Jump to content

Change Mode

crunchie

Trusted Malware Techs
  • Content Count

    280
  • Joined

  • Last visited

About crunchie

  • Rank
    Member

Previous Fields

  • Teams:
    Nothing Selected
  1. You are welcome . Will mark this as solved now.
  2. That silent runners log was not complete, but looking at the Find_it log, you are now clean . Are you still experiencing any problems?
  3. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O23 - Service: CWShredd
  4. That log confirms the infection. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any ot
  5. You have omitted the first line of your log that tells me the hijackthis version. It does not look like the latest though, so please do the following; Update hijackthis to version 1.99.1. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by opening the program, going to config\misc tools, then uninstall & exit. You then have to delete the file manually. Unzip the new version into the hijackthis folder. You may have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atri
  6. petro 116th. Ylu are welcome. Sorry it didn't work out the way we would have liked .
  7. Try this scan at Panda and see if it can do the job. Make sure you are logged on as Administrator. Download the zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes. Reboot and post another log please. fixme.zip
  8. Got some new stuff Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file) O2 - BHO: (no name) - {BF9B3742-6909-98B1-88C4-81BD77AAE879} - C:\WINNT\msib32.dll Go to http://bshagnasty.home.att.net/browsersettings.htm to change your browser security settings to a more secure setting that should help stop the installs.
  9. The two trojans that were not cleanable should be deleted manually. Download the Pocket KillBox Unzip the file to your desktop. Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below). C:\WINNT\System32\apphj32.exe C:\WINNT\System32\mslf32.exe C:\WINNT\system32\vkbwag.dat C:\WINNT\system32\vkbwag.exe C:\WINNT\system32\wnim.dll C:\WINNT\wnim.dll Reboot afterwards
  10. That findit log was incomplete. You will need to rescan and post another . I would also suggest getting a firewall and anti-virus as you are likely getting hit every time you go online. To fix up the 015 entries do this; First, Disconnect from the Internet!! (Please copy these instructions to NotePad for copy/paste use, since you will be off the Internet.) ____ Next, launch Notepad, and copy/paste all the blue REGEDIT below to it Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
  11. Run Hijackthis and go to the process viewer by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes; vozhymx.exe 170078.exe 175906.exe Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc
  12. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder until
  13. It looks like you may have picked up the latest VX2 infection too . Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, no
  14. Download LSPfix from here On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "aklsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish. Download about:Buster and unzip it to your Desktop. Doubleclick on AboutBuster.exe to run it and then click on Update > Check for Update. If there is an update available, click on 'Download Update and wait while it downloads. Once downloaded, click on Exit. When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidde
  15. You are welcome . Sometimes these nasties do not want to leave. They find a new shiny home, move in a couple of mates and then just want to party on . Download FireFox from http://www.mozilla.org/products/firefox/releases/ and then basically once installed, you're up and away. You still need IE for your M$ updates. I have FF on my PC and am much impressed, although Opera IMHO is a much better browser. Use FF for a while to get the feel of it, then set it as your default. You will not go back to IE I think .
×
×
  • Create New...