Jump to content

noahdfear

Trusted Malware Techs
  • Content Count

    336
  • Joined

  • Last visited

Everything posted by noahdfear

  1. I know it does........sorry.
  2. Please open the Java Plug-in in the control panel and locate the version (look for an About tab), then let me know what it is. Right click My Computer and choose properties. On System Restore tab, check the box to turn off. OK out. Reboot and turn System Restore back on. Check to make sure you're using the latest versions of Spybot and SpywareBlaster, version 1.4 and 3.4 respectively. I recommend you open Spybot and click mode on the menu, then advanced. Click Immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this settin
  3. You can get Spybot 1.4 here. http://www.safer-networking.org/en/mirrors/index.html Please read thru the IESpyad page. It tells you about individual users.
  4. Can you highlight and copy a few lines at a time? If you can pick them out of the log, that's fine. You can also email me the log if you like. noahdfearATmsnDOTcom [email protected] Dot= . Put PCP darkeyes in the subject line. Another thing you can try first, but it would mean running it again afterward. Download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the s
  5. Looks good! Check to make sure you're using the latest versions of Spybot and Ad-aware, version 1.4 and SE Personal respectively. I recommend you open Spybot and click mode on the menu, then advanced. Click Immunize in the left pane, then immunize again, this time from above with the green + beside it (always recheck this setting after downloading updates). Click Tools in the left pane, then Resident. Check the box for Resident "SD Helper". Then click IE Tweaks in the left pane and at least check the box to lock the hosts file. Also recommend you download and install SpywareBlaster. E
  6. Hopefully you still have the scan window open, with the Virus Log Infomation in it, by the time you read this. Click within the Log section to select it, then press Ctrl+A to select everything, then press Ctrl+C to copy. Open Notepad and press Ctrl+V to paste, then save it to your desktop. Now try posting, even if it's a small section at a time.
  7. Glad to hear it worked! The clicking you here is possibly a sound scheme, and can be changed or disabled by going into the Control Panel>Sounds and Audio Devices>Sounds Tabs (don't quote me on that, I'm not on 98 right now to check ). There is a list of Windows events such as Asterisk, Default beep, Exit Windows, etc. There will be a loud speaker icon next to the ones that have a sound selected for that event. Click an event to select it, then click the play button next to the window below that shows the selected file for the event to hear the sound. You can select no sound or ch
  8. Part of Sun's Star Office program. Try unchecking it in msconfig and see if it helps or causes problems with the program after rebooting. O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE Non-essential startup items that can be fixed with HijackThis. O4 - HKLM\..\Run: [QuickTime Task] "C:\documents and settings\denise kozer\desktop\qttask.exe" -atboottime O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~2\PHOTOS~1\data\xtras\mssysmgr.exe Open My Computer and right click Local Disk C:, then choose properties. If Indexing is check
  9. The command window should have three icons in the top right corner just like any window. A line to minimize to the tray, a double window to make the window small or large and an X to close the window. Can you not see those? Maybe the monitor needs adjusted? Open window is larger than the screen? Just write the commands down and type them in (the 2 in bold below). Hit enter after each line. attrib -h -r -s C:\WINDOWS\SYSTEM\sockdebug.exe del C:\WINDOWS\SYSTEM\sockdebug.exe Notice that there is a space between the following commands, switches and filepaths. attribspace-hsp
  10. Thanks for the heads-up Jacee. I'll look into that link too.
  11. Fix this entry with HijackThis. O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe Your log looks good otherwise. The word RAV in my post above is a link to the online scanner. On the RAV page, click the link where it says: To continue without subscribing click here. Allow the control to be installed, wait for the definition files to be updated, then click Scan My PC. Copy the results in the window when done (make sure to get it all) and post here. Both of the files found by NAV appear to be rogue. I'd say you're sa
  12. When did these errors begin, eg: after recent update, software installation, hardware or driver upgrade/update? Can you give us the exact error messages please? Have you noticed anything else acting up? Please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower pane of the scanning window labled Virus Log Information and post it here. Takes quite a long time for it to finish, so be patient.
