Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Posts posted by pskelley

  1. Thanks for posting the feedback, some good information:

     

    Some good information for you:

    http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

    http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

     

    Here is some great information from experts in this field that will help you stay clean and safe online.

    http://users.telenet.be/bluepatchy/miekiem...prevention.html

    http://forums.spybot.info/showthread.php?t=279

    http://russelltexas.com/malware/allclear.htm

    http://forum.malwareremoval.com/viewtopic.php?t=14

    http://www.bleepingcomputer.com/forums/topict2520.html

    http://cybercoyote.org/security/not-admin.shtml

     

    http://www.malwarecomplaints.info/

     

    Thanks...pskelley

    http://pcpitstop.com/about/supportus.asp

    If you are reading this information...thank a teacher,

    If you are reading it in English...thank a soldier.

  2. Good job installing RC :tup: that may come in very handy in an emergency, a little Microsoft information:

    http://support.microsoft.com/kb/314058

    http://support.microsoft.com/kb/307654

     

    Remove combofix from your computer like this:

     

    Click START then RUN

    Now type or copy Combofix /u in the runbox and click OK.

    Note the space between the X and the U, it needs to be there.

     

    Posted Image

     

    Clean those infected System Restore files like this:

     

    Turn off System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    Check Turn off System Restore.

    Click Apply, and then click OK.

     

    Reboot

     

    Turn ON System Restore,

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    UN-Check *Turn off System Restore*.

    Click Apply, and then click OK.

     

    Run a last MBAM scan to make sure you got it all, then post to let me know how the computer is running. No need to post a clean scan.

     

    Thanks...Phil

  3. Thanks for returning your information and the feedback, MBAM found some rouge junk but mostly infected System Restore files which are protected and will be cleaned shortly. Since all seems to be running as it should, this is the next bridge we must cross.

     

    I am sure you saw this:

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.

    If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.

    If you do not wish to install RC, let me know so I can continue with the cleanup.

    If you install RC, post the C:\*CF-RC.txt*.

     

    Since we do not need to scan with combofix, click NO

     

    Posted Image

     

    Posted Image

     

    Thanks

  4. ran SDFIX a few days ago and it did get rid of the warning wallpaper.

    Did you post a new HJT log after you ran SDFix?

     

    C:\Program Files\vzajrb <<< do you know what this program is? If not, remove it.

     

    Open notepad and copy/paste the text in the codebox below into it:

     

    File::
    C:\WINDOWS\system32\gzqfevot.exe
    
    Folder::
    C:\Documents and Settings\All Users\Application Data\zkpepqxy
    C:\Program Files\vzajrb

    Save this as CFScript

     

    Posted Image

     

    Referring to the picture above, drag CFScript into ComboFix.exe.

     

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

     

    (wait until you finish to post logs)

     

    Download Malwarebytes' Anti-Malware to your Desktop

    http://www.besttechie.net/tools/mbam-setup.exe

     

    * Double-click mbam-setup.exe and follow the prompts to install the program.

    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select Perform FULL SCAN, then click Scan.

    * When the scan is complete, click OK, then Show Results to view the results.

    * Be sure that everything is checked, and click Remove Selected.

    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    * Please post contents of that file, the combofix log from CFScript and a new HJT log in your next reply.

     

    How is the computer running?

     

    Thanks

  5. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "Add REPLY" button, not the Quote or New Topic buttons.

     

    I think you are infected and I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.

     

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

     

    Remove any old copies of combofix before you proceed.

     

    Thanks to sUBs and anyone else who helped with this fix.

     

    It is important that it is saved directly to your Desktop

     

    Download ComboFix from Here to your Desktop

    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

     

    Post the combofix log and a new HJT log.

     

    Tutorial

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

     

    Thanks

  6. Thanks for returning your information and the feedback. I will request that you do not quote my instructions, I know what I said and you can scroll back to the original if you need to read them or print them.

     

    I rarely deal with anyone who has a paid verion of AVG, and never with one that is showing two version of the program in the same HJT log so I will have to take your word that you know what you are doing and if you do not, refer you to Grisoft for instructions.

