Jump to content

Change Mode

essexboy

Trusted Malware Techs
  • Content Count

    752
  • Joined

  • Last visited

Everything posted by essexboy

  1. Just delete it from your desktop. I thought it added itself to add/remove but research shows that is not the case
  2. OTcleanit will delete all OT tools, combofix and DSS plus associated files and folders. Dr. Webb can be removed from the control panel add/remove along with Hijackthis. There should be no other remnants
  3. It will take out the tools but not Hijackthis and it may leave the odd text file, but they can be deleted manually. Dr. Webb will need to be manually removed as well
  4. OK that just found my tools and some elements in system restore, which we will now purge Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my me
  5. Did you use OTMoveit in post 6 to delete those files Right lets try Dr. Webb and see what he reveals Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the
  6. There was no evidence on any of the scans of malware - what is the file name and location being reported i.e. C;\windows\system32\badfile.exe
  7. OK if they are in quarantine they are harmless Open the NOD32 Control Center in the systray. If necessary, toggle to Advanced Mode in the lower left corner. In the left pane, select Tools > Quarantine. Click on the first entry, hold down the Shift key, and then click the last entry to select all of the items. Right click and select Remove, or hit the Delete key. Then if there are no further problems Now the best part of the day ----- Your log now appears clean :thumbsup: A good workman allways cleans up after himself so...Download and run this small programme and hit
  8. The big question now - how is your computer running ?
  9. OK I have now looked at them and seen where to go. But first I notice that you have a cracked version of NOD I recommend that you uninstall it and get one of the free antivirus programmes as that is illegal Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): C:\WINDOWS\System32\__c00B5BFF.dat C:\WINDOWS\System32\9B09F35911.dll Purity Return to OTMoveIt2, right click in th
  10. Hi I did not get the full report - if necessary could you upload both text files to mediafire and post the share link Whilst you are doing that lets get a quick fix in Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - Winlogon Notify: 449b0e6b382 - C:\WINDOWS\ O20 - Winlogon Notify: __c00F6107 - C:\WINDOWS\ Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
  11. I've picked it up in the HJT forum
  12. Could I have a deeper look at your system Download OTViewIt to your desktop. Close all windows and double click OTViewIt Place a tick in the Scan all Users box In the File Age drop down box select 90 days Click Run Scan and let the program run uninterrupted On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.
  13. Have you installed Flash and Java ( my silly input for the day )
  14. Unfortunately it looks that way. I have a tutorial on how to do a fresh install of windows here http://www.geekstogo.com/forum/Reformat-In...ws-t173729.html
  15. Hi there this may take a couple of runs to kill, but I will give it a go Please visit this web page for instructions for downloading and running ComboFix NOTE : For the recovery console XPSP2 is the same as XPSP3 http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. O
  16. I am glad that all turned out well Keep safe
  17. Error number one, unless you know what you are doing then it is best to leave the registry well alone. Apart from the annual defragmentation . Most registry cleaners end up removing valid keys and problems then start to occur . A case in point look at the notation from malwarebytes C:\Program Files\ErrorKiller\ErrorKiller.exe (Rogue.ErrorKiller) I would highly recommend uninstalling the registry cleaners so that you are not tempted to use them Was this the main drive or a data drive ? If it was a data drive then scan with MBAM prior to opening it Anyways now for some good news
  18. Hi there you have a few elements still.. A question did you install Error Killer ? Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F176B2F5-D41D-455B-BE07-90AAFA0877DB} HKEY_CLASSES_ROOT\CLSID\{F176B2F5-D41D-455B-BE07-90AAFA0877DB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cu
  19. I hope California has more sun than Cornwall, we have the liquid variety at the moment The malware writers allways lead from the front so AV and AS companies are allways playing catchup.. THere is only one element visible at the moment although I am sure there are are more - so I will need to do a deep search Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O20 - Winlogon Notify: khfeFuuu - khfeFuuu.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Pl
  20. AVG probably quarantined catchme a part of GMER There is one file/folder that was missed and you need to secure your system by removing old Java but otherwise it looks OK Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present): Java™ 6 Update 2 Java™ 6 Update 3 Java™ 6 Update 5 Java™ SE Runtime Environment 6 Update 1 THEN Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL
  21. Hi there can I take a deeper look at your system. I can see a few bad bits but I would like to get as many as I can in one sweep Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  22. Sneaky blighters, they allways try to hide Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 7 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications". Click the "Download" button to the right. Read the License Agreement and then check the box that says: "Accept License Agreement". The pag
×
×
  • Create New...