Jump to content

Change Mode

essexboy

Trusted Malware Techs
  • Content Count

    752
  • Joined

  • Last visited

Everything posted by essexboy

  1. 'Tis rather large isn't it Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log. I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps abov
  2. No problem I will do it manually, but it will require you to post a rather large log and you may have to split it into 2 or 3 posts Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Close ALL OTHER PROGRAMS. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan
  3. My apologies do it from normal mode not safe mode - I meant to delete that part
  4. This latest variant of Vundo is catching out a lot of AV vendors at the moment, most can now detect it but only after the fact Now the best part of the day ----- Your log now appears clean :thumbsup: You may now delete all the programmes I had you download Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method: 1. Select Start > All Programs > Accessories > System too
  5. There is a virus around at the moment that infects the MBR and can only be cleaned by the recovery console..This just lets us know whether it is installed or not. You have a sneaky trojan that pretends to be Google toolbar and even uses the correct CLSID Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
  6. Still a bit to go as AVG is infected. You may need to re-install if this fix can not clean it 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.
  7. Hi there lets see if this cures it.. As you are on Vista please run all programmes by right clicking and selecting run as administrator Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Download ComboFix from Here or Here to your Desktop. Double click combofix.exe and follow the prompts. When finished, it shall
  8. You're in luck I was just passing Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. F3 - REG:win.ini: load=C:\WINDOWS\system32\cbaab.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Google Module - {28C703D0-B4A9-4b2f-9123-CE8294761861} - halifax1.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file) O20 - Winlogon Notify: hzsqmoaa - hzsqmoaa.dll (file missing) O20 - Winlogon Notify: qomnljg - qomnljg.dll (file missing) Now close all windows other than HiJa
  9. You probably have the new variant - post a log in the Hijackthis forum
  10. Go to my site - link below - then download Controlpanelrestrictions restore.reg - right click and select merge - accept the warnings and your control panel will be back, then reinstall Java
  11. Hi jme122 totally out of luck I am afraid I can not find any reference to this problem - maybe I dreamt it
  12. Can you open control panel ? or is it just the java cpl that does not work ?
  13. Reference Firefox here are the details of the fix for this problem http://kb.mozillazine.org/Unable_to_save_or_download_files How is Java not working properly Yep your log looks clean
  14. OK I have found a way to do it but you need to run from the recovery consol and your xp cd http://www.kellys-korner-xp.com/win_xp_rec.htm Start here Once in the recovery consol type type following del C:\WINDOWS\System32\Drivers\ucbhtbmr.dat del C:\WINDOWS\System32\CONFMS.dll exit Then reboot as normal
  15. It appears to be hidding from Icesword as well Within Icesword was ther a process/driver with the name zxuvkzkp if there was right click it and select teminate the process I will have a look at the other tools I have available
  16. Hi again I am sorry this is taking so long but it is very stubborn Please download and unzip Icesword to its own folder If you get a lot of "red entries" in an IceSword log, don't panic. Step 1: Run IceSword. Click the "Processes" tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Note the filenames of processes in red color. Also, make a note of the folders. Step 2: Click the "Win32 Services" tab and look out for red colored entry in the services list. This red colored service entry indicates that it’s root
  17. After you have done that if you could run this programme it should show me if anything is there Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  18. Ah Ok I misread it. I have never used a shell programme so I am afraid that is out of my league Sorry
  19. Sounds like your basic shell is corrupted have you tried this If that should fail then I would recommend a repair install
  20. OK then lets take a deep look shall we Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop. Close ALL OTHER PROGRAMS. Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and mak
  21. Hi there not a great deal apparent on the surface Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. THEN Download ComboFix f
  22. Hmm not totally impressed with AVZ at the moment lets try the old way 1. Please download The Avenger by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop 2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C): Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. 3. Now, start The Avenger program by clicking on its icon on your desktop. Under "Script file to
  23. OK we will try this once more (by the way I have just finished one similar to this on Avast forum) AVZ FIX Double click on AVZ.exe Click File > Custom scripts Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end ) begin SetAVZGuardStatus(True); SearchRootkit(true, true); DelCLSID('{8635FCA6-898E-4776-A049-372B973F5BFC}'); DeleteFile('C:\WINDOWS\System32\CONFMS.dll'); StopService('zxuvkzkp'); DeleteFile('C:\WINDOWS\System32\Drivers\ucbhtbmr.dat'); DeleteFile('C:\WINDOWS\system32\drivers\ucbhtbmr.dat'); De
×
×
  • Create New...