    As for the Spybot I am running version 1.4 last updated 6/11/08

    Please update to the newest version located here:

    http://www.safer-networking.org/en/spybotsd15/index.html

    Update the new program and make sure it is fully immunized, then run a complete scan and let me know the results.

    wanted to add that now my computer wont let my hp monitor turn on unless its in safe mode

    We are about removing malware here, my best suggestion would be to seek user to user help with this issue here:

    http://forums.pcpitstop.com/index.php?showforum=3

     

    C:\Program Files\Java\jre1.6.0_05\ <<< update your Java program, see this information:

    http://forums.spybot.info/showpost.php?p=1...amp;postcount=2

     

    I see no evidence of malware in this HJT log.

     

    Thanks

  7. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "Add REPLY" button, not the Quote or New Topic buttons.

     

    Help me out here, you said this:

    avg (licensed user) 7.5 put in the vault

    My question is, I run the free version of AVG 8, I know little about the licensed version. I am wondering how you are running both:

    AVG7 and AVG8 at the same time. If you do not know, contact Grisoft tech support for an answer. Since you pay for your version tech support is available.

    but spybot gets an error and wont complete a scan

    This is almost always caused by an out of date program or a program that is not updated and immunized. Provide this information:

    Open Spybot S&D then click "Help" at the top, then click About. Post for me the version of Spybot S&D you are running and just under it post the Latest detection update.

     

    If you have to post another HJT log, you are running System Configuration Utility in Selective Startup mode. I need to see all HJT logs with it running in Normal mode.

     

    Thanks

  8. I Traci, this is a hard one to call but I believe we have cleaned junk, but if you read the information I posted at the start, reformat it the only way to be 100% positive with a backdoor trojan.

    http://netsecurity.about.com/od/frequently...faq_rootkit.htm

    In the end, many security experts suggest a complete rebuild of a system compromised by a rootkit or suspected of being compromised by a rootkit. The reason is, even if you detect files or processes associated with the rootkit, it is difficult to be 100% sure that you have in fact removed every piece of the rootkit. Peace of mind can be found by completely erasing the system and starting over.

    http://www.google.com/search?hl=en&q=w...G=Google+Search

    http://www.google.com/search?hl=en&q=R...amp;btnG=Search

     

    As you can see we are not talking about reinstalling the Operating System, hackers can hide their junk anywhere so the hard drive has to be wiped clean to be 100% sure.

    http://spyware-free.us/tutorials/reformat/

    http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html

    http://helpdesk.its.uiowa.edu/windows/inst...ns/reformat.htm

     

    I think we cleaned it but there is no way I can be 100% sure. I would change all of your passwords:

    Strong passwords: How to create and use them

    http://www.microsoft.com/athome/security/p...y/password.mspx

     

    and I would still monitor any secure online activities carefully, but you should do that all of the time anyway and not only the online activities. The report I asked for was what you have just given me. I wish you safe surfing and security.

     

    Thanks

  9. Please do not quote my instructions, it is a waste of space and not necessary. If you wish to see what I said, scroll back to it.

     

    Your HJT log looks to be clean of malware :tup: here are a couple of things I see.

     

    1) Optional removal > O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    See this > http://www.castlecops.com/startuplist-5306.html

     

    2) C:\Program Files\Java\jre1.6.0_05\ <<< check Java for an update, see this:

    http://forums.spybot.info/showpost.php?p=1...amp;postcount=2

     

    I would like to see you update and run Windows Defender and AVG 8, if all is well then you are good to go.

     

    Some good information for you:

    http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

    http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

     

    Here is some great information from experts in this field that will help you stay clean and safe online.

    http://users.telenet.be/bluepatchy/miekiem...prevention.html

    http://forums.spybot.info/showthread.php?t=279

    http://russelltexas.com/malware/allclear.htm

    http://forum.malwareremoval.com/viewtopic.php?t=14

    http://www.bleepingcomputer.com/forums/topict2520.html

    http://cybercoyote.org/security/not-admin.shtml

     

    http://www.malwarecomplaints.info/

     

    Thanks...pskelley

    http://pcpitstop.com/about/supportus.asp

    If you are reading this information...thank a teacher,

    If you are reading it in English...thank a soldier.

  10. I will go update IE on all my computers.

    Please don't do it now, wait until we are finished.

     

    Let's please fisish with our work, you can print this and do it once we know you are clean of malware,

    which should be very close now.

     

    SuperAntiSpyware file version 3.9.0.1008 file size 5.64 MB

    SAS is a valid program, and a good one. It is used a lot in malware removal because of the free trial. I am not seeing it in the uninstall list, so that might just be an icon, right click and delete it.

    I also do not see it in the HJT log anywhere.

