Jump to content

Change Mode

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Hi Charles, This last log was posted before the last Ewido scan . I would like to look at a HJT log that was run after that last Ewido scan. The last HJT log you posted, Selective Startup is running in MSCONFIG: O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto , please do this: Start > Run > type "msconfig" without the quotes then OK. Choose "Normal Startup" then Apply and OK your way out. Scan with HJT and post a new HJT log. You may return to Selective Startup without a reboot if you wish. I will not need any log but the HJT log. I see no p
  2. Hello Emanc2k, Yep you have a nasty and I am fairly sure it is this one: http://www.bleepingcomputer.com/startups/W...exe-f10486.html The first link was acting up so I am editing in another: http://castlecops.com/s5642-Winupdates_exe.html See this information: http://www.sophos.com/virusinfo/analyses/w32rbotmm.html Make sure you read the information under all of the tabs, this worm has made changes you might have to fix. Here is what I would like you to do: 1) This is probably where this junk came from: C:\Program Files\LimeWire\LimeWire.exe please see this: http://castlecops
  3. That is the list our your ISP's domain numbers. When I search the 017 line in your log I get this information:http://www.samspade.org/t/lookat?a=139.134.2.190 You can click to look at it, it indicates the range for your ISP which should be Telstra Internet is 139.134.0.0 - 139.134.255.255 if I am correct. The range in the 017 entry in your log is: 203.49.70.20 139.134.2.190. While I may not be right but often when I see ranges exceeded like that it is because of a hijacker. The only one who can reset this for you is your ISP, and they can tell you also if you have a problem. Please see
  4. G'day Mate, I apologize if I confused you, I picked the name up from here: C:\Documents and Settings\Bear\Desktop\HijackThis.exe Not meaning to imply that wormfarmer is not a fine name A quick look at this log showed no malware and you supplied little information other than the fact that it was a "Log" and the fact that you Since I could see that Selective Startup was enabled I can't tell what I am not seeing. Folks seem to think that turning something causing a problem off will make it go away, and of course this is not the case. I am also concerned by the large span of numbers here
  5. Hello Bear, I need some information from you, but first: 1) We may not use it but your HJT needs a folder so it can store HJT.exe, logs and backups for safety. See these links if you need help: http://www.bleepingcomputer.com/forums/tutorial94.html Note: This video tutorial requires Macromedia Flash to play. http://www.spywareaid.com/index.php?file=svideo&id=1 2) You are running Selective Startup in MSCONFIG. I need to see a log with "Enable All". You can Enable, then scan for the log then return to Selective Startup without a reboot if you wish. Thanks. 3) I am not sure
  6. Hi Ender_CM, You have a nasty infection but thanks to Swandog, racooper and miekiemoes we have a fix for it. Please make sure you follow the instructions carefully. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from here: http://www.noidea.us/easyfile/file.php?dow...050515010747824 Unzip it to the desktop but please do NOT run it yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Res
  7. Hi Jeremy, You have a nasty infection but thanks to Swandog46 and miekiemoes we have a fix for it, just follow the directions carefully. Please download the trial version of Ewido Security Suite here: http://www.ewido.net/en/download/ Install it, and update the definitions to the newest files. Do NOT run a scan yet. Please download Nailfix from here: http://www.noidea.us/easyfile/file.php?dow...050515010747824 Unzip it to the desktop but please do NOT run it yet. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After
  8. Hi Maligogo, Is your Dad having a problem? Because I do not see any malware. Here is what I suggest you do. 1) First make sure you have permission to download programs for security. I would make your Dad aware of my suggestions to be sure he wishes these changes made. 2) Download CCleaner from this link: http://www.ccleaner.com/ Take the time to review the instructions on the download page so that when I ask you to run it you will know what you are doing. 3) I see Spybot S&D but does he have Ad-aware. I suggest you use the following link to make sure he has Ad-aware v1.06
  9. Hi Nocc, I need to apologize for the delay, the notification system that is supposed to email me when you posted did not do so I located your post during my routine check. I will check your post manually for the duration of this repair. Good job following those instruction, your log is clean. How's it running? Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.net-integration.net/index.php?showtopic=3051 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=1
  10. Hello Nocc, You do have some issues that need to be addressed. 1) You are running msconfig in Selective Startup. I need to see all programs, for the next post enable all, scan for the HJT log then you may go back to Selective Startup without a reboot. Thanks. 2) You are running HJT from H:\hijackthis\HijackThis.exe, I do not know if this is a floppy or CD, please move HJT.exe to your C:\HJT\HijackThis.exe. 3) D:\AssimIRC v2\mirc.exe = http://castlecops.com/startuplist-6767.html Open Task Manager then the Processes tab, highlite and end process on D:\AssimIRC v2\mirc.exe 4)
×
×
  • Create New...