Jump to content

Piatan

Trusted Malware Techs
  • Content Count

    187
  • Joined

  • Last visited

About Piatan

  • Rank
    Member

Previous Fields

  • Teams:
    Nothing Selected
  1. Hi rsxownes You are probably wondering why you have not recieved a reply to your request for assistance. It is because of the way the board works. Unfortunately your post had to be moved from one part of the site to another, one forum to another. That looks like your post has recieved a reply from a helper. Then, you posted again, that looks like two replies, so helpers do not respond, when they believe another helper has already responded. Sorry, theres nothing to be done, that's just the way it works. Your Hijack This log looks to be relatively clean, but I'd like you to run a serie
  2. Hello djcheng Congratulations, your Hijack This log is clean. Good job sticking with it under adverse conditions and I know it wasn't easy for you. So many users do not stay the course. One of the best features of Windows XP is the System Restore option, however if a virus infects a computer with this operating system the virus can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal. To reset your restore points, please note that you will need to log into your computer with an account which has full administrator acc
  3. Hi djcheng Please read this entire post before proceeding. In Hijackthis, click "Config", then click on "Misc Tools". Once at the new screen, click the "Delete a file on reboot" button. You will be presented with a dialog asking you to pick a file. Copy and paste the full path of the file, C:\windows\system32\qMOOSE.exe into the file name field and press the 'open' button. You'll be notified that the file in question will be deleted on reboot; when asked whether you want to restart your computer, click OK. After a reboot the file should be gone. Then, run Hijack Thi
  4. Hi djcheng We both owe a great deal to Bobbi Flekman, who provided the greatest portion of the work done here. Please print out these instructions so you can read them while you clean your system. A printout also makes a good check list for Hijack This, to avoid making errors. Please run Hijack This again and place check marks next to the following entries. Close all programs and windows, leaving only HijackThis running. Place a check against the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cu
  5. Hi djcheng Well, like I said, this will take at least two posts. As you have found, it may take me a while to get back to you and is unavoidable. Thank you for being patient. Please read this entire post before proceeding. HijackThis is current; but running from the Desktop. Please move Hijack This into a folder of Its own. Click My Computer, then C:\ In the menu bar, File->New->Folder. That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it. F
  6. Hi djcheng This is the first of at least two parts to this procedure. If you have any problems or questions, please do not hesitate to include them with each post. It would be a good idea to post an Hijack This log, along with the output of the following , with each post. Launch Notepad, and copy/paste the box below into a new text file. Save it as Export.bat and save it on your Desktop. CODE regedit /e HKCURun.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" regedit /e HKLMRun.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
  7. Hi djcheng Sorry to have been so long getting back to you. It seems those two entries are a new variant and will require special handling. I have asked someone who has a handle on this variant to help us with it and a solution is in the works. Thank you for being patient.
  8. Hi djcheng Seems to be persistent, doesn't it. Lets see if this does the trick. Please do the following and if you have any problem following these directions, please advise of the difficulty in your next post. Please read this entire post before proceeding. Please REBOOT into safe mode by tapping on F8 frequently, during Bootup. Make sure your settings allow you to view "Hidden files". Open up any explorer window and click on "Tools" => "Folder Options" => "View" and be sure to check off "Show Hidden Files and Folders". During this entire process we will be in Safe
  9. Hi djcheng Well as I suspected, those entries are going to be a problem. Those two (ISTsvc and lhcsvek.exe) and the 04 entries, are interconnected and until they are dealt with the problem will continue. We may struggle a bit until a solution is found, so bear with me please. Please use the following link and follow the instructions given to download and use the removal tool. Be sure to read the entire page before proceeding. If you have any doubts do not continue. http://sarc.com/avcenter/venc/data/adware.istbar.html Then, run Hijack This and post a fresh log here.
  10. Hi djcheng Please read this entire post before proceeding. Also, please download any programs you will need, at this time, before they are needed. If you have any problems completing any of the suggestions, please advise in your reply. Please print out these instructions so you can read them while you clean your system. A printout also makes a good check list for Hijack This, to avoid making errors. Please use ctl/alt/delete to go to Task Manager and hilight the following, then click on END PROCESS. IESearchToolbar ISTsvc Then go to Start>Settings>Control Panel
  11. Hi djcheng For starters, you have a Cool Web Search infection. Please do the following. Download the stand-alone version of CWShredder 2.12 http://cwshredder.net/bin/CWShredder.exe Then close every window, disconnect from Internet and doubleclick the CWShredder icon on your Desktop. Click Fix and then Next, let it fix everything it asks about. Then please Reboot and reconnect to the internet. Please use the following links to run the two online Virus Scanners and let them fix whatever they find. Panda http://www.pandasoftware.com/activescan/co...n_principal.htm
  12. This would be a duplicate. The issue has been resolved. Help was given here: http://pcpitstop.ibforums.com/index.php?showtopic=77712
  13. Hello nadnerb My error. Looks like I tried to update you to Windows XP with those instructions. Isn't quite that easy, is it ? You did fine anyway, despite the confusing instructions. Yes, you can delete any Temporary Internet files. Outlook Tools by Hotbar Webtools by Hotbar Those can both be Uninstalled/Removed from Add/Remove Programs. Your Hijack This log is clean. Congratulations on a fine job. This is the New Ad-Aware SE(free) and instructions on configuring for a full scan. Download the new Ad-Aware SE version, and follow the instructions on how to do
  14. Hello nadnerb Thank you for the fine, detailed report. It is very odd that WinTools was not found. As you can see, it is not in your current HJT log,so I would suggest that in a few days you run Hijack This on your own and look for any mention of WinTools. If found, go through the same procedure as outlined and do away with it. If you are not comfortable doing that, then feel free to post a fresh HJT log here and I or someone, will assist you with the procedure. Look up KDX in Google (It is safe) and you can determine if you wish to keep it. In addition to finding it in Task Manag
  15. Hi nadnerb Please print out these instructions so you can read them while you clean your system. A printout also makes a good check list for Hijack This, to avoid making errors. Please use ctl/alt/delete to go into Task Manager. Look for the following and HILIGHT, then END PROCESS. Then exit Task Manager. WINTOOLS, WTOOLSA,WTOOLSB, or any variant. SHOPPERREPORTS,SMRTSHPR, Smart Shopper, or any variant. Then, go into Control Panel, Add/Remove Programs and UNINSTALL/REMOVE these. WINTOOLS,WTOOLSA,WTOOLSB,or any varint. SHOPPERREPORTS, SMRTSHPR, Smart Shopper, or any
×
×
  • Create New...