Jump to content

Katana

Advanced Member
  • Content Count

    1,473
  • Joined

  • Last visited

About Katana

  • Rank
    Advanced Member
  • Birthday 04/24/1970

Contact Methods

  • Website URL
    http://

Profile Information

  • Gender
    Male
  • Location
    Manchester (UK)

Previous Fields

  • Teams:
    Nothing Selected
  1. It looks like you missed a couple of lines there. Step 1 Fix With HJT Close all other windows and then start HiJack This Click Do A System Scan Only When it has finished scanning put a check next to the following lines IF still present - Close ALL open windows (especially Internet Explorer!)-Now click Fix checked Click yes to any prompts Close HijackThis Apart from that ......... Congratulations your logs look clean Let's see if I can help you keep it that way First lets tidy up Uninstall Combofix This will clear your System Volume Information restore points and remove all the infected files that were quarantined Click START then RUN Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there. You can also delete any logs we have produced and any other tools we have downloaded. ----------------------------------------------------------- ----------------------------------------------------------- The following is some info to help you stay safe and clean. You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future. ( Vista users must ensure that any programs are Vista compatible BEFORE installing ) Online Scanners I would recommend a scan at one or more of the following sites at least once a month. http://www.pandasecurity.com/activescan http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html !!! Make sure that all your programs are updated !!! Secunia Software Inspector does all the work for you, .... see HERE for details AntiSpyware AntiSpyware is not the same thing as Antivirus.Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one. You should only have one running all the time, the other/s should be used "on demand" on a regular basis. Most of the programs in this list have a free (for Home Users ) and paid versions, it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often. Spybot - Search & Destroy <<< A must have programIt includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites MalwareBytes Anti-malware <<< A New and effective program a-squared Free <<< A good "realtime" or "on demand" scanner superantispyware <<< A good "realtime" or "on demand" scanner PreventionThese programs don't detect malware, they help stop it getting on your machine in the first place.Each does a different job, so you can have more than one WinpatrolAn excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition SpywareBlaster 4.0SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer. SpywareGuard 2.2SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol ZonedOutFormerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer. MVPS HOSTSThis little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002. Not required if you are using other host file protections Internet BrowsersMicrosoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.Using a different web browser can help stop malware getting on your machine. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. If you are still using IE6 then either update, or get one of the following. FireFoxWith many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential OperaAnother popular alternative NetscapeAnother popular alternative Also has Addons available Cleaning Temporary Internet Files and Tracking Cookies Temporary Internet Files are mainly the files that are downloaded when you open a web page.Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program ATF CleanerFree and very simple to use CCleanerFree and very flexible, you can chose which cookies to keep Also PLEASE read this article.....So How Did I Get Infected In The First Place The last and most important thing I can tell you is UPDATE. If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk. Malware changes on a day to day basis. You should update every week at the very least. If you follow this advice then (with a bit of luck) you will never have to hear from me again If you could post back one more time to let me know everything is OK, then I can have this thread archived. Happy surfing K'
  2. Did you do the HJT instructions in post #55 ? Most of those line should be gone.
  3. You would be better off asking on the Rappelz forum about this issue. Do you have the fresh HJT log ?
  4. It would be better to reinstall it rather than use System Restore.
  5. Good How did you get the Combofix log then ? Not got a clue on that on ---------------------------------------------------------------------------------------- Step 1 Disable Teatimer We need to disable Teatimer as it may interfere with the cleaning. Please do not re-enable it until I give instructions. First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol) If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless. If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D Click Mode, choose Advanced Mode Go To the bottom of the Vertical Panel on the Left, Click Tools then, also in left panel, click Resident shows a red/white shield. If your firewall raises a question, say OK In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active OK any prompts. Use File, Exit to terminate Spybot Reboot your machine for the changes to take effect. ----------------------------------------------------------------------------------------Step 2 Fix With HJT Close all other windows and then start HiJack This Click Do A System Scan Only When it has finished scanning put a check next to the following lines IF still present - Close ALL open windows (especially Internet Explorer!)