Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Thank you Sergey, had a feeling about that item, I can't fault Kaspersky which is a good scanner, it is just these lowlife hackers do everything they can to infect you and get away with it. It is all about the $$$. Here is some information I just came upon that you may find helpful. http://msn.pcworld.com/reviews/article/0,a...00.asp?GT1=8394 This is optional and if you are happy you can quit right now, but I would like to do one more check to make sure nothing is hiding from us. First download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day tri
  2. Hello and welcome to the forum. I can't seem to validate this item one way or another: O4 - HKLM\..\Run: [zzzHPSETUP] F:\Setup.exe <<< do you know what it is? Your Java program needs and update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 If you know what that item is, then I would say you are good to go, take this information with you. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://
  3. Good morning Sergey, you said: Version was SmitFraudFix v2.74 I am suspicious of the Kaspersky scan, could I ask for a scan from at least of of the remaining scanners: http://virusscan.jotti.org/ http://www.virustotal.com/flash/index_en.html malware had made me a bit untrusting...thanks. Your HJT log appears to be clean of malware, I notice you do not have a popup blocker. Popups are just a part of surfing anymore and unless we block them during normal opperation, we will have to view them. I should say the junk hackers put on is not normal and they can't be blocked with normal
  4. Thanks for returning the information, do you still have the results from the Kaspersky scan? I've been seeing that a lot lately and I wondered what it was, would like to save the Kaspersky results if possible. Since you have no 015 "Trusted Zone" items in your HJT log, you don't have to run #3. If you click IE > Tools > Internet Options > Trusted Sites > Sites, you can see what that is. I do use IE-Spyad and SpywareBlaster/SpywardGuard so I block all sites and add the ones I allow to the list. I suggest you do this, your version of SmitfraudFix is old, it has to be upd
  5. Hello and welcome to the forum. No doubt you have the Smitfraud infection, here are links in case you want register your complaint in the hopes these lowlifes can be brought down: If you have been infected by one of the SpyAxe family http://forums.tomcoyote.org/index.php?showtopic=58063 http://www.malwarecomplaints.info/ I need to know what this is: C:\Program Files\Common Files\{090D4BA1-0726-1033-0819-040309200001}\Update.exe if you don't know use one or more of these free online scans to find out if it is bad or not. http://virusscan.jotti.org/ http://www.kaspersky.com/scanfor
  6. http://www.google.com/search?sourceid=navc...+to+update+Java The Java program information is in the Google link above. In your Conrol Panel you will see a Coffee Cup, click it to open the console, the update information is there. You quoted my instuctions, so you know they are there, why don't you go back to the instructions and go through them again. When you complete the instructions, then post a HJT log. Thanks
  7. Well, you can start by using the NEW REPLY button and NOT the QUOTE button, we only need to see the instructions once. Complete the instructions I posted and then post a new HJT log and I will be glad to see if it is clean. Thanks
  8. Please do not quote my instructions, use the NEW REPLY button. Are you talkling about a problem removing it in Add Remove programs? Please provide complete information? If this is the case, start the computer in safe mode and see if you can uninstall it there:http://www.bleepingcomputer.com/tutorials/tutorial61.html If not, please follow the balance of the directions and post the HJT log as instructed. Thanks
  9. Thanks for returning that information, here are the links if you would like to strike a blow against these lowlifes: If you have been infected by one of the SpyAxe family http://forums.tomcoyote.org/index.php?showtopic=58063 http://www.malwarecomplaints.info/ C:\Program Files\Java\jre1.5.0_05\ <<< Java is out of date, that is dangerous: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Your HJT log looks good good job following those instructions, let's do a little cleaning. Visuals if it helps: http://forums.security-central.us/showthread.php?t=1925 P
  10. Thanks for returning that information, continue with the tutorial, run #2 first to clean the infection. Then run #3 next and this information will apply to that: Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. Post the C:\rapport.txt and a new HJT log, I will check to see if more needs to be done as soon as possible after that. Please add any comments you think will help and let us know how the com
  11. Hello and welcome to the forum. Follow these directions: 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this lat
  12. You have done nothing when ewido located stuff that needs to be remove, run the scan again and this time unless you know something is not bad, have ewido delete what it finds. Post another ewido scan when you are finished. Here is a tutorial if you need it: http://rstones12.geekstogo.com/ewidosetup.htm Thanks
