Jump to content

Nirvana

Trusted Malware Techs
  • Content Count

    162
  • Joined

  • Last visited

About Nirvana

  • Rank
    Member
  • Birthday 11/01/1963

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Milton Keynes, U.K.

Previous Fields

  • System Specifications:
    AMD Athlon, 1467MHz Memory 512MB RAM Video NVIDIA RIVA TNT2 Model 64/Model 64 Pro Internet MSIE 6.0 Windows XP SP2 Bulldogadsl 2.2 Mbps
  • Teams:
  1. Since this issue appears to be resolved, this topic will be closed.
  2. You're all clean now we're gonna purge System restore now to get rid of those remaining in System Volume Information. 1. On the Desktop, right-click My Computer. 2. Click Properties. 3. Click the System Restore tab. 4. Check Turn off System Restore. 5. Click Apply, and then click OK. 6. Restart the computer. 7. Follow steps 1 to 3 again, then uncheck Turn off System Restore tab. When you are sure you are clean create a restore point. To create a restore point: Single-click Start and point to All Programs. Mouse over Accessories, then System Tools, and select Sys
  3. Ok, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml Next, navigate to and delete the following: C:\!KillBox\ <-------- Delete the contents of this folder. C:\Documents and Settings\Peter.PETERS-C
  4. Fix this line again: O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run See if this file is still present: C:\WINDOWS\system32\rciacp.exe If it is then delete it. Is that folder still gone? If so can you try to run Kaspersky again and see if you can post the log. If you still can't then e-mail it to me at kangaroopooATgmail.com ([email protected]). Post another logfile and let us know what problems remain, if you're still getting popups what is their nature?
  5. Download and run Ad-Aware. For best results follow the tutorial. Reboot your machine afterwards. See if that folder will stay deleted now and post another HijackThis log.
  6. Oops! Try here: http://www.ccleaner.com/ccdownload.asp
  7. Fix this one again using HijackThis: O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run Next, download, unzip and launch the KillBox: http://www.downloads.subratam.org/KillBox.zip Select "Delete on Reboot". Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C C:\WINDOWS\wgtaojnA.exe C:\Program Files\outlook\outlook.exe C:\Program Files\Common Files\fmoq\fmoqm.exe C:\WINDOWS\system32\rciacp.exe C:\WINDOWS\system32\loader.exe Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Clic
  8. Restart HijackThis and put checks next to the following, close all browser windows (including this one) then click on 'Fix Checked': R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe O4 - HKLM\..\Run: [] p2pnetworking.exe O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe r
  9. O.K. We've gotten rid of one nasty, let's tackle the others: Please download VirtumundoBeGone from here: http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe Save it to your Desktop. Close all running programs (including your Internet Browser). Double-click VirtumundoBeGone.exe on the desktop. Follow the directions as indicated. Please note that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens. When it has finished, reboot and post the log that is created on your desktop called V
  10. Hi Peter. Please download Look2Me-Destroyer.exe by Atribune to your desktop. Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Don
  11. Because when you fix, you learn... No?
  12. You're welcome It's a good idea to Flush your System Restore after ridding yourself of malware: 1. On the Desktop, right-click My Computer. 2. Click Properties. 3. Click the System Restore tab. 4. Check Turn off System Restore. 5. Click Apply, and then click OK. 6. Restart the computer. 7. Follow steps 1 to 3 again, then uncheck Turn off System Restore tab. When you are sure you are clean create a restore point. To create a restore point: Single-click Start and point to All Programs. Mouse over Accessories, then System Tools, and select System Restore. In th
  13. Cali, everything looks fine to me. If you're not having any issues you're good to go. If you are having issues, please specify....
  14. Does ZoneAlarm give you a warning that those files are trying to get access to the internet? What exactly is ZoneAlarm telling you? Is Ad-Aware finding anything?
  15. These files need to be deleted: C:\windows\ahadp.exe C:\windows\system32\angelex.exe C:\windows\system32\ap9n4qmo.exe wmiprvs.exe <-------- Check the spelling on this one wmiprvse.exe (with an 'e' on the end) is valid. Then scan with Ad-Aware again and have it fix anything it finds. Are you still having issues?
×
×
  • Create New...