Jump to content

Change Mode

[email protected]

Advanced Member
  • Posts

    1,010
  • Joined

  • Last visited

About [email protected]

  • Birthday 02/10/1989

Contact Methods

  • Website URL
    http://www.nucia.eu/forum

Profile Information

  • Location
    Netherlands
  • Interests
    Dead Malware

Previous Fields

  • System Specifications:
    Windows Vista Home Premium SP2 700GB (2x350) harddisk Intel Core2 Quad 2.40Mhz 4096 MB RAM NVIDIA GeForce GTX 260
  • Teams:
    Nothing Selected

[email protected]'s Achievements

Newbie

Newbie (1/14)

  1. Hi, That's not a problem. I was just curious what the file could be Your log looks good now!
  2. Heatherkip, can you do me a favor please? Can you go to Explorer and find this file: C:\WINDOWS\vsnpstd.exe Rightclick on it - Properties - tablad Version... Can you tell me what's there? (information)
  3. Probeer je zelf al dingen te verwijderen na een reboot? Ik zou graag een logje willen waarin de infecties naar voren komen... We kunnen dit proberen: Je hebt misschien de laatste versie van VX2 te pakken, dus... download L2mfix van één van de volgende locaties: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe (gemaakt door Shadowwar en OSC) Sla het op je bureaublad op en dubbelklik l2mfix.exe. Klik de Install-knop om de files uit te pakken en doe wat er gevraagd wordt, Daarna open je de nieuwe l2mfix-map die op je bureaublad staat. Dubbelklik op l2mfix.bat en kies de optie #1 voor Run Find Log door 1 te typen en daarna op enter te klikken. Deze zal je computer scannen. (je zal daar wel niet veel van merken) Daarna, na ongeveer 2 minuten zal je kladblok openen met een logje. Kopieer en plak de inhoud van dit logje hier. BELANGRIJK!!: Klik NIET op optie 2 of op andere dingen die in die map staan.. zonder dat er daarvoor instructies gegeven zijn!
  4. It seems I didn't get a notification when you posted your previous post here. Anyway, do this: Download this tool: http://home.filternet.nl/~hansp21/LQFix.bat Unzip it to your Desktop. Don't use it yet! IMPORTANT! Reboot into safe mode by tapping F8 frequently during bootup, and run the tool. Reboot into normal mode, make a new HijackThis log, and post it here
  5. Kun je misschien een screenshot van de popup geven? En komt de popup op meerdere sites naar voren of zonder enige uitzondering?
  6. Hi Heatherkip, After some investigation I decided there were more (probably) bad lines. * Can you go to http://virusscan.jotti.org then enter this line into the white textbox: C:\WINDOWS\vsnpstd.exe Click Submit Then post the results in this thread please 1. Open HijackThis, do a full system scan and check this line: O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" 2. Close all other windows and browsers, and hit Fix Checked. 3. Reboot into safe mode by tapping F8 frequently during bootup. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". 4. Delete, in safe mode: C:\Program Files\AutoUpdate << folder 5. Reboot into normal mode, make a new HijackThis log, and post it here
  7. Looks good! Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer I also suggest that you delete your Temp folders regularly. Use CleanUp! to do this automatically for you!
  8. Please do this first: Download the latest version of Ad-Aware:http://www.lavasoft.de/support/download/ After installing AAW, and before running the program. Please be sure to update the reference file following the instructions here: http://www.lavahelp.net/howto/updref/ Reconfigure Ad-Aware for Full Scan: Launch the program, and click on the Gear at the top of the start screen. Click the "Scanning" button. Under Drives, Folders and Files, select "Scan within Archives". Click "Click here to select Drives + folders" and select your installed hard drives. Under Memory & Registry, select all options. Click the "Advanced" button. Under "Log-file detail level", select all options. Click the "Tweaks" button. Under "Scanning Engine", select the following: "Unload recognized processes during scanning." Under "Cleaning Engine", select the following: "Let Windows remove files in use after reboot." Click on 'Proceed' to save these Preferences. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT to allow it to finish. If you haven't done so Please Scan with Spybot Search and Destroy: 1. Download and Install Spybot S&D, accepting the Default Settings 2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it. 3. Close ALL windows except Spybot S&D 4. Click the button to ‘Search for Updates’ and download and install the Updates. 5. Next click the button ‘Check for Problems’ 6. When Spybot is complete, it will be showing ‘RED’ (RED) entries ‘BLACK’ entries and ‘GREEN’ (GREEN) entries in the window 7. Make certain there is a check mark beside all of the RED (RED) entries ONLY. 8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED (RED) entries. 9. REBOOT to complete the scan. Reboot, make a new HijackThis log and post it here.
  9. Hi Heatherkip, 1. Run HijackThis (“Do a system scan only”). Put a checkmark near these lines: 2. Close all other windows and browsers, and hit Fix Checked. 3. Reboot into safe mode by tapping F8 frequently during bootup. Make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". 4. Delete, in safe mode: C:\Program Files\CxtPls << folder 5. Reboot into normal mode, make a new HijackThis log, and post it here
  10. Yes, get rid of the first two lines. Other than that, your log looks OK now! Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer I also suggest that you delete your Temp folders regularly. Use CleanUp! to do this automatically for you!
  11. Looks good now! Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications: Spywareblaster <= SpywareBlaster will prevent spyware from being installed. Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts. How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. To protect yourself further: IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer I also suggest that you delete your Temp folders regularly. Use CleanUp! to do this automatically for you!
  12. Hi, Do you know these lines? O9 - Extra button: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing) O9 - Extra 'Tools' menuitem: Intertops Poker - {5706EACE-252A-4af9-AA8D-1F8813B50469} - C:\Program Files\Intertops Poker\IntertopsPoker.exe (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll So: Did you install those on purpose?
×
×
  • Create New...