Jump to content

rstones12

Trusted Malware Techs
  • Content Count

    54
  • Joined

  • Last visited

Everything posted by rstones12

  1. rstones12

    HJT Certified

    If you are speaking of taking a HJT and infection test I would "GLADLY" send you one... Flying colors Let me know when you are ready..
  2. rstones12

    HJT Certified

    There are several forums out there that do this, I would be more that happy to give you a list if you want one.
  3. rstones12

    HJT Certified

    You give someone a CD and a screwdriver and they think they are a PC Tech. Those types of people are the dangerous ones, it doesn't matter what forum they post in. There is a dynamic mix of skills sets on this forum and thats what makes it a great place. Whether or not each person has the same ability is not the question at hand. Sure there are probably some that could or would make a good Trusted Helper in the HJT forum, but the protocol for this is getting some training with HJT and the other tools associated with it. I didn't make the rules I am just following them, I wouldn't post in the Linux forum because I have never said or claimed to be someone that could help in that capacity. I have a college degree and several IT Certs, that doesn't mean I am an expert or claim to know everything about systems, networking, OS's etc... When I need help I ask, thats what makes all of these communities great. If you are serious about it spend the time to get some additional education, its free... If you think its a waste of your time then dont do it, but quit :filtered:ing about something you have the ability to change yourself. If you have questions ask, thats why people come and participate on these online forums. rstones12
  4. rstones12

    HJT Certified

    I will get here as often as I can.. BTW.. 40 posts now...
  5. rstones12

    HJT Certified

    Its all about sharing knowledge between everybody, it doesn't matter where you post most often or how long you have been on a forum. People come to this forum for help, as they do many other forums if I didn't feel the need to help out and give back what I have learned from many others I would find something else to do. rstones12
  6. rstones12

    HJT Certified

    Bruce, I think you are missing the point here. Since PCPitstop doesn't have a "classroom" to teach HJT there are other forums that do offer this type of training. If you want a Big Mac you don't go to BurgerKing you go to McDonalds, although that might be a stretch on the analogy and point I am trying to make.. HJT is a just a tool that is used in getting a handle or overview on what might be on that particular users system. There is so much more to this than just having informal question and answer sessions in threads. As is was stated in an earlier post, there are specific infections, tools, reg fixes etc.. that need to be studied and learned. Not everybody can do self study, that is why these classrooms have been set up. But I bet you utilized other resources to gain the knowledge and experience. Are you familiar with distant learning or online classes... I have no issue with sharing my knowledge, do you have a specific question. It seems that you are very passionate about this forum, and that is great. But there is nothing wrong with going somewhere else for a short while and then coming back and sharing that knowledge... Just some thoughts...
  7. rstones12

    HJT Certified

    Since there is no formal classroom here you have to find alternative sources to gather information and learn. You wouldn't go to a Linux forum to learn about Windows now would you?? This would require you to broaden your scope and go outside the box to get the information and training that you may or may not need. No worries, it was only a gesture of good will inviting you.
  8. rstones12

    Looking for rules violations.

    You are correct, this thread is about the "closing of threads" so I will leave you with this personal invitation. I invite you to join the GeekU classroom at: http://www.geekstogo.com/forum/Would_you_l...ware-t4817.html It will be my personal goal to see you through your training.. And best of all its free...
  9. rstones12

    Looking for rules violations.

    Did I ever say who could post here no, only that if they had completed training they could post to HJT logs. I only have 34 posts, you gotta start somewhere.. Maybe this would be a helpful read. http://forums.pcpitstop.com/index.php?showtopic=70507
  10. rstones12

    Looking for rules violations.

    They may be or may not be here, but if they would have completed training then yes they would be able to post to HJT logs in that forum...
  11. Ash74, I would recommend that you post a HijackThis log in the following forum below. You may have more going on that just that file. http://forums.pcpitstop.com/index.php?showforum=25 Please start here before posting your log. http://forums.pcpitstop.com/index.php?showtopic=36065 rstones12
  12. What does your system have for RAM and what Anti-Virus are you running??
  13. Well how about some good stuff about SpySweeper. I really have not noticed any real significant slow downs or any issues. The scans take a bit longer to run, other than that.....
  14. I just updated it to the newer 5.0 version. I did shut SpySweeper down and then run the install program and it worked like a charm...
  15. rstones12