  13. Copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same. Close it, saving to your desktop as: File name: Rem.reg Save As Type: All Files Double click the file and allow it to merge with the registry. You may get an alert from MSAS........allow it. Then copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same. Close it, saving to your desktop as: File name: ico.bat Save As Type: All Files Double click the file to run it. Open Internet Options in the control panel and click D
  14. Locate and delete this file. C:\WINDOWS\system32\biU.exe Just as a double check, download FindIt's.zip to your desktop: Download Here Create a new folder on your desktop Unzip/extract the files inside that folder you created on your desktop. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It may take awhile so please be patient ... Then post the results here.
  15. You should print this out and/or save it to text where you can access it in safe mode. Check for updates to Ad-aware. Right click the desktop and choose new>folder. Name it HJT. Cut and paste HijackThis.exe to that folder. Scan again with HijackThis, check the following entries, close all other windows and click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: - {062A316C-5B17-4E5D-8272-2165428CE301} - C:\WINDOWS\lbbho.dll (file missing) O4 - HKLM\..\Run: [MessengerSettings] C:\WINDOWS\regsettings.exe O4 - HKCU\..\Run: [Atrs] C:\Do
  16. OK....I'll post some instructions later for you to work on tomorrow, and I'll check in tomorrow evening. Goodnight!
  17. Just checking on the Party Poker. Sometimes it is added by malware, without the user's knowledge, and it's generally recommended to remove. So long as we can get you cleaned up and it doesn't cause any problems, it's OK to keep. I did receive the file.....Thank You!........and will get something posted for you yet tonight.
  18. Open HijackThis to the misc tools section Click 'Open Uninstall Manager', locate ABI in the list, highlight and click 'Delete this entry'. Please scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.
  19. It is a rogue service put there by the infection. Click Start>run and type services.msc then hit enter. Locate System Startup Service in the list and double click the entry. Stop the service if running, then set it to Disabled, click apply and OK. Try using HJT to delete the service again.
  20. Was that scan done in safe mode? You will need to temporarily disable Microsoft AntiSpyware. Right click on the MSAS icon (looks like a target) and click on Security Agents Status (Enabled), then click on Disable Real-time Protection. To re enable it, you follow the same steps but click on Enable Real-time Protection. Uninstall CrazyTalk in Add/Remove if you don't use or want it. Then delete CrazyTalk.dll in C:\Windows\system32 and any other associated files/folders. Scan again with HijackThis, check the following entries, close all other windows and click fix. R0 - HKCU\Softw
  21. If the file exists, those commands will remove it. Try it from within Windows first. If you get a message that it's in use and cannot be deleted, do it in safe mode. Don't worry about not finding it as a running process, it may not be.
  22. I would expect that kind of a drop when first starting ZA, but not for it to continue using it. Mine runs basically as a background task, using zero to 1% cpu unless changing a web page, refreshing, etc., but even then only spiking to 2 or 3%. In terms of memory usage, my highest right now is iexplore.exe, which has been open for about 6 hrs and is at 28,216k. ZA is at 6516k and has been running since I started my computer yesterday, about 20 hours ago. What version ZA are you using? Do you remember the exact error you get?
  23. Would you please zip a copy of C:\WINDOWS\regsettings.exe and attach it to an email to me at noahdfearATmsnDOTcom (replace AT with @ and DOT with a period). Put PCP rmal75 in the subject line. Then please download version 1.99.1 of HijackThis.exe here, place it in a new folder of it's own such as C:\HJT or desktop\HJT, then create and post a new log. Did you knowingly install Party Poker?
  24. I was very surprised to see you state that ZA is a resource hog. I've never experienced that. What kind of problems does it create for you? EZ Armor is Great, IMO. You won't find much difference in the firewall though. It uses a Computer Associates branded Zone Alarm. The antivirus is very good and lightweight. I won't be without it on one of my machines!
  25. One more thing if you would please. Click here to go to an online malware scanner and click browse. Navigate to C:\WINDOWS\regsettings.exe and upload that file, click submit, then wait for the results and copy/paste them here.
×
×
  • Create New...