Jump to content

Change Mode

crunchie

Trusted Malware Techs
  • Content Count

    280
  • Joined

  • Last visited

Everything posted by crunchie

  1. You are welcome . Will mark this as solved now.
  2. That silent runners log was not complete, but looking at the Find_it log, you are now clean . Are you still experiencing any problems?
  3. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O23 - Service: CWShredd
  4. That log confirms the infection. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any ot
  5. You have omitted the first line of your log that tells me the hijackthis version. It does not look like the latest though, so please do the following; Update hijackthis to version 1.99.1. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by opening the program, going to config\misc tools, then uninstall & exit. You then have to delete the file manually. Unzip the new version into the hijackthis folder. You may have the latest version of VX2. Download L2mfix from one of these two locations: http://www.atri
  6. petro 116th. Ylu are welcome. Sorry it didn't work out the way we would have liked .
  7. Try this scan at Panda and see if it can do the job. Make sure you are logged on as Administrator. Download the zip file and unzip fixme.reg. Close all browser windows. Double click to run it and when asked if you want to merge with your registry, answer yes. Reboot and post another log please. fixme.zip
  8. Got some new stuff Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. O2 - BHO: (no name) - {5E3CCC2F-DEE0-9814-E5DB-4738CCA6A835} - (no file) O2 - BHO: (no name) - {BF9B3742-6909-98B1-88C4-81BD77AAE879} - C:\WINNT\msib32.dll Go to http://bshagnasty.home.att.net/browsersettings.htm to change your browser security settings to a more secure setting that should help stop the installs.
  9. The two trojans that were not cleanable should be deleted manually. Download the Pocket KillBox Unzip the file to your desktop. Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below). C:\WINNT\System32\apphj32.exe C:\WINNT\System32\mslf32.exe C:\WINNT\system32\vkbwag.dat C:\WINNT\system32\vkbwag.exe C:\WINNT\system32\wnim.dll C:\WINNT\wnim.dll Reboot afterwards
  10. That findit log was incomplete. You will need to rescan and post another . I would also suggest getting a firewall and anti-virus as you are likely getting hit every time you go online. To fix up the 015 entries do this; First, Disconnect from the Internet!! (Please copy these instructions to NotePad for copy/paste use, since you will be off the Internet.) ____ Next, launch Notepad, and copy/paste all the blue REGEDIT below to it Save in: Desktop File Name: fixme.reg Save as Type: All files Click: Save REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
  11. Run Hijackthis and go to the process viewer by going to Config, Misc Tools, Process Viewer, to unload all instances of the following running processes; vozhymx.exe 170078.exe 175906.exe Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc
  12. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder until
  13. It looks like you may have picked up the latest VX2 infection too . Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, no
  14. Download LSPfix from here On the opening screen, click the "I know what I'm doing" checkbox. Check all instances of "aklsp.dll" (and nothing else), and move them to the "Remove" pane. Then click Finish. Download about:Buster and unzip it to your Desktop. Doubleclick on AboutBuster.exe to run it and then click on Update > Check for Update. If there is an update available, click on 'Download Update and wait while it downloads. Once downloaded, click on Exit. When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidde
  15. You are welcome . Sometimes these nasties do not want to leave. They find a new shiny home, move in a couple of mates and then just want to party on . Download FireFox from http://www.mozilla.org/products/firefox/releases/ and then basically once installed, you're up and away. You still need IE for your M$ updates. I have FF on my PC and am much impressed, although Opera IMHO is a much better browser. Use FF for a while to get the feel of it, then set it as your default. You will not go back to IE I think .
  16. My primary advice would be to change browsers. Either Opera or FireFox. Both are excellent browsers that are far more secure than IE. Opera comes with a frame for ads in the toolbar unless you register it. Very unobtrusive though. Haven't used Macafee, so have no input for you there. You can try the (almost) new M$ antispyware product. By all accounts it is doing a good job. It does still have a few false positives and is also a Beta version, meaning it's not a finished product yet. Also run a couple of online scans regularly. Keeping my fingers crossed for you .
  17. To be honest, without being able to see the files in the log, I don't know what to mark for deletion . Although your hijackthis.exe is still in the Temp folder, (C:\WINDOWS\TEMP\HIJACKTHIS.EXE) I see no other problems with it. Do you want to do a couple of online scans and see what they come up with now? Maybe rather than have AVG heal them, can you delete them manually yourself? Maybe you can also download the free AV that I use, update it then scan your PC. http://www.free-av.com/
  18. clony.exe appears to be burning software. http://www.google.com.au/search?hl=en&q=cl...le+Search&meta= Better move hijackthis into a permanent folder, or download this self extracting version. The GKROGW.EXE is definitely the qoologic trojan. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. O4 - HKLM\..\Run: [Narrator] C:\WINDOWS\gkrogw.exe O4 - Startup: intpih.exe Run Pocket Killbox again and paste the full file path of each of the below files in the box and c
  19. What type of file did silent runners download as? It should be a vbs file. To be honest I am not seeing a lot in regards to malware being your problem .
  20. Hi again. I cannot get any info on the following files; epsthl4.GID epspmhlp.GID Go to C:\WINDOWS\SYSTEM and locate them and right click on them. Choose Properties. Click the version tab and get the manufacturer and original filename please. Maybe that will give a clue. As a general rule, all contents of a Temporary folder are safe to delete. You will need to be in safe mode to delete them. Can you please post another hijackthis log in your next post. EDIT. I think I know the reason for the silent runners log showing as it did. Did you download it using firefox or other brows
  21. You should not have any programs runing from a Temp folder. Temp folder means just that, temporary. What programs are in there? A lot of programs write to the Temp folder when they are being installed, then fail to clean up after themselves . I have found a link to the W98 version of Find_it . Please run it as per the instructions given before and post the log. http://lineofire.geekstogo.com/
  22. Just as a final thing, go back to the l2mfix folder on your desktop and double click cleanup.reg. Click Yes to the confirmation message, then click OK. And, you are welcome .
  23. That all seemed to go quite well . Now we need to look at your HJT log. Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button. R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Hosts: 69.20.16.183 ieautosearch O1 - Host
×
×
  • Create New...