Jump to content

Change Mode


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

Everything posted by Trogan

  1. OK, so the main problem at the moment is that your internet does not work with SpySweeper? I'm going to see what I can find. I will post back when I can.
  2. I'm a bit lost here. Could you explain what I bolded in the quote please? The bolded two above: I'm not sure if I've seen a google address with "ie" at the end. You might want to remove that unless you know what it is. And the comcast has a ":" (semi colon) in the name. Therefore, the address is not right, so not sure if that would cause a problem. You should correct these and see if they make a difference.
  3. Lets try a reg fix: Open Notepad! Copy and Paste everything from the Quote box into Notepad: Go to File > Save As Save File name as Fix.reg Change Save as Type to All Files and save the file to your desktop. Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK Reboot your computer! Let me know if that helps.
  4. So we've narrowed it down to SpySweeper. What I suggest you do is run a scan with SpySweeper in Safe Mode. Let me know if that helps.
  5. Hi rgsmile! SpySweeper, WinPatrol and Windows Defender are all monitoring programs. So what is likely happening here is when one of those programs tries to make a change, i.e. remove Virusbursters, another one brings it back and we're back to square one. Generally it is not a good idea to have more than one monitoring program as they can cause confusion such as in this case. You should select one program to be your main monitoring program and DISABLE the others as instructed previosly in this thread. Please do this and let me know if your still getting alerts.
  6. Thanks for the new log. It came back clean, which I thought it would. I'm getting the registry entries checked out. Be back shortly.
  7. Hi rgsmile! There is a newer version of SmitfraudFix that came out yesterday. You currently have v2.117, and the new version is 2.119. Lets update SmitfraudFix and see what it finds. Open SmitfraudFix.cmd and press 4 to check for updates. Once updated, run Option 1 to produce a new log. Please post that here. Also, tell me if you see the Virusbursters folder in Program Files. C:\Program Files\Virusbursters <-- This folder
  8. OK, lets check the registry: 1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop. 2. Download Registry Search to your desktop. Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop. Open the new folder, and double click on regsearch.exe Click "Import" in the lower left corner and browse to the optio
  9. Hi rgsmile You can enable the protection for the programs again, if you would like - I suggest you do. I should have mentioned this earlier, but its likely the reason why the new WinPatrol gave you alerts was because its a new install so its just making sure everything is how you want it. As for the Silent Runners log, its not showing any bad. Let me know if your still getting alerts after enabling the protection for Windows Defender, SpySweeeper and WinPatrol.
  10. That is clean. Lets check a deeper. Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As") to download Silent Runners. Save it to the desktop. Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!) Once you receive the prompt "All Done!", double-click the new text file on the desktop, copy that entire log, and paste it here. *NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
  11. OK, lets try this: I need you to DISABLE some programs and run SmitfraudFix again, WinPatrol Right-click the running icon of Winpatrol in the system tray and choose Exit. It will automatically restart at next boot. SpySweeper 1. Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup". 2. On the left click "shields" and then uncheck everything there. 3. Uncheck "home page shield". 4. Uncheck "automatically restore default without notification". 5. Exit the program. Windows Defender 1. Open Windows Defender. 2. Click on Tools >
  12. OK, the SmitfraudFix log found one baddie; lets get it removed. Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. Please download Ewido to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install Ewido by double clicking the installer. Foll
  13. Virusbursters is one of many variants of the Smitfraud infection. There is a tool to identify and remove the infection, so lets give it a run and see what it produces. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient wh
  14. Hi rgsmile, Your log is clean. Are you having any specific issues?
  15. Hi, Sorry for the delay. Lets continue... Open Notepad! Copy and Paste everything from the Quote box into Notepad: Go to File > Save AsSave File name as Fix.reg Change Save as Type to All Files and save the file to your desktop. Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK ________________________________________ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and updat
  16. Thanks for doing that! I'm still waiting for something to be checked. Sorry for the delay.
  17. Hi LJK, I'm glad everything is working again. I assume you have removed the HijackThis entries, and deleted the folders? If so, could you also run the Ewido scan please. It would remove any leftovers plus extra.
  18. Hi, I'm getting something checked out, hopefully it won't be long. But for now, can you rename HijackThis to HJT and post a new log please.
  19. Hi LJK! Thanks for getting a Firewall...lets continue. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O2 - BHO: (no name) - {5CF6DE82-E459-0269-2EB5-20B91EB95C46} - C:\DOCUME~1\MYPC~1\APPLIC~1\AMENSE~1\Dog1.exe (file missing) O3 - Toolbar: (no name) - {B070220A-2CA1-5926-8A09-07928F2C470C} - (no file) O4 - HKLM\..\Run: [First Find Intra Bird] C:\Documents and Settings\All Users\Application Data\interdebugfirstfind\Setup slow.exe O4
  20. Lets try this: Can you download ComboFix from here. Save it to your desktop BUT don't do anything with it! (Make sure it is saved to your Desktop) Go to Start > Run > copy and paste "%userprofile%\desktop\combofix.exe" /v autdev Click "OK" to exit, then reboot the system. Once rebooted, post a new HijackThis log please.
  21. Did you copy and paste C:\WINDOWS\system32\vedtua.* into the second box? Let mw know, and we can try another method.
  22. Hi yoyocool2...it looks like Smitfraud