Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. OK and thanks, the log looks a lot better, Your HJT.exe can run from here: C:\Documents and Settings\ethier\My Documents\HijackThis.exe but you need to create a folder for the executable, the logs and the backups for safety. I suggest you follow the directions I posted for safety. Please download ATF Cleaner by Atribune http://www.atribune.org/content/view/25/2/ Save it to your Desktop. We will use this later. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: O2 - BHO: (no name) - -{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no f
  2. Thanks for returning your information, please follow these directions. Thanks to S!Ri and any others who helped with this fix. Tutorial if it helps: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) Double-click smitfraudfix.cmd Select 2 and hit Enter to delete infect files. You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool will
  3. Welcome to the forum. If you still need help, we have problems before we can even start. 1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. Uninstall one, update the one you keep and run a complete system scan, post for me any item that can't be removed, the complete name and pathway. http://service1.symantec.com/SUPPORT/nav.n...000031316555206 "Microsoft recommends that you have only one anti-virus program installed on your comput
  4. Thanks...pskelley Trusted HJT Advisor PCPitStop forum http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  5. It does not work like that, review the information I posted. If you have a major problem, there is a chance System Restore will take you back before the problem. Once a restore point is made while infected, the System Restore files are infected also, and the only way to clean them is to turn it off, reboot and turn it back on, this purges all System Restore files and when you turn it back on you have clean files. Now...if you have an infected machine and you turn on SR, guess what I also believe it is far better to have an infected restore point and no restore point at all. Hope thi
  6. ??? http://support.microsoft.com/kb/306084/ http://www.microsoft.com/windowsxp/using/h...ew_03may19.mspx http://www.microsoft.com/windowsxp/using/h...temrestore.mspx
  7. I hope you did not pay for the aol program, you will find much better freeware programs in this information: Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanne
  8. Not necessarily, a lot of junk hides from HJT, that's why we use ewido and other programs. HJT would have to be hugh to see it all, it looks for the usual places malware is placed. Now the aol software, I don't trust anything aol does, so it may be a false positive from it. Notice the junk ewido found, and it did not report the item. At this point, all I can do, unless you give me more information about a location (pathway to the item) is give you additional scans to search for a needle in a haystack. Did you look in your Add Remove programs for the item? Thanks
  9. Can you tell me if this is your computer? It appears this product has to be downloaded (not saying it could not have been downloaded as part of another download if the EULA agreement was not read). This is a program by which someone like a parent can keep an eye on where a child is surfing and then some. Here is a link to information and to an uninstaller. http://www.spywareremove.com/removeActualSpy.html Thanks
  10. Does no good to run ewido and not remove what it finds (unless you know it is not bad) the log is the same except instead of "no action taken" it will show "deleted" or quarantined depending on the action you take. Run ewido again and remome what it locates, then post another scan report. The HJT log is still clean, this time provide the information from aol I requested. I personally think aol is junk, so I need more of a reason to believe this is not some kind of false positive. I do not need another HJT log unless I ask for it. Why don't you run the aol stuff again and post the exact resu
  11. Welcome to the forum, first I'll tell you we look for topics with 0 for a post count so when you "bump" you add to to count and your chance of getting help decreases. I see nothing in this HJT log that looks like malware or specifically like a Keylogger? That aol program should have told you the name and location (pathway) of this Keylogger also? Would you post more information for me. Let's let ewido take a look, follow these directions, allow ewido to delete anything it locates unless you know it is not bad. ewido scan: First download ewido anti-spyware from HERE and save that fi
  12. I apologize, I had to go out of town on a family emergency and just got back, sorry to be so long in responding. This log is clean, check your Java program to see if there is an update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 If you have no malware problems now, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums
  13. his member has not responded to their topic since: 7:49pm Thu Aug 24 2006 Topic is closed Thanks...pskelley
  14. This HJT log: Logfile of HijackThis v1.99.1 Scan saved at 12:29:37, on 01/09/2006 still has the same junk in it as I posted above and my suggestion would be that you follow those directions. Thanks
  15. Welcome to the forum. This log looks to be in Safe Mode. Please post all logs in Normal Mode with NO formating unless I request otherwise. 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please download ATF Cleaner by Atribune http://www.atrib
  16. I am sorry, I received no notification of your post. If you are still having problems, please do this: ewido scan: Allow ewido to delete anything it locates unless you know it is not bad. First download ewido anti-spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition files. On the main screen select the icon "Update" then select the "Update now" lin
  17. OK, sounds good to me, here are the available forums at PCPitStop: http://forums.pcpitstop.com/index.php?act=idx a couple of other good forums that are free are: http://www.bleepingcomputer.com/forums/ and http://forums.tomcoyote.org/index.php?showforum=83 Safe surfing Thanks...pskelley Trusted HJT Advisor PCPitStop forum http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a soldier.
  18. Hello Claire, we are getting out of my area now but I will do my best to advise you. I should say that the infections could have corrupted something so first I would deal with tech support to see if they advise a reinstallation. I have worked with Spybot and Ad-ware for many years, and though I have heard of errors being made, I have no personal experience in many thousands of removals. Let's talk about the two programs first. Both Ad-aware and Spybot make backups of everything they remove. I would first suggest you look to see if you can spot anything that looks like something that shoul
  19. Well Claire, let's hope you got it right then, that is how I check. First let me say that as far as I can see all of the Smitfraud infection is gone but one BHO that is dead and we will remove it and clean a little in a moment. If you would like to have your say about these lowlifes this is where you can do it: If you have been infected by one of the SpyAxe family http://forums.tomcoyote.org/index.php?showtopic=58063 http://www.malwarecomplaints.info/ To answer some questions, they would tell you anything (all not true) to get you to send them your money, that is where the "fraud" p
  20. This member stopped following direction and responding here: 1:11pm Sat Aug 12 2006 Topic is closed Thanks...pskelley
  21. Welcome to the forum, look in the log at the 015 items, if you placed those items, do not complete the Optional Instructions. Download Smitfraudfix from here: http://siri.urz.free.fr/Fix/SmitfraudFix_En.php ( if you should have an old version, delete it, it must be downloaded fresh) http://siri.urz.free.fr/Fix/SmitfraudFix_En.php Follow these directions: Clean: Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) Double-click smitfraudfix.cmd Select 2 and hit Enter to delete infect files. You will be prompted: Do you want to clea
  22. Hey Bob, why choose this: No action taken ??? They are all cookies but ewido would have deleted them for you. Here is information to help you stop storing cookies in Firefox. http://privacy.getnetwise.org/browsing/too...fdisablecookies http://www.mozilla.org/projects/security/p..._priv_help.html Delete those cookies in Firefox. SmitfraudFix says you are clean, so let's do this: Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this later. Open HijackThis and choose "Do a system scan only" then
  23. Thanks for that feedback, you missed one line of adware: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html The three Dell4me lines are redirects to show them Dell adds, if they don't use them, remove them. Set any homepage they wish. HJT log is clean beside that. Let me see that ewido scan to make sure nothing is hiding. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://forums.spybot.info/showthread.php?t=279 http://russelltexas.com/ma
  24. 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this later. ewido may block the changes we must make: First disabl
  25. Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip Unzip all files to a convenient location such as C:\Qoofix. Go to the folder you unzipped all files and run Qoofix.exe. Click Begin Removal and wait for the scan to finish. If an infection has been found, select yes to restart your computer. Finally post a new Hijack This log and the contents of the Qoofix logfile. Thanks
×
×
  • Create New...