybot Tutorial

     

    Winpatrol Free

     

    Ad-Aware SE Personal Edition Free

    AdAware Tutorial

     

    Turn of system restore

    Disabling or enabling Windows XP System Restore

    WIndows ME

    Defrag your hard drive. Turn system restore back on and create a new restore point.

     

    Tony Klien: So how did I get infected in the first place

     

    How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use). Click Here

     

    It Prevent's the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

    Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

    Restrict the actions of potentially dangerous sites in Internet Explorer.

    Consumes no system resources.

     

    Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

     

    It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

     

    These next two steps are optional, but will provide the greatest protection.

    1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox.

    http://www.mozilla.org/products/firefox/

     

    2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

    You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.

    http://www.java.com/en/download/manual.jsp Windows (Offline Installation)

     

    After doing all these, your system will be thoroughly protected from future threats.

     

    Have a nice Day.

     

    Kc :beer:


  7. Hi dublon

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Please download and install AD-Aware se.

    Click Here on how setup and use it - please make sure you update it first. Don't run yet.

     

    Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

     

    Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/

    This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

    Ewido will auto-udate. Don't run yet

     

    Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Run Ewido full scan. Save the scan.log.

     

    Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: MSEvents Object - {7697DB96-5DA3-44F2-BC97-AD35E5F4CEDC} - C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll

    O20 - Winlogon Notify: acdisk - C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll

    Click on Fix Checked when finished and exit HijackThis.

     

    Run Ad-aware se let it remove all it finds

     

    Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

     

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)

    C:\WINDOWS\assembly\GAC\System.Management\acdisk.dll

     

    Let the system reboot as normal.

     

    Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

    It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

    Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button

    When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system.

     

    Kc :tup:


  8. Hi AmoLaZucca

     

    Sorry for my late reply had some problems with my new computer.

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Download Pocket Killbox and unzip it; save it to your Desktop.

     

    Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following (Code in the box) into Notepad:

    [-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\APRPS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\VIDCTRL]
    [-HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}]
    
    Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

    Doubleclick the file and confirm you want to merge it with the registry.

     

    Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)

    O4 - HKLM\..\Run: [exp] C:\WINDOWS\SYSTEM\exp

    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\ujrlhm.exe reg_run

    O4 - HKCU\..\Run: [surfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe

    O4 - Startup: cknu.exe

    Click on Fix Checked when finished and exit HijackThis.

     

    Using Windows Explorer, locate the following files/folders, and delete them:

    C:\PROGRAM FILES\SURFSIDEKICK 3<--Delete the whole folder

    cknu.exe<--Delete this file

    Exit Explorer.

     

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

    C:\WINDOWS\UJRLHM.EXE

    C:\WINDOWS\SYSTEM\exp

    C:\WINDOWS\SYSTEM\LBWND80N.DLL

    C:\WINDOWS\SYSTEM\SWCOMM36.DLL

    C:\WINDOWS\CPRYNUC.DLL

    C:\WINDOWS\SYSTEM\Searchx.htm

    C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll

    C:\WINDOWS\APPLICATION DATA\Sskknwrd.dll

    C:\WINDOWS\Start Menu\Programs\StartUp\cknu.exe

    C:\WINDOWS\TEMP\pav8148.TMP

    C:\WINDOWS\TEMP\pav81A7.TMP

    C:\WINDOWS\TEMP\pav81B7.TMP

    C:\WINDOWS\TEMP\pav8294.TMP

    C:\WINDOWS\Downloaded Program Files\clientax.dll

    C:\WINDOWS\Downloaded Program Files\jao.dll

    C:\WINDOWS\SYSTEM\MXXML.DLL

    C:\WINDOWS\SYSTEM\OKBC32GT.DLL

    C:\WINDOWS\SYSTEM\OGE2CONV.DLL

    C:\WINDOWS\SYSTEM\MWASN1.DLL

    C:\WINDOWS\SYSTEM\GEI32.DLL

    C:\WINDOWS\SYSTEM\RBCLTC1.DLL

    C:\WINDOWS\SYSTEM\luXbm12n.dll

    C:\WINDOWS\SYSTEM\IEDll300.dll

    C:\WINDOWS\SYSTEM\uninstal.exe

    C:\WINDOWS\SYSTEM\pinstaller.exe

    C:\WINDOWS\SYSTEM\MXRD2X40.DLL

    C:\WINDOWS\SYSTEM\LBWND80N.DLL

    C:\WINDOWS\SYSTEM\MGVIDC32.DLL

    C:\WINDOWS\SYSTEM\SWCOMM36.DLL

    C:\WINDOWS\SYSTEM\Stace.dll

    C:\WINDOWS\SYSTEM\SDNCUI.DLL

    C:\WINDOWS\yapgw.dat

    C:\WINDOWS\cprynuc.dll

    C:\WINDOWS\ujrlhm.exe

    C:\WINDOWS\qnbxdoq.exe

    C:\WINDOWS\vwugi.dll

    C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll

    C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll

    C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll

    C:\SSK39.exe

     

    Let the system reboot.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

     

    Kc

    :tup:


  9. Hi tonka

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

    O4 - Global Startup: run_startmenu.cmd

    Click on Fix Checked when finished and exit HijackThis.

