Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Thanks for returning your information and the feedback you said: You will read about those in the information I post in closing. Since I see nothing else remove by Smitfraudfix, it must have been the infected hosts file causing your problems. You may delete Smitfraudfix from your computer. C:\Program\Notepad++\notepad++.exe <<< this is unusual, know anything about it? If not scan that file in red here: http://virusscan.jotti.org/ and post the results. Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. W
  2. Nunis, I apologize for the member who posted in your topic. Please do not quote my instructions, it is a waste of space. Scroll to them if you need to read them. Thanks for returning your information, Smitfraudfix found the infection and it also found this: »»»»»»»»»»»»»»»»»»»»»»»» hosts hosts file corrupted ! After we clean, in the next C:\rapport.txt, there may be a very large hosts file (items starting with 127.0.0.1) and I do not need to see it. Edit (remove) it from the C:\rapport.txt before you post it. Clean: Reboot your computer in Safe Mode (before the Windows
  3. I am just a bit puzzled here, I posted instructions in this link: http://forums.pcpitstop.com/index.php?showtopic=158313 Please post where I suggested: http://forums.pcpitstop.com/index.php?showforum=3 If you can not get help there, then try here: http://www.techsupportforum.com/microsoft-...ows-xp-support/ or here: http://www.bleepingcomputer.com/forums/forum56.html Where you can get help for your Operating System issues. Thanks
  4. Please don't copy my instructions, it is a waste of space. You can simple scroll back if you wish to see what I said. http://www.google.com/ >> http://www.google.com/search?hl=en&q=r...G=Google+Search Some good information for you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx Here is some great information from experts in this field that will help you stay clean and safe online. http://users.telenet.be/bluepatchy/miekiem...prevention.html http://forums.spybot.info/showthread.php?t=279 http://r
  5. Welcome to PCPitStop, please be aware that All advice given is taken at your own risk. For your information: O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program\Enigma Software Group\SpyHunter\SpyHunter3.exe ttp://www.spywarewarrior.com/viewtopic.php?t=24810 http://www.castlecops.com/t187654-free_spy...estionable.html Instructions start here: 1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again: * Run Spybot-S&D in Advanced Mode. * If it is not already set to do this Go to the Mode menu select "Advanced M
  6. Hello and welcome to PCPitStop, please understand that all advice given is taken at your own risk. Please understand that we remove malware in this forum and that does not appear to be your problem. I found information at Google: http://www.google.com/search?hl=en&q=a...G=Google+Search If that does not help, try posting here: http://forums.pcpitstop.com/index.php?showforum=3 If that is not where they want you they will redirect you. I will point out one thing in your HJT log: O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmS
  7. Thanks for the feedback, safe surfing Some good information for you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html Here is some great information from experts in this field that will help you stay clean and safe online. http://users.telenet.be/bluepatchy/miekiem...prevention.html http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley http://pcpitsto
  8. Thanks...good job getting that scan posted KASPERSKY ONLINE SCANNER REPORT Tuesday, January 08, 2008 11:13:00 PM C:\Documents and Settings\Phil\Desktop\PC Tools\SmitfraudFix\ <<< delete Smitfraudfix from your computer C:\WINDOWS\system32\wbetrcomm.exe <<< do you know why this is on your computer? If not delete that file. Info: http://www.google.com/search?hl=en&q=w...amp;btnG=Search http://www.google.com/search?hl=en&q=B...amp;btnG=Search Did you install this Keylogger? If not, uninstall it. G:\Program Files\KGB Keylogger\winlogon.dll http://www
  9. You may use HJT to remove that line if your wish. I just went through the instructions up to the point where I stopped prior to allowing the ActiveX. Look again, make sure you are clicking on "Kaspersky Online Scanner" Thanks
  10. Thanks for returning your information, do you have your browser Start Page set this way on purpose: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank Your HJT log appears clean of malware, how is the computer running now? I would like to run a good scan to make sure nothing is hiding from us, should take about one hour. Before you start, delete C:\SDFix from your computer, it does not update, so do not keep it. Run this online scan using Internet Explorer: Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner Next Click on Launch Kasper
  11. Thanks for the feedback, but since you asked for help here, I would appreciate it if you would run only the tools I request until we finish. Read and follow the directions carefully, the tools will not work unless you do. Thanks to andymanchesta and anyone else who helped with the fix. Download SDFix and save it to your Desktop http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing
