Jump to content

jwbirdsong

Trusted Malware Techs
  • Content Count

    111
  • Joined

  • Last visited

About jwbirdsong

  • Rank
    Member
  • Birthday 08/02/1957

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Denver CO USA

Previous Fields

  • Teams:
    Nothing Selected
  1. mattia74 sorry I seem to have let this post slip through the cracks...... Would you boot to safe mode and delte all the files that Panda didn't clean C:\Documents and Settings\Mattia\Favorites\exsplorer.lnk C:\WINDOWS\color.css C:\WINDOWS\inf\bi.inf C:\WINDOWS\inf\biini.inf C:\WINDOWS\system.sam C:\WINDOWS\system32\CSUninstall.exe C:\WINDOWS\system32\StopzillaBH0.dll F:\GIOCHI\Warcraft 3\FFF-Warcraft.3.Reign.of.Chaos_KEYGEN.zip[start.exe] F:\GIOCHI\Warcraft 3\start.exe Then reboot and post a fresh HJT log along; with any message regarding how your sy
  2. Download smitRem.exe©noahdfear and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Please download Ewido Security Suite, it is a free version of the program. Install ewido security suite When installing the program, under "Additonal Options" uncheck... Install background guard Install scan via context menu Launch ewido, there should now be an icon on your desktop, double-click it. The program will now open to the main screen. When you run ewido for the first time, you may get a warning "Database could not be found!". Click
  3. You are using an outdated version of HijackThis. Please download HijackThis version 1.99.1 from here: http://www.downloads.subratam.org/hijackthis.zip . You are also running HijackThis from the desktop; please make sure to unzip it to it's own, permanentfolder. (eg. C:\HijackStuff\HijackThis.exe or you could have a folder named HijackFixers on your desktop and put it in there.) Then please run HijackThis, click Scan and Save log, and post the new log here. I would be happy to take a look at it.
  4. If you re-read your original post You will notice that secure32 is mentioned once in an obscure title (at best) and then not again. NOWHERE do you say that C:\WINDOWS\SYSTEM32\Drivers\etc\hosts is the path to secure32 It just listed as the "Panda scan path"..the path to what your hosts file that is no longer there?..one of the 5 exploits you mention? Something else?? We do NOT read minds.. Sorry to have to inconvenience you to post a little more info to go on...Hopefully you can find and delete the secure32; if not post a reply and I'll get someone else to take over your thread.
  5. Do you have the copy of the Panda log?? Do you know WHERE Panda is seeing it?? There is ABSOUTLY NO sign of secure32 in any of the logs......Also do a search for secure32 make sure you are set to view hidden files and search in system folders/hidden files
  6. Had some issues and was unable to get on here yesterday..Will reply after work today.
  7. Nothing showing in the log.. The Panda link you posted is not valid...can you give details please. Also are you saying your hosts file is just gone? Can you not replace it?/ Do you have view hidden files enabled??..If something changed a property on hosts to system and/or Archive you may not see it otherwise. Please temporarily disable MSAS by doing the following: It may interfere with the fix. Open Microsoft AntiSpyware. Click on Options -> Settings. In the left pane, click on Real-time Protection. Under Startup Options uncheck Enable the Microsoft AntiSpyware Sec
  8. Before we start this (LAST???) clean up operation would you search for C:\WINDOWS\system32\logl_h.exe and C:\WINDOWS\system32\l_h_32.exe and Email to me as you did last time. I DID get the mail thanks, forgot to mention it. Copy the following to Notepad and save as lastfix.reg Next click on the lastfix.reg file and merge into your registry. Run HijackThis using Scan Only, check the following: (I'm pretty sure you know what to check by now any way but.. ) O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O4 - HKCU
  9. Dim Def,Wshsell,FN,fso,Report,SysF,SS const HKEY_CLASSES_ROOT = &H80000000 Set fso = Wscript.CreateObject("Scripting.FilesystemObject") Set Wshshell = Wscript.CreateObject("Wscript.Shell") Wshshell.Run "regedit /e /a Report.txt" & " " & "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",, True Set Report = fso.OpenTextFile("Report.txt",8 , true) Report.WriteLine "-----------------" strComputer = "." Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "*\shellex\ContextMenuHandler
  10. yes would you please do the full scan and in safe mode. Should take quite as long that way either
  11. GREAT!!! That apropos HAD to be what's stopping our fixes. It has been brought to my attention that you are running 2 Anti-Virus programs. This is NOT acceptable, while many Online security type tool DO work in harmony; Anti-Virus programs are NOT among them, they will fight for 'control' of your system, causing poor performance and errors. Please choose to keep either AVG or Trend and uninstall the other. Now that we have killed the root kit would you please go back and Follow the step out lined in THIS post. UPON close inspection the links DON"T seem to take you to the post..ju
  12. Sorry I took so long, I had someone else review this because we are having such a hard time getting rid of a few of those entries. You will need to print out these instructions for reference, since you will have to restart your computer during the fix. Please download AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop but do NOT run it yet. Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap F8. In
  13. Sorry I've had connection problems and have been unable to get online for about 4 hrs... Please print out or copy this page to Notepad . Make sure to work through the steps in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fix. Download DSRFIX from HERE onto your Desktop. Unzip and EXTRACT the files to your Desktop. The program creates and names the new folder to house the files. DO NOT RUN IT YET Download Pocket KillBox from here. There is a Direct Download and a description of what
  14. I'll get you a reply posted soon,, I just got home from work so after I eat I'll work you up a reply..Can you answer a question while you are waiting...when you ran the first part of the AdAware speech in above post....the VX2 plugin/addon; do you recall what if any type of msg you got? It just doesn't seem to have done what I expected and was wondering if you got an error or something??..There are other means to do the same I was just curious
  15. BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference. First, download Ewido Security Suite. Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well. Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something i
×
×
  • Create New...