    win fixerproblem

    frankb325, Please take some time and read through the following information.. Here are some items that you will want to add to your to-do list: These are some tips to reduce the potential for Spyware/Adware/Virus infection in the future: I would strongly recommend reviewing and installing the following applications if you don't currently have them running on your system: Use Anti-Virus Software It is very important that your computer has Anti-Virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online and stand-alone Anti-Virus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software It is imperative that you update your Anti-Virus software at least once a week (Even more if you wish). If you do not update your Anti-Virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewall's and a listing of some available ones see the link below: Understanding and Using Firewall's Spyware/Adware Detection and Removal Programs: Understanding Spyware, Browser Hijackers, and DialersAd-Aware SEIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Ad-Aware SE How to use Ad-Aware SE to remove Spyware Spybot S&DIf you suspect that you have spyware installed on your computer, here are instructions on how to setup and use Spybot S&D How to use Spybot to remove Spyware I strongly recommend using both of these programs to catch most spyware/adware Prevention Programs: SpywareBlaster -- SpywareBlaster will prevent spyware from being installed. SpywareGuard -- SpywareGuard offers realtime protection from spyware installation attempts. IE/Spyad -- IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts File -- The MVPS Hosts File replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Google Toolbar -- Get the free Google Toolbar to help stop pop up windows. Other Necessary Programs: A More Secure BrowserInternet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend using Firefox Be sure to also keep up with Windows and IE updates. Windows Security and Critical Updates http://update.microsoft.com/windowsupdate/v6/default.aspx Internet Explorer Security and Critical Updates http://www.microsoft.com/windows/ie/default.asp And also see TonyKlein's good advice So how did I get infected in the first place? Update all these Programs Regularly:Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Thanks, rstones12
  16. rstones12

    win fixerproblem

    frankb325, OK, that is looking much better... How is your system running? Thanks, rstones12
  17. rstones12

    win fixerproblem

    frankb325, OK, just a few things left... Please read "ALL" of the instructions before proceeding: You will need to print out these instructions for a reference or you can save them by copying and pasting them into notepad and saving the text file to the desktop. This process will take a few steps, please take your time and follow the directions in the order posted. If you don't understand something please ask before performing any task.. Please download ewido security suite it is a free version of the program. Install ewido security suite When installing, under "Additional Options" uncheck..Install background guard Install scan via context menu Launch ewido, there should be an icon on your desktop, double-click it. The program will now open to the main screen. You will need to update ewido to the latest definition files.On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display "Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates Now Close ewido security suite: Do Not perform a scan just yet. Please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Now open the Ewido Security Suite. *Important*: When you run the Ewido scan do not open any other programs or windows this will cause a conflict with the cleaning process. The scan will take a bit, so just let it run to completion. Once you have started ewido: Click on scanner Click on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. Reboot your system back into Normal Mode and post the contents of the ewido scan and an new HijackThis Log by using Add Reply. Thanks, rstones12
  18. rstones12

    win fixerproblem

    frankb325, OK, one thing first: Please open HijackThis and perform a scan and post a new log here. That log is from SafeMode, then we can have a look. Thanks, rstones12
  19. rstones12

    win fixerproblem

    frankb325, OK, for the first part of the fix, the line that you entered was. The line that needs to be entered is: C:\WINDOWS\system32\ssqpo.dll You just transposed the p and the q... No worries we can do the fix again. Please read "ALL" of the instructions before proceeding: You will need to print out these instructions for a reference or you can save them by copying and pasting them into notepad and saving the text file to the desktop. Please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning.It should look like this At this point press enter one time. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\ssqpo.dll Press Enter to continue with the fix. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\opqss.* Press Enter to continue with the fix. The fix will run then HijackThis will open, if it does not open automatically please open it manually. In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ssqpo.dll O20 - Winlogon Notify: ssqpo - C:\WINDOWS\system32\ssqpo.dll After you have fixed these items, close Hijackthis. Press enter to exit the program then manually reboot your computer. Once your machine reboots please continue with the instructions below. Enable show hidden files and folders: * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View Tab. * Under the Hidden files and folders heading select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Now using MyComputer find and remove the following: C:\WINDOWS\system32\gebyy.dll <-- File Close MyComputer Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OKPress the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. Close CleanUp. Now reboot your system and post a new HijackThis log as well as the vundofix.txt file from the vundofix folder by using New Reply. Thanks, rstones12
  20. rstones12

    win fixerproblem

    Welcome to the PC Pitstop Forums, I will be reviewing your HJT log. Please read "ALL" of the instructions before proceeding: You will need to print out these instructions for a reference or you can save them by copying and pasting them into notepad and saving the text file to the desktop. This process will take a few steps, please take your time and follow the directions in the order posted. If you don't understand something please ask before performing any task.. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to extract the files This will create a VundoFix folder on your desktop. After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat You will first be presented with a warning.It should look like this At this point press enter one time. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\ssqpo.dll Press Enter to continue with the fix. Next you will see: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\opqss.* Press Enter to continue with the fix. The fix will run then HijackThis will open, if it does not open automatically please open it manually. In HiJackThis, please place a check next to the following items and click FIX CHECKED:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\ssqpo.dll O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O20 - Winlogon Notify: ssqpo - C:\WINDOWS\system32\ssqpo.dll After you have fixed these items, close Hijackthis. Press enter to exit the program then manually reboot your computer. Once your machine reboots please continue with the instructions below. Download and install CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OKPress the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. Then, please run this online virus scan: ActiveScan Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. Thanks, rstones12
×