Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Well Dan, I posted for you here: http://forums.pcpitstop.com/index.php?showtopic=120551 and never heard from you again. What makes you think I want to waste more of my time trying to help you?
  2. Thanks for returning the information. I will need your help on this one also: C:\WINDOWS\SSTEM~1\dllhost.exe My scanner says it may be this: http://www.castlecops.com/startuplist-1326.html and Norton is calling it adware. We have to find out, use the scanners if you need to. Do you have this kind of modem? If you are not sure you can check it here: http://virusscan.jotti.org/ http://www.kaspersky.com/scanforvirus http://www.virustotal.com/flash/index_en.html Post the results for me to view. 1) How to make files and folders visible: Click Start > Open My Computer. Select t
  3. Yes, there is malware in the log, follow the instructions I posted and I will try to answer all of your questions before we finish. Thanks
  4. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Topic is closed Thanks...pskelley
  5. Hello and welcome to the forum. You do have malware, but before I can even start we have other issues to take care of. 1) You are running two antivirus program at the same time, see what Symantec says about that: http://service1.symantec.com/SUPPORT/nav.n...000031316555206 and Microsoft: "Microsoft recommends that you have only one anti-virus program installed on your computer." more information. http://www.washingtonpost.com/wp-dyn/conte...5120300087.html 2) You are running HJT from a TEMP folder and this is not safe, we will have no backups if needed. Move it here: C:\HJT\Hijac
  6. I am not quite sure of what you are saying here. To be sure and you said you ran the Clean function of SmitfraudFix but you neglected to save the report? And then you ran it again, but it did not report anything the second time? If this is so, let me know. ewido...very unusual for ewido to find nothing? This was the first scan report? You HJT log looks fine, how is the computer running now? If you are back to normal I will leave you with this information. It is very important that all programs that needs security updates, are updated as suggested. This is expecially true of y
  7. Hihihi, As you can see, the Smitfraud infection is there. I am going to use a fix that will kill the trojan and also clean anything else floating around your computer. Follow these directions carefully, if you run into questions, do not be afraid to ask them. Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) b
  8. I can't resist, hihihi welcome to the forum, this looks to be the Smitfraud trojan, I need to take a look first, follow these directions: Thanks to S!Ri, and any others who helped with this fix. Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is det
  9. What you should do is use the information Dr. Watson provides you to find out what program is causing the problem. I wish I could help you more, but this is where we remove malware, perhaps the user to user forum may be able to help? I can tell you that a lot of people do turn the program off. This does not change the fact that there are programs running that are poorly written (buggy) Thanks
  10. Hello and welcome to the forum. This log looks fine, understand the Dr. Watson: See this information from Microsoft: http://support.microsoft.com/default.aspx?...kb;EN-US;308538 http://support.microsoft.com/?kbid=275481 If your brother (or any else) has installed buggy, poorly written programs on the computer, this is going to happen. Here is a good link: http://www.microsoft.com/windows/IE/commun...s/IEtopten.mspx Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=9
  11. Hello and welcome to the forum. This log looks fine, what makes you think you have a malware problem? Thanks...pskelley Trusted HJT Advisor PCPitStop forum
  12. Sounds good this information will help you stay safe: Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it
  13. OK Chris, thanks for the feedback, good to hear. Without seeing a HJT log I am unable to say the computer is clean, but it sure sounds like it. I will leave you with this information. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Would be a good idea to purge System Res
  14. I see that, I do not have those when I scan my computer with Kaspersky. I am still trying to figure out why it is happening, it may be you are not signed in as administrator? It also showed no problems, it would have showed: Total number of scanned objects: 71989 Number of viruses found: 0 <<< here Number of infected objects: 0 / 0 <<< here Number of suspicious objects: 0 <<< here Duration of the scan process: 00:49:24 if anything was there, also the bad items you ignored with the ewido scan were remove the second scan. How are thing looking from y
  15. Yes, I need to see what ewido did with the junk you did not clean the first time. Please scan with ewido in SAFE MODE and post the results. Once you post the scan report, then do this: Run this online scan using Internet Explorer: Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner Next Click on Launch Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. * The program will launch and then begin downloading the latest definition files: * Once the files have been downloaded click on NEXT * Now click on S
  16. No, go ahead and reinstall your antivirus progam if that's what Symantec advised you to do. ewido is only showing something in the registry: HKU\S-1-5-21-3084909486-2633909919-2173249196-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : No action taken. That CLSID is identifying as: http://www.castlecops.com/tk30052-hp_tmp_r...r_or_digit.html You ran the complete ewido scan and everything ewido found you took no action. I would like you to run ewido again in safe mode: http://www.bleepingcomputer.com/tutorials/tut
  17. C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe Now your HJT is in an unsafe position, that is sure not where I suggested you put it, perhaps this information will help: http://russelltexas.com/malware/createhjtfolder.htm http://www.bleepingcomputer.com/forums/tutorial94.html I still see nothing in your HJT log besides the unsafe HJT position. I suggest you ask here: http://forums.pcpitstop.com/index.php?showforum=3 give them as much information as possible. Here is some information that may help with speed issues: http://www.microsoft.
  18. Hello and welcome back to the forum. When you post a log, I really need to know what the problem is that caused you to post. If you have malware issues, please describe them, if you are receiving error message, post them word for word. Since I have nothing to go on, I will make these suggestions. 1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 2) Some of the nastiest infections out here, like the Vundo trojan, infect the computer via unpatched Java programs, s
  19. Hello and welcome to the forum. The only things I see as issues in this log are: 1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 2) Java has updated to jre1.5.0_07 http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 I see nothing else in the log, if you are posting with a malware problem, you need to give us information about it. We know it is a hijackthislog. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler t
  20. Hello and welcome to the forum. I just do not see this "pretty bad trojan" ? What program is telling you there is a trojan and where is it saying this trojan is located? The pathway to it. I do see this: 1) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing) this Norton Toolbar has a missing file and as such is either not working at all or not working correctly. If you use this toolbar, you should reinstall it. If you recently has problems with malware, I suggest you contact Norton/Symantec for instr
  21. No response from this member since: 7:50am Sun Jun 25 2006 Topic is closed Thanks...pskelley
  22. I see no problems in your HJT log and suggest that this is not a malware issue. I would contact the manufacturer of the scanner for instructions were I you. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley Trusted HJT Advisor PCPitStop forum http://
  23. Hello and welcome to the forum. Beside the fact your Java program is outdated making you a prime candadate for a Vundo trojan, your log looks ok. C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll This information will help you update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer
  24. Hello and welcome to the forum. If you still need help and are not receiving it elsewhere, follow these directions. You have one really nasty dialer and other junk. C:\Program Files\Prevx1\PXAgent.exe <<< I am not familiar with this antivirus program, but you have it running at the same time as AVG and it is not good to have two running at once. Here is what Symntec has to say: http://service1.symantec.com/SUPPORT/nav.n...000031316555206 and Microsoft. I would fix that if I were you and run only one. "Microsoft recommends that you have only one anti-virus program install
  25. We are making great progress and you are doing a very good job just a little more junk to kill. This one is optional: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE See this: http://www.castlecops.com/startuplist-180.html it is not "malware" consider spyware, if you want it gone, you will have to search for it. It is usually in C:\Windows\ Careful to just remove the file if you do, anything else might effect needed software. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM
×
×
  • Create New...