Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

Everything posted by nellie2

  1. Yay... Don't forget to rehide your hidden files and folders, they are normally hidden for a good reason. Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following : Spyware Blaster - It will prevent most spyware from ever being installed. Spyware Guard - It offers realtime protection from spyware installation attempts. IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites. I also recommend reading this article written by Tony Klein How did I get infected in the first place Happy Surfing Edit: I'll close this topic now that it is resolved.
  2. Nick, who is an admin at Spyware Warrior has posted a bit more info on this issue. ref from here With that in mind, I would use the Microsoft method to remove it. Looks like the AV companies jumped on the bandwagon and said they'd fix it, which was only partially true. They only decloaked it but left it intact. The actual removal is risky and they didn't want to have everyones CD drives disappear. Yet they let people assume on their own that it would be fixed.
  3. With regards to reformatting, it is up to you. I don't like to give up but at the end of the day it is your machine and you must do what ever you feel most comfortable with. I'm concerned that you cannot find these files when you look for them. Have you tried enabling hidden files and folders. Double-click the My Computer icon on the Windows desktop. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK.
  4. You said it is 'still scanning all the porn files' Where are these files? Could you show me the path to these files. Please download and install this disk cleanup utility called Cleanup! http://cleanup.stevengould.org/ It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OKPress the CleanUp! button to start the program. Reboot Now would be a good time to to clear out and reset your system restore points. Please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account. (winXP) 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. Do you have a firewall installed?
  5. calhoun, try emptying your anti virus and anti spyware application quarrantines. It is most likely that the majority of the files that Ewido is picking up have been quarrantined by your AV as I don't see them running in your log. Reboot when you have done that and try Ewido again
  6. There has been some discussion recently about Rootkits, especially with the Sony Rootkit debacle going on at the minute However... people can get a little confused about rootkits (me included) but Suzi at SpywareWarrior has written an excellent information piece on Rootkits -------------------------------------------------------------------- Quote Suzi; Since rootkits are in the news recently, and a lot of people don't know much, if anything, about rootkits, I thought I'd post some info and a list of rootkit detection apps. Definitions: http://searchsecurity.techtarget.com/gDefi...i547279,00.html It's a good write up and talks about the histoy of rootkits. Excellent article here with a lot more detailed technical information: http://online.securityfocus.com/print/infocus/1850 In anti-spyware forums like this one, rootkit technology is sometimes found with spyware and/or trojans, backdoors and RATs (remote access tools). One spyware company, Enternet Media, has been documented to use rootkit technology to hide the presence of their spyware. Enternet Media is the company responsible for SearchMiracle/Elitebar spyware. http://www3.ca.com/securityadvisor/pest/pe...px?id=453090724 http://www.f-secure.com/v-descs/elitebar.shtml A screenshot of a rootkit revealer log showing Elitetoolbar can be seen in this link: http://netrn.net/spywareblog/archives/2005...hos-your-daddy/ Rootkits have been found on machines with Rbot and SDbot and keyloggers. http://www.dslreports.com/forum/remark,14493487 http://www.dslreports.com/forum/remark,13680927 http://spywarewarrior.com/viewtopic.php?t=16103 Presumably the rootkit is used to hide the tojans which can be used by the attacker to take total control of a machine while the keyloggers transmit information back to the attackers including passwords and data from the infected machine. An ugly situation at best. In cases like this I think the safest thing for a user to do is format and reinstall because there is no way to tell how severly the machine has been compromised and what dangers may lurk inside, even if the trojans and rootkit files are removed, if they can even be removed. Here's an example where format and reinstall was advised on a severely compromised network computer. http://spywarewarrior.com/viewtopic.php?t=16273 Here's a list of rootkit detection apps, copied from Eric Howes' website: https://netfiles.uiuc.edu/ehowes/www/soft5.htm#rootkit Blacklight http://www.f-secure.com/blacklight/cure.shtml IceSword http://xfocus.net/tools/200505/1032.html InvisibleThings.org http://invisiblethings.org/tools.html Microsoft - Malicious Software Removal Tool http://www.microsoft.com/security/malwareremove/default.mspx or http://www.microsoft.com/downloads/details.aspx?... RootkitRevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html UnHackMe http://www.greatis.com/unhackme/index.html Note these tools should be used with the guidance of an experienced malware removal expert or advanced user. Some anti-spyware apps have added rootkit detection, Spy Sweeper for one, and there may be others I'm not aware of yet. Other sites for rootkit information: http://research.microsoft.com/rootkit/ Microsoft webcast on rootkits: http://msevents.microsoft.com/cui/WebCastE...&CountryCode=US http://www.securityfocus.com/columnists/358 http://www.viruslist.com/en/analysis?pubid=168740859 Rootkits in the news: http://www.eweek.com/article2/0,1759,1829744,00.asp http://www.eweek.com/article2/0,1759,1816972,00.asp http://www.eweek.com/article2/0,1895,1841266,00.asp AIM worm drops rootkit and more: http://blogs.zdnet.com/Spyware/?p=687 Sony's DRM rootkit: http://www.sysinternals.com/Blog/ PestPatrol will detect and remove Sony's rootkit: http://blogs.zdnet.com/Spyware/?p=698 The ultimate rootkit site: http://www.rootkit.com/ Anyone who finds this helpful is welcome to post it at their own site or other sites. A link back here would be nice.