     

    [*]Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Using Windows Explorer, locate the following files/folders, and delete them:

    O4 - Global Startup: run_startmenu.cmd

    Exit Explorer.Reboot as normal.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

     

    Kc ;)


  10. Hi AmoLaZucca

     

    Hey don't give up on me now.

     

    File's in system restore we will sort them after

     

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)

    C:\WINDOWS\Downloaded Program Files\clientax.dll

    C:\WINDOWS\Downloaded Program Files\jao.dll

    C:\WINDOWS\SYSTEM\MGVIDC32.DLL

    C:\WINDOWS\Temporary Internet Files\Content.IE5\09EBGTUV\webservice[3].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\Z0YUUJFQ\webservice[3].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\webservice[5].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\A186JL8W\cassetup[1].exe

    C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[3].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\O78RATCV\webservice[5].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\RMKJVPCT\webservice[1].htm

    C:\WINDOWS\Temporary Internet Files\Content.IE5\KX0ZGZSN\webservice[1].htm

    C:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe

    C:\unzipped\hijackthis\backups\backup-20050714-103657-833.dll

    C:\unzipped\hijackthis\backups\backup-20050713-122525-493.dll

    C:\unzipped\hijackthis\backups\backup-20050713-122525-447.dll

    C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe

    C:\SSK39.exe

    C:\WINDOWS\DOWNLOADED PROGRAM FILES\clientax.dll

    C:\WINDOWS\TEMPORARY INTERNET FILES\Ssk.log

     

    Let the system reboot as normal.

     

    Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

    It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

    Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin XP ONLY. When the scan has finnished click the close button

    When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system.

     

    Kc :tup:


  11. Hi MrHappyGoLucky12

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Please download and install AD-Aware se.

    Click Here on how setup and use it - please make sure you update it first. Don't run yet.

     

    Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

     

    Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/

    This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.

    Ewido will auto-udate. Don't run yet

     

    Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Run Ewido full scan. Save the scan.log.

     

    Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an check in the boxes, only next to these following items:

    O16 - DPF: {38911EED-5726-41B4-9612-265534EC7A13} (Address Magic Web Edition Download Stub) - http://www.returnpath.net/registration/WebEdition.cab

    O16 - DPF: {86ED3659-02F6-465D-8F19-A9334614CCC3} (TCBrowseForFolder Class) - http://www.passalong.com/Music/activex/TPActiveX.cab

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

    Click on Fix Checked when finished and exit HijackThis.

     

    Run Ad-aware se let it remove all it finds

     

    Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

     

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer (Yes.)

    C:\WINDOWS\SYSTEM32\wnscpcc.exe

     

    Let the system reboot as normal.

     

    Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.stevengould.org/cleanup/CleanUp40.exe

    It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingcomputer.com/forums/tutorial93.html

    Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button

    When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda, Ewido and HJT.log. We will need them to remove previous infections that have left files on your system.

     

    Kc :tup:


  12. Hi MrHappyGoLucky12

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Reboot into Safe Mode: please see here if you are not sure how to do this.

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

    O2 - BHO: (no name) - {90749428-029C-2C13-CBF9-5550D68876B1} - C:\WINDOWS\system32\unvujpke.dll

    O4 - HKCU\..\Run: [iinl] C:\Program Files\sami\emia.exe

    O4 - HKCU\..\Run: [Euth] C:\WINDOWS\system32\?vchost.exe

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WinFixer...nnerInstall.cab

    Click on Fix Checked when finished and exit HijackThis.

     

    Using Windows Explorer, locate the following files/folders, and delete them:

    C:\Program Files\sami<--Delete the whole folder

    C:\WINDOWS\system32\?vchost.exe<--Delete this filemaking sure you do not delete the real svchost.exe

    Exit Explorer.

     

    If you were unable to find any of the files then please follow these additional instructions:

    Download Pocket Killbox and unzip it; save it to your Desktop.

    Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

    C:\WINDOWS\system32\unvujpke.dll

     

    Let the system reboot as normal.

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

     

    Kc ;)


  13. Hi UndertakerPOH

     

    Please read through the instructions before you start (you may want to print this out).

     

    Please set your system to show all files; please see here if you're unsure how to do this.

     

    Important Step

    Go to Start->Run and type "Services.msc" (without quotes) then hit Ok

    Scroll down and find the service called:

    Symantec Network Drivers Service (SNDSrvc)

    When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

     

     

    Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

    Click on Fix Checked when finished and exit HijackThis.

     

     

    Please run the following free, online virus scans.

    http://www.pandasoftware.com/activescan/co...n_principal.htm

    Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

     

    Kc ;)

×
×
  • Create New...