Jump to content

illukka

Trusted Malware Techs
  • Content Count

    20
  • Joined

  • Last visited

Everything posted by illukka

  1. illukka

    (solved)Winfixer.exe

    hi clean it is Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. here are some additional utilities that will enhance your safety IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software
  2. illukka

    (solved)Winfixer.exe

    hi go to this page http://www.atribune.org/content/section/4/30/ and download winsockfix transfer it to the infected computer, then run it reboot post a new hijackthis log as you have noticed, many of these tools can be harmful if used improperly
  3. illukka

    (solved)Winfixer.exe

    hi go to this page http://securityresponse.symantec.com/avcen...moval.tool.html read the instructions carefully and download the trojan vundo removal tool disconnect the infected machine from networks, and run the removal tool reboot run the tool again reboot again rescan with hijackthis and post a fresh hijackthis log
  4. illukka

    [solved]can't get rid of vundo

    hi yes, just delete it. good news then, nothing hiding there, we can mark this as solved Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Reenable system restore with instructions from tutorial above Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. here are some additional utilities that will enhance your safety IE/Spyad][https://netfiles.uiuc.edu/ehowes/www/resource.htm]IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Google Toolbar <= Get the free google toolbar to help stop pop up windows. Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software
  5. illukka

    Mysterious split second pop-up?

    well hows that hijackthis log then, i'd like to take a look
  6. illukka

    [solved]can't get rid of vundo

    hi jeeezz that log looks good lets do an online virus scan to make sure there are no other nasties present: do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard) Scan Options:Scan ArchivesScan Mail Bases Click OK Now under select a target to scan:Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post.
  7. illukka

    (solved)Need help to remove virus/trojan

    hi the log looks clean ! as for avg not detecting the svkp.sys, well they know better.. it is not a malicious file i suggest that you try to reinstall registry medic, either from a fresh download or from an existing installer. let me know if that fixes it svkp it self is an useless program, unless you write or distribute software i really hope NAV will fix that false positive
  8. illukka

    (solved)Need help to remove virus/trojan

    the answer is simple: it is protected by this svkp.sys. the software wont run if it is not present. you see if the driver is not there svkp will assume that its being reverse engineered and thus refuses to run the key to most of these problems is NAV stopping to detect this stupid false positive i can understand why this file was added. it (svkp ) has been used in some nasties to protect the worm or trojan. but it is still not a malicious file contrary to popular belief i dont think norton av is a bad antivirus, but perhaps it would be best to replace it with something else until they get this false positive fixed.. perhaps you coud contact registry medic's support about this.. avg free is agood replacement, get it from here: http://free.grisoft.com/doc/1 uninstall norton, that would be best to do in safe mode when you do the uninstall also uninsatall mywaysearch assistant, or mywaysa then reboot, install avg free, reboot update avg free, reboot again to safe mode perform a scan with avg free, make sure to save its report because i 'd like to see it also do a sweep with spy sweeper, if you are running the latest spysweeper please enable the rootkit scanning module then scans are to rule out th epossibility of malware reboot back to normal mode Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper: Open it click >Options over to the left then >Program Options >Uncheck "load at windows startup". Over to the left click "shields" and uncheck all there. Uncheck "home page shield". Uncheck "automatically restore default without notification". open hijackthis click do a system scan only put checkmarks next to the following items. if still there: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll then close all browsers and explorer windows and click fix checked reboot post a fresh hjt log and the resuts of the scans the we can try to resolve the other issues cheers, good luck
  9. illukka

    [solved]can't get rid of vundo

    hmm looks odd the lines indicating the infection are still there , could be that ms antispy is preventing the vundofix from doing its job lets try one more time but Before starting any cleaning steps, please disable the Microsoft Anti-Spyware real-time protection: Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye). Click on "Security Agents Status". Click on "Disable real-time protection". Next, open Microsoft Anti-Spyware. Click on the Options menu, then Settings. Select "Real Time Protection" from the left column. Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection". Click the Save button. Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up. remember to put it back once this is through also before running vundofix right click the norton av tray icon and select disable real time protection open hijackthis, click do a system scan only put checkmarks next to these lines: O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\pmkhi.dll O20 - Winlogon Notify: pmkhi - C:\WINDOWS\system32\pmkhi.dll then close all running programs and explorer windows. so that only hijackthis is open and click the button fix checked now try the vundofixagain then reboot if you can get into safe mode, fine if you cant ,just reboot normally run vundifix again reboot again rescan with hijackthis and post a fresh log if the symantec tool fails again we have a manual fix for this too, so we are going to clean the bugger ... :crash:
  10. illukka

    [solved]can't get rid of vundo

    did you download the fixvundo tool? all you need to do is to disconnect the machine from the net, then run the fixvundo tool, then reboot, run the tool again reboot again, then rescan with hjt and post a fresh log
  11. illukka

    [solved]can't get rid of vundo

    hi go to http://securityresponse.symantec.com/avcen...moval.tool.html follow the instructions there to download and run the trojan vundo removal tool after you've run it twice, rebooting in between , reboot again then rescan with hijackthis and post a fresh log
  12. illukka

    (solved)Need help to remove virus/trojan

    hi the hacktool rootkit detection is a false positive of norton the file svkp.sys is a known file, it belongs to svkprotector. svkprotector is a tool that is used in shareware applications to protect them against cracking/reverse engineering more info on it can be found here: http://www.wilderssecurity.com/showthread....9282#post589282 http://www.dslreports.com/forum/remark,14616513 looks like registry medic is one of its(svkprotector) users i have that file on my computer too, i've the svkprotector installed edited: i see that there are some items in the hjt log though.. items that need attention! first can you tell me about your E:drive, is it a floppy, usb.stick, cd or a hard disk ?
×