     

    Uninstall list, and I see some challenges for you. I am after malware and security issues. You can look for junk that is no longer needed to uninstall and give the computer a break. Here is what I see.

     

    Adobe Acrobat 5.0 <<< valid program, but you should keep all programs updated, this appears to be a very old version

     

    Java 2 Runtime Environment, SE v1.4.2 <<< this is a VERY old version of Java and that is very dangerous, read this:

    http://forums.spybot.info/showpost.php?p=1...amp;postcount=2

     

    Mozilla Firefox (2.0.0.15) new version in the link:

    http://www.mozilla.com/en-US/firefox/

     

    MSN Messenger 6.2 <<< if you use it use the newest version:

    http://get.live.com/messenger/overview

     

    Spybot - Search & Destroy 1.4 <<< old version, here is the new one:

    http://www.safer-networking.org/en/spybotsd15/index.html

    That's my home forum :)

     

    I will post this information for you now, and you give me a report as soon as possible. If all is well, I will close you.

     

    Some good information for you:

    http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

    http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

     

    Here is some great information from experts in this field that will help you stay clean and safe online.

    http://users.telenet.be/bluepatchy/miekiem...prevention.html

    http://forums.spybot.info/showthread.php?t=279

    http://russelltexas.com/malware/allclear.htm

    http://forum.malwareremoval.com/viewtopic.php?t=14

    http://www.bleepingcomputer.com/forums/topict2520.html

    http://cybercoyote.org/security/not-admin.shtml

     

    http://www.malwarecomplaints.info/

     

    Thanks...pskelley

    PCPitStop

    http://pcpitstop.com/about/supportus.asp

    If you are reading this information...thank a teacher,

    If you are reading it in English...thank a soldier.

  11. Potentially unwanted program

    RemAdm-procLaunch!171

    Loction C:\327882R2FWJFW\PSexec.cfexe

     

    This is called a PUP and I have a feeling it is part of combofix, see the cfexe. sUBs tool is close to a miracle with all it does and since we are uninstalling, I think this will go with it. Let's wait and see.

     

    IE6...You can check here: http://support.microsoft.com/

    I am under the impression that if you use it or not, you should update to the newest version. Hackers exploit old versions of program to infect you and things are especially dangerous at websites just now:

    http://www.google.com/search?hl=en&q=I...amp;btnG=Search

    Understand that the days of kids playing pranks are gone, anymore it is about $$$ and organized crime. Here is one look:

    http://en.wikipedia.org/wiki/Russian_Business_Network

    http://rbnexploit.blogspot.com/

     

    Thanks...I will be down for the night, I start early, and will likely not respond again before AM EST

  12. Oops I missed the HJT log...sorry

     

    OK Traci, let me know if you get more information. I asked this:

    Post a new HJT log along with that information.

    and I asked this:

    Are you using a popup blocker?

    Please communicate when I request it.

     

    Let's move on until we get more information. Here is what I would like you to do now.

     

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <<< could you tell me the reason you are still running Internet Explorer 6?

     

     

    1) Remove C:\SDFix from your computer

     

    2) Remove combofix from your computer like this:

    Click START then RUN

    Now type or copy Combofix /u in the runbox and click OK.

    Note the space between the X and the U, it needs to be there.

     

    Posted Image

     

    3) MBAM is your call, it does not run using resources and is a good free on demand scanner, you may keep it if you wish.

     

    4) Clean infected System Restore files like this:

    Turn off System Restore.

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    Check Turn off System Restore.

    Click Apply, and then click OK.

     

    Reboot

     

    Turn ON System Restore,

    On the Desktop, right-click My Computer.

    Click Properties.

    Click the System Restore tab.

    UN-Check *Turn off System Restore*.

    Click Apply, and then click OK.

     

    5) Let me have a look at your uninstall list:

    Open Hijackthis.

    Click the "Open the Misc Tools" section Button.

    Click the "Open Uninstall Manager" Button.

    Click the "Save list..." Button.

    Save it to your desktop. Copy and paste the contents into your reply.

    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP,

    Update for Windows XP and Windows XP Hotfix to shorten the list)

     

    Image: Posted Image

     

    Post any information I asked for and the uninstall list.

     

    Thanks

  13. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "Add REPLY" button, not the Quote or New Topic buttons.

     

    We will try this first and see what happens. Follow the directions carefully and in the numbered order.

     

    http://www.castlecops.com/clsid-37438.html <<< see this, I'll remove this, if you want to take that chance, leave it.

