Jump to content

pskelley

Trusted Malware Techs
  • Content Count

    1,759
  • Joined

  • Last visited

Everything posted by pskelley

  1. Good job the HJT log is clean of malware. You need to update your Java program, it is out of date, see this: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml System Restore does not know the good files from
  2. Welcome to the forum, let remove that item like this to be sure. 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use th
  3. There are many error message, more than stars in the sky I believe, when you get an error message dealing with computer, you must post the error message "word for word", this is the only way we can know what it is. Please follow the directions carefully and exactly, read them several times so you know what you are doing. It would not hurt to print the directions. http://www.bleepingcomputer.com/tutorials/...l42.html#delreb How to use the Delete on Reboot tool At times you may find a file that stubbornly refuses to be deleted by conventional means. HijackThis introduced, in versi
  4. Hello and welcome to the forum. Follow the directions in the posted order. 1) C:\Program Files\hjt\analyse.exe.exe <<< have you recently recovered from a Vundo infection? Let's rename this back to hijackThis.exe to make sure it does not effect how HJT works. 2) Start > Control Panel > Add Remove Programs and uninstall PuritySCAN By OIN, OIN, OuterInfo and anything else you know does not belong there. If you are unsure let me know and I will look. IF there is no uninstaller then download and use this one: http://www.outerinfo.com/howto.html 3) How to make files a
  5. Thanks for returning the information, yeah...looks like we got a little lucky. About time, few are easy. HJT removed C:\WINDOWS\SYSC00.exe for you, I always like a double check. You need to update your Java program and keep it that way, some really nasty junk is getting in that way when it is unpatched: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 If you keep the ewido scanner, clean out that quarantine folder. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t
  6. Thanks for returning your information, you HJT log looks fine as does the ewido scan. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you w
  7. Welcome to the forum, if you still need help, let's try this: 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this
  8. Yes, you should have had ewido delete it when it first found it. Open the quarantine folder and delete anything in it, then do this. Turn off WinPatrol: right click the running icon, and exit. Make sure it starts again when you restart the computer. Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this later. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.y
  9. I would appreciate it if you would not use the "Quote" button, waste of space, use "New Reply" You probably don't have all of the junk most people have running. I notice your ATI program running twice? C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe You did have some nasty trojans and they are gone. ewido is scanning clean as is your HJT log. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.co
  10. This HJT log is clean, have your problems gone away? This log also looks small, you have not removed any of the items manually from the HJT list prior to posting it? I am also concerned about this: C:\Program Files\Java\jre1.5.0_03 <<< indicates your Java program is out of date. http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Have you set up any whitelist with HJT, or turned anything off in MSConfig? I need to see everything you are running. If all of the above answers are no, then your log is clean, update Java and let me see if ewido shows anything. T
  11. This member has not responded to their topic since 1:05pm Thu Jul 20 2006 topic is closed pskelley
  12. No response from this member since 4:05pm Thu Jul 20 2006 topic is closed pskelley
  13. Hello and welcome to the forum. You have three nasty trojans, and I would like you to check them first to be sure, I am positive, but want no mistake to be made. 1) Move HJT from the Desktop for safety. I prefer C:\HJT\HijackThis.exe, if you need additional instructions use these: http://russelltexas.com/malware/createhjtfolder.htm 2) Use one or more of these free online scanners to make sure these files are bad. Once you are sure of it, then continue with the instructions: http://virusscan.jotti.org/ http://www.kaspersky.com/scanforvirus http://www.virustotal.com/flash/index_en
  14. http://siri.urz.free.fr/Fix/SmitfraudFix_En.phpprocess.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Smitfraud is the trojan, not the Fix. I suggest you delete the tool now, hopefully you will not need it again, but it must be downloaded fresh due to constant updates. If you have been infected by
  15. Hi Kathy and welcome to the forum, first I must say I doubt very much this is a malware issue. I would be thinking about giving the computer back while the warranty is still in effect. I would be willing to look for you to see if I can spot any reason in the HJT log, but first you must supply one for me to look at. It is important that you follow all of the instructions at this link: http://forums.pcpitstop.com/index.php?showtopic=36065 Post the HJT log and I will respond as soon as possible after that. Here are two more looks at the HJT information if it helps: http://russelltexa
  16. Hello and welcome to the forum, I see this item and others: C:\Program Files\License_Manager\license_manager.exe http://fileinfo.prevx.com/QQcbab18255600-L...ANAGER.EXE.html Let's try this: 1) How to make files and folders visible: Click Start > Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. 2) Please
  17. HJT must have removed it for you, the log is clean this morning, you are good to go. Only thing I see is that out of date Java program I mentioned earlier. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml System Restore does not know the good files from the bad. In case
  18. Member stopped responding...topic is closed Thanks...pskelley
  19. Looks good, I'll have to assume it's running ok. Java needs an update: http://forums.spybot.info/showpost.php?p=1...amp;postcount=2 Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml ewido is a great program but it does use some resources. Once the trial is over you can
  20. OK Ed, how is the computer running now? A couple of lines yet to remove and let's clean a little. Please download ATF Cleaner by Atribune http://www.atribune.org/public-beta/ATF-Cleaner.exe Save it to your Desktop. We will use this later. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: O20 - Winlogon Notify: tuvttqq - tuvttqq.dll (file missing) O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing) Close all programs but HJT and all browser windows, then click on "Fix Checked" Run ATF Cleaner Double-click AT
  21. Hello Ed and welcome to the forum, it is important that you follow the directions and in the posted order. Thanks to S!Ri for this fix, Trevuren and any others who helped. Please print out or copy these instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. 1. Download and update Ewido. First downloa
  22. I see no malware in this log. Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online: http://boards.cexx.org/viewtopic.php?t=957 http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14 http://www.bleepingcomputer.com/forums/topict2520.html http://cybercoyote.org/security/not-admin.shtml Thanks...pskelley Trusted HJT Advisor PCPitStop forum http://pcpitstop.com/about/supportus.asp If you are reading this information...thank a teacher, If you are reading it in English...thank a
  23. Your HJT log is clean this morning, good job you will want to clean the quarantine folder in ewido, ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually. Make sure you review the information I posted for you earlier, and clean out the System Restore as per the instructions. I would say you are good to go, safe surfing Thanks
  24. Yep, you did have a Vundo infection and Atribune's tool killed it, BUT you also picked up another trojan during all of this, see this: O20 - Winlogon Notify: wineak32 - C:\WINDOWS\SYSTEM32\wineak32.dll It is possible it was hiding along with Vundo. Here is what I want you to do: http://www.bleepingcomputer.com/tutorials/...l42.html#delreb How to use the Delete on Reboot tool At times you may find a file that stubbornly refuses to be deleted by conventional means. HijackThis introduced, in version 1.98.2, a method to have Windows delete the file as it boots up, before the file ha
  25. Thanks for that information, ewido has idicated a Vundo trojan infection, follow these instructions: Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Put a check next to Run VundoFix as a task. You will receive a message saying vundofix will close and re-open in a minute or less. Click OK When VundoFix re-opens, click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. Whe
×
×
  • Create New...