  13. Hello and welcome to the forum. We call it the Smitfraud trojan, and you are right, it is fraud. Remind me before we are done and I'll give you links to register you complaints against the lowlife if you wish. You have a fullblown infection, before we proceed, we need to safely position HJT so it can save logs and backups if we need them. Move it here: C:\HJT\HijackThis.exe, if you need more instructions use these: http://russelltexas.com/malware/createhjtfolder.htm http://www.bleepingcomputer.com/forums/tutorial94.html Please DO NOT continue until you have done this. Normally I w
  14. Hello and welcome to the forum. Looks like the Smitfraud trojan, do this and let's find out: 1) You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas.com/malware/images/unsafefolder.gif Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 2) Thanks to S!Ri, and any others who helped
  15. Hello zalek and welcome to the forum, the only thing I see wrong in this log is: 1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 2) You Java program needs an update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 If possible I would like to look at at the ewido scan report and C:\rapport.txt from SmitfraudFix. Since the logs appears clean of malkware, I'll post this information for you also: Here is some great information from Tony Klein,
  16. Hello and welcome to the forum, keep in mind everytime you add to your topic you change your post count, we look for 0, when you change it we think you are being helped. Post and patience is the key. You have an infection but I am not sure what it is, it may be Vundo because of the way it is in your log as a BHO and 020, so I will ask you to help me find out. Before we start, I would appreciate it if you would get rid of those 018 lines which is caused by the Logitech Desktop Messenger, here is the information: All of the 018 items in the log are the result of the Logitech Desktop Messen
  17. No, if your hard drive is reformated, there will be no malware, just use those links I provided to help you keep it clean. Your HJT log looks fine this morning, so you are good to go Safe surfing
  18. Please do not use the quote key, waste of space and it makes the topic more difficult to work with, use the "New Reply" key instead...thanks
  19. Nothing wrong with that link, you have to be signed in to view it. http://forums.pcpitstop.com/index.php?showtopic=120551 This is what you had to say: Lap[Dan]cer 7:28am Fri Jun 30 2006 Wow, thanks a lot. That was fast. Hope it works... I closed the topic here: 1:59pm Sun Jul 9 2006 No response from this member since: 7:28am Fri Jun 30 2006 topic is closed Thanks...pskelley _________________________________________________________ As far as this new log you just posted, I see little wrong with it, you can use HJT to get rid of this line: R3 - URLSearchHo
  20. This one is still there: O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dllUse HJT to remove it, you may have missed it. Be positive you check it. This item: O4 - HKLM\..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe /startup Did you install it? Sometimes this junk gets on along with the trojans to sell you something. If you did not install it yourself, then look in Add Remove programs and uninstall it if there. If not, boot to safe mode and delete the folder after you check and remove the line with HJT. C:\Program Files\SpyNoMore\ <<<
  21. You have new infections, where are you taking this computer?? You need to stay offline until it is clean and we have some programs in place that will give you some protection. I can't set here and wait for you to get a new infections to remove for you. If you reformat your hard drive, everything will be gone, but it won't do a lot of good if you are going places to get infected again. _________________________________________________________________ Let's try again like this, remember, offline unless you are working on the computer until I say you are clean and point you at ways to
  22. Hello and welcome to the forum. Not a lot going on in your log but some adware. I suggest we remove it, run a scan looking for hidden issues and clean. If this works for you proceed like this. 1) You are running HJT.exe from a .zip file in a Temporary Directory. This is unsafe as we will have no backups. That is why you received this message when you used HJT: http://russelltexas.com/malware/images/unsafefolder.gif Please use the information in the following link to place HJT in a permanent, safe folder, I prefer C:\HJT\HijackThis.exe. If you need additional instructions use these:
  23. G'Day mate, While malware can be hidden from HJT, sometimes so well it can never be found and removed completely (rootkits), I can say save for a slightly out of date Java program (it is important, hackers are using this to infect, see this: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 While I am not crazy for Java's autoupdater, if someone is not going to check this program for updates, you may want to turn it on. Your HJT this log looks clean of malware. Perhaps something in this information will help with other issues? http://www.microsoft.com/windows/IE/commun...s/IEt
  24. That's not a problem, go ahead and delete the item: C:\WINDOWS\SSTEM~1\dllhost.exe it is surely a trojan. Make sure you have finished all of the rest of the instructions and post a new HJT log so I can see what is left to do. Thanks
×
×
  • Create New...