     

     

    1) How to make files and folders visible:

    Click Start > Open My Computer.

    Select the Tools menu and click Folder Options.

    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.

    Uncheck: Hide file extensions for known file types

    Uncheck the Hide protected operating system files (recommended) option.

    Click Yes to confirm. Click OK.

    You may reverse this for safety when we are finished.

     

    2) Please download ATF Cleaner by Atribune

    http://www.atribune.org/public-beta/ATF-Cleaner.exe

    Save it to your Desktop. We will use this later.

     

    3) Windows Defender

    Click on "Tools"

    Click on "General Settings"

    Scroll down to "Real-time protection options"

    Uncheck "Turn on Real-time protection (recommended)"

    Click "Save"

    Make sure to turn your protection back on when you finish.

     

    4) From within Spyware Doctor, click the "OnGuard" button on the left side.

    Uncheck "Activate OnGuard". Turn it back on when you finish

     

    5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

    R3 - URLSearchHook: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbs1.dll

    (the next item is damaged, install it again after we finish if you use it)

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)

    O2 - BHO: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbs1.dll

    O3 - Toolbar: Absolutist Games Toolbar - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - C:\Program Files\Absolutist_Games\tbAbs1.dll

    O4 - HKLM\..\Run: [lphcjkwj0egej] C:\WINDOWS\system32\lphcjkwj0egej.exe

     

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

     

    6) Right click Start > Explore and navigate to these files/folders and delete them if there.

     

    C:\WINDOWS\system32\lphcjkwj0egej.exe <<< delete that file

     

    7) Run ATF Cleaner

    Double-click ATF-Cleaner.exe to run the program.

    Click Select All found at the bottom of the list.

    Click the Empty Selected button.

    Click Exit on the Main menu to close the program.

     

    8) Download Malwarebytes' Anti-Malware to your Desktop

    http://www.besttechie.net/tools/mbam-setup.exe

     

    * Double-click mbam-setup.exe and follow the prompts to install the program.

    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select Perform FULL SCAN, then click Scan.

    * When the scan is complete, click OK, then Show Results to view the results.

    * Be sure that everything is checked, and click Remove Selected.

    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    * Please post contents of that file & a new HJT log in your next reply.

     

    Tell me how the computer is running.

     

    Thanks

  14. This was the one I was worried about in the combofix log:

    2008-06-30 00:04 . 2008-06-30 00:04 86,144 --a------ C:\WINDOWS\system32\drivers\bthusbb.sys

    That's the rootkit!!

     

    MBAM removed it on Reboot:

    Files Infected:

    C:\WINDOWS\system32\drivers\bthusbb.sys (Rootkit.Agent) -> Delete on reboot.

     

    I needed this information from you? And did not get it...

    Please let me know how the computer is running.

    Your HJT log is clean and it looks like the tools did their job. This is next before we remove the tools we used.

     

    I am sure you saw this:

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.

    If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.

    If you do not wish to install RC, let me know so I can continue with the cleanup.

    If you install RC, post the C:\*CF-RC.txt*.

     

    Since we do not need to scan with combofix, click NO

     

    Posted Image

     

    Posted Image

     

    Thanks...Phil

  15. Thanks for returning your information, let's clean and run one more scan and see where we are.

     

    Run Clean Manager

    http://spyware-free.us/tutorials/cleanmgr/

     

    I think MBAM will remove the item and driver combofix is havng trouble with:

    C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

     

    Download Malwarebytes' Anti-Malware to your Desktop

    http://www.besttechie.net/tools/mbam-setup.exe

     

    * Double-click mbam-setup.exe and follow the prompts to install the program.

    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select Perform FULL SCAN, then click Scan.

    * When the scan is complete, click OK, then Show Results to view the results.

    * Be sure that everything is checked, and click Remove Selected.

    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    * Please post contents of that file & a new HJT log in your next reply.

     

    Please let me know how the computer is running.

     

    Thanks...Phil

  16. Thanks for returning your information, read and follow all directions carefully.

     

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

    Remove any old copies of combofix before you proceed.

     

    Thanks to sUBs and anyone else who helped with this fix.

     

    It is important that it is saved directly to your Desktop

     

    Download ComboFix from Here to your Desktop

    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

     

    Post the combofix log and a new HJT log.