-Now click Fix checked Click yes to any prompts Close HijackThis Please reboot the machine now. ---------------------------------------------------------------------------------------- Logs/Information to Post in Reply Please post the following logs/Information in your reply Some of the logs I request will be quite large, You may need to split them over a couple of replies. A fresh HJT log How are things running now ? --------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- Additional Notes Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java and Adobe components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) from HERE Scroll down to where it says "Java SE Runtime Environment (JRE)". Click the "Download" button to the right. Platform = Windows Language = Multi Language Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Update Adobe Acrobat ReaderAdobe Reader is a large program and uses unnecessary space. If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended Please go to this link Adobe Acrobat Reader Download Link Cllick Download On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation. Click the Continue button Click Run, and click Run again Next click the Install Now button and follow the on screen prompts Now close all windows, including your browser.Double click on the Java installation that you downloaded and follow the prompts. Remove Programs Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Adobe Reader 9.1Java™ 6 Update 3 Java™ 6 Update 5 Now close the Control Panel. Reboot your machine.
  6. Bitdefender has a removal tool available to completely remove it for you. http://www.bitdefender.com/KB333-en--How-t...itDefender.html I recommend that you install the free version of Avast for the moment, you can decide what to use at a later date. Avast Do you have the Combofix Log yet ?
  7. Please delete the copy of Combofix that you have, and download a fresh one from one of the links below. ComboFix.exe ComboFix.exe Now disable any security programs you have installed as they could intefere. Custom CFScript Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below: http://forums.pcpitstop.com/index.php?showtopic=180912&st=40 Collect::[4] C:\Program Files\Windows Live\Messenger\msimg32.dll Killall:: Fcopy:: C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll|C:\Program Files\Windows Live\Messenger\msimg32.dll ADS:: Save this as CFScript.txt and place it on your desktop. Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. ---------------------------------------------------------------------------------------- Logs/Information to Post in Reply Please post the following logs/Information in your reply Some of the logs I request will be quite large, You may need to split them over a couple of replies. Combofix Log ( You can miss out the SigCheck section if it is large, but please post anything below Reg Loading Points) A fresh HJT log How is messenger now ? Are there any other problems ?
  8. Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Virus Total Please visit Virustotal Copy/paste the the following file path into the window C:\Program Files\Windows Live\Messenger\msimg32.dll Click Submit/Send File ( If it says the file has already been scanned, please click ReScan ) When the scan has finished, you can copy the URL from the browser address window and paste it in your reply. If Virustotal is too busy please try Jotti
  9. The following is some info to help you stay safe and clean. You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future. ( Vista users must ensure that any programs are Vista compatible BEFORE installing ) Online Scanners I would recommend a scan at one or more of the following sites at least once a month. http://www.pandasecurity.com/activescan http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html !!! Make sure that all your programs are updated !!! Secunia Software Inspector does all the work for you, .... see HERE for details AntiSpyware AntiSpyware is not the same thing as Antivirus.Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one. You should only have one running all the time, the other/s should be used "on demand" on a regular basis. Most of the programs in this list have a free (for Home Users ) and paid versions, it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often. Spybot - Search & Destroy <<< A must have programIt includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites MalwareBytes Anti-malware <<< A New and effective program a-squared Free <<< A good "realtime" or "on demand" scanner superantispyware <<< A good "realtime" or "on demand" scanner PreventionThese programs don't detect malware, they help stop it getting on your machine in the first place.Each does a different job, so you can have more than one WinpatrolAn excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition SpywareBlaster 4.0SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer. SpywareGuard 2.2SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol ZonedOutFormerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer. MVPS HOSTSThis little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002. Not required if you are using other host file protections Internet BrowsersMicrosoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.Using a different web browser can help stop malware getting on your machine. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. If you are still using IE6 then either update, or get one of the following. FireFoxWith many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential OperaAnother popular alternative NetscapeAnother popular alternative Also has Addons available Cleaning Temporary Internet Files and Tracking Cookies Temporary Internet Files are mainly the files that are downloaded when you open a web page.Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program ATF CleanerFree and very simple to use CCleanerFree and very flexible, you can chose which cookies to keep Also PLEASE read this article.....So How Did I Get Infected In The First Place The last and most important thing I can tell you is UPDATE. If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk. Malware changes on a day to day basis. You should update every week at the very least. If you follow this advice then (with a bit of luck) you will never have to hear from me again Happy surfing K'
  10. Do you know what deleted it ?
  11. Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind msimg32.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
  12. Download and Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind wscntfy.exe winlogon.exe uxtheme.dll svchost.exe spoolsv.exe lsass.exe explorer.exe iexplore.exe Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
×
×
  • Create New...