  7. Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked' O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Then find and delete these folders; C:\Program Files\MyWebSearch C:\Program Files\360Share Please download ewido security suite it is a free version of the program. Install ewido security suite When installing, under "Additional Options" uncheck..Install background guard Install scan via context menu Launch ewido, there should be an icon on your desktop, double-click it. The program will now open to the main screen. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. You will need to update ewido to the latest definition files.On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Once the updates are installed do the following: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido security suite. Rebbot and run Panda Active Scan, save the log it creates and post it here along with the Ewido log and a fresh hijack log please
  8. Hi calhoun Could you give me an idea of the problems you are having please? How many anti-virus programs do you have running on that PC? It is inadvisable to have more than one providing real time protection as there may be conflicts. Please decide which one you would like to keep and disable the others. You can use them for back up scanning purposes. If you haven't intentionally put My Web Search on your PC then go to add remove programs and uninstall it. Reboot and post a fresh log with an update on your problems and how things are now.
  9. Earwigs are horrible creepy crawlies that you get in the UK with huge pincer things on their bottoms. Hi DD
  10. Well the FxAgentB.exe seems to have done the trick, there isn't even anything left to clean up! You can use IE again now but could you come back tomorrow after using the net for a little while and post one last hijack log with the FxAgentB log. Just so that I can be sure that you aren't re-infected. Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following : Spyware Blaster - It will prevent most spyware from ever being installed. Spyware Guard - It offers realtime protection from spyware installation attempts. IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites. I also recommend reading this article written by Tony Klein How did I get infected in the first placeHow did I get infected in the first place?
  11. ok it looks like you have managed to get rid of some of the trojans... but you still have a nasty infection there. If possible do not use IE.. everytime you open it the infection will hook deeper into your system. You can try firefox, you might even prefer it!! Then Download FxAgentB.exe from this link FxAgentB.exe and save it to your desktop. After downloading, double-click the FxAgentB file to run it and the program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later. Reboot when done. Next click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'. Then click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?". Reboot when done and post a fresh hijack log. I don't know what time zone you are on but I'm just about to start work.... I'll be back this evening
  12. Please download and run the trial version of Trojan Hunter Then update your anti virus and do a full system scan, also do an online scan at Trend and eTrust or both. When done reboot and post a fresh hijack log please.
  13. Very funny........ ha ha ha!
  14. Craig needs to put another 50p in the meter I think! It's being looked into. Thanks for your patience and goodwill Pit people! Oh... just as I was typing this it came back!
  15. I've had a chat with moon, well a few chats actually and he thinks I should tell you all something.... I don't see why I should! But he knows you all better than I do so here goes. You seem to think that the staff at WF don't have to sign their edits or inform members of deletions. That isn't and never has been the case and I did mention this in moons original thread. I can't see any point in continuing to pull this apart... apparently a member of staff edited or deleted something and didn't let the member know. I didn't realise this was a problem and if the member had informed me of it... I could have sorted it. That is it, end of story. Apart from the fact that perhaps I should apologise to moon for the Troll remark.
  16. Jakeofalltrades - I'm quietly impressed by your common sense view of things... thank you for being a steadying hand in this sorry tale. I look forward to getting to know you better.
  17. Yes... the link to the post you found! Jakeofalltrades... thankyou, but I'm just going to fade away and kill a load of spyware.. I think that is all I'm good for now.
  18. Jacee... as Jazzy said A few others have aired their views on the administration at WF... I take all critisism and deal with it the best way I know how... seeing as I'm at fault here... I've dealt with it the best way I know how. skeptik... thats a good post. One of the WF rules is that a moderators decision will not be argued in public... a sensible rule I thought.
  19. Northy is sacked and I've resigned.... happy now!
  20. I'm sorry you feel that way moon, my understanding of the definintion of a troll is someone who posts with the intention of causing unrest, disruption and upset. Which is exactly what your post did. I have a pm button... if you have a problem with anything on the forum then use it. I shall stay out of this thread now because I don't agree with flame wars either.
  21. Thanks.......... Perhaps a PM to me in the first place from the person who felt hard done by wouldn't have gone amiss... I seem to remember a few threads here from members who weren't too happy with the way things were done. I will not allow trolling on the board in any shape or form..... I'm sure you can understand that Volt
  22. ok... this is just an interim solution for all WF refugees. http://nelsplace.proboards27.com/index.cgi
  23. Andy I've sent you a PM.. reply and I will get a message to Craig for you.
  • Create New...