     

    Tutorial

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

     

    Thanks

  17. Hi Traci, I am not familiar with wireless, having never used it. I will have to assume if the computers were all on the same network it is very possible they are are infected but I can't be positive of that. You could ask your questions here: http://forums.pcpitstop.com/index.php?showforum=3

    Where other users who have wireless could tell you.

     

    If you intend to clean the infected computer, isolate it from the rest of the network and then you can take it online long enough to download the tools you need to use. You may be able to do what you are suggesting, keep in mind some tools are large, combofix which would be used is 1.88 MB's.

    And start the clean up as soon as you tell me what to do next.

    Let us know what you have decided to do in your next post.

    If you wish to continue we will start like this.

     

     

    You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.

    This can be a tough infection to remove so do not expect fast or easy.

     

    Thanks to andymanchesta and anyone else who helped with the fix.

     

    Download SDFix and save it to your Desktop

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

     

    Double click SDFix.exe and it will extract the files to %systemdrive%

    (Drive that contains the Windows Directory, typically C:\SDFix)

     

    Please then reboot your computer in Safe Mode by doing the following :

    Restart your computer

    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

    Instead of Windows loading as normal, the Advanced Options Menu should appear;

    Select the first option, to run Windows in Safe Mode, then press Enter.

    Choose your usual account.

    Open the extracted SDFix folder and double click RunThis.bat to start the script.

    Type Y to begin the cleanup process.

    It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

    Press any Key and it will restart the PC.

    When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

    Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

    (Report.txt will also be copied to Clipboard ready for posting back on the forum).

    Finally post the contents of the Report.txt back on the forum with a new HijackThis log

     

    That is only the first step

     

    Thanks

  18. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "Add REPLY" button, not the Quote or New Topic buttons.

     

    Your friend did not do you any favors:

    http://www.castlecops.com/tk54500-XTTBPos00.html

    http://forums.spybot.info/showthread.php?t=7344

     

    You understand if you are accessing the internet in safe mode, you have absolutely no security running?

     

    I need to see the HJT log in normal mode, this is not going to be easy, but I am wiling to try as long as you follow directions. Start by getting me an updated HJT log.

     

    Download Trend Micro Hijack This™ to your Desktop

    http://download.bleepingcomputer.com/hijac.../HJTInstall.exe

    Doubleclick the HJTInstall.exe to start it.

    By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.

    HijackThis will open after install. Press the Scan button below.

    This will start the scan and open a log.

    Copy and paste the contents of the log in your next reply.

     

    Thanks

  19. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "Add REPLY" button, not the Quote or New Topic buttons.

     

    I hate to be the bearer of bad news, but you have backdoor trojans on this computer as well as a Vundo infection. See these:

    http://www.prevx.com/filenames/X1141133265...TUYSZV.EXE.html

    http://www.greatis.com/appdata/d/r/rwwnw64d.exe.htm

     

    I believe, for your security, you need this information:

    A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

     

    One or more of the identified infections is a backdoor trojan.

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

     

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    http://www.dslreports.com/faq/10451

     

    When Should I Format, How Should I Reinstall

    http://www.dslreports.com/faq/10063

     

    Let us know what you have decided to do in your next post.

     

    Thanks

  20. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk.

    Sorry for the wait, the logs are many, and the volunteers are few.

    When you reply, please use the "NEW REPLY" button, not the Quote or New Topic buttons.

     

    *************I have sorted this now*****************

    Looks like you are saying it's fixed, and you no longer have a problem. If that's the case, that's great. If you should still need help, post a HJT log in NORMAL mode and provide more information about your issue.

     

    Thanks

  21. Looks good, if you are having no malware issues, you are good to go. Great job with the complex instructions.

     

    I notice only Symantec leftovers:

    C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

    http://basconotw.mvps.org/SymRem.htm

     

    Safe surfing :tup:

     

    Some good information for you:

    http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

    http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx

     

    Here is some great information from experts in this field that will help you stay clean and safe online.

    http://users.telenet.be/bluepatchy/miekiem...prevention.html

    http://forums.spybot.info/showthread.php?t=279

    http://russelltexas.com/malware/allclear.htm

    http://forum.malwareremoval.com/viewtopic.php?t=14

    http://www.bleepingcomputer.com/forums/topict2520.html

    http://cybercoyote.org/security/not-admin.shtml

     

    http://www.malwarecomplaints.info/

     

    Thanks...pskelley

    http://pcpitstop.com/about/supportus.asp

    If you are reading this information...thank a teacher,

    If you are reading it in English...thank a soldier.

×
×
  • Create New...