  12. Juliet is sick and needs time to get well You sir are infected with this junk: http://research.sunbelt-software.com/threa...threatid=123565 http://fileinfo.prevx.com/spyware/qq3db310...KLGVSF.DLL.html All advice given is taken at your own risk. My advice is to stay offline except when troubleshooting, the junk may download more. Let's have a look for the infection first. http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions. Search: Double-click SmitfraudFix.exe Select 1 and hit Enter to create a r
  13. Hi Shawn, thanks for the feedback in the private message. Here is some information that may be handy: http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx Some good information for you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html Here is some great information from experts in this field that will help you stay clean and safe online. http://users.telenet.be/bluepatchy/miekiem...prevention.html http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleep
  14. That is what I would have done as soon as I saw this junk. I just sent you a private message, watch for it. Thanks...Phil
  15. I'll look at another HJT log if you wish, but once this junk gets on your computer you can never be sure that you got it all. Here are the reformat instructions if you wish to give it some thought: http://spyware-free.us/tutorials/reformat/ http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html http://helpdesk.its.uiowa.edu/windows/inst...ns/reformat.htm Let me know what you wish to do. Thanks...Phil
  16. Thanks for the feedback, I"ll try to answer these questions: These items would have been shown in a scan near the end to check for hidden stuff. Recover and Quarantine can not harm you but "Prefetch" could and we have cleaned that "Prefetch" folder twice with ATF-Cleaner? Open ATF-Cleaner and look at the seventh item down. Go ahead and click "Select All" and "Empty Selected" again. Keep in mind Prefetch does not need cleaned all of the time and it will slow your compouter until Windows repopulates it with stuff it needs to fetch quickly for you. http://www.windowsnetworking.com/articles_
  17. Thanks for returning your information and the feedback. You will need to take up McAfee issues with McAfee. They will probably have you uninstall and reinstall. I am wondering why this item is still in the HJT log: F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, You said: Here in the SDFix log it is indicated as being deleted: C:\WINDOWS\system32\ntos.exe - Deleted Use Search companion, Start > Search > All Files and Folders and do a seatch for that file: ntos.exe <<< let's make sure it is not anywhere on the compute
  18. Please read and follow the directions carefully. 1) Make sure files and folders are visible. 2) Disable the Service Click Start > Run and type services.msc Scroll down to aawservice and right click on it. Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled. Do the same with these two: SrV-AOLv3 Sys_SM-Service 3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: (make sure you are checking each of these items) F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Useri
  19. Please turn off "Word Wrap" in Notepad and leave it off until we finish when you post HJT logs. Notepad > Format > Word Wrap unchecked. Post a new HJT log. Thanks
  20. Thanks for returning your information: I need your to check a couple of files, your will need to enable all files and folders to do it: How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. You may reverse this for safety when we are finished. Use one or mo
  21. You are doing fine now, just click on "New Reply" then copy/paste your information, do not quote or code. Read and follow the instructions carefully, the tools will not work unless you do. Thanks to andymanchesta and anyone else who helped with the fix. Download SDFix and save it to your Desktop http://downloads.andymanchesta.com/RemovalTools/SDFix.exe Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your compu
  22. For your information: http://www.microsoft.com/windowsxp/using/h...ps/mcgill1.mspx Some good information for you: http://users.telenet.be/bluepatchy/miekiem...owcomputer.html Here is some great information from experts in this field that will help you stay clean and safe online. http://users.telenet.be/bluepatchy/miekiem...prevention.html http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin
  23. OK, we will proceed as you wish. I would appreciate it if you would not quote my instructions, waste of space and we can both scroll back to see what I said. Start by deleted the out of date version of HJT you are running: C:\Program Files\HijackThis\HijackThis.exe Follow these directions to get the new version and properly position it. Download Trend Micro Hijack This™ http://download.bleepingcomputer.com/hijac.../HJTInstall.exe Doubleclick the HJTInstall.exe to start it. By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
  24. I would say that is a clean computer
  25. That does not help a whole lot, look in the Norton Quarantine folder to see if the junk is there: http://service1.symantec.com/SUPPORT/nav.n...000041213443506 If not, follow these instructions to give Kaspersky a look: Run this online scan using Internet Explorer: Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner Next Click on Launch Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. * The program will launch and then begin downloading the latest definition files: * Once the files have been downloaded c
×
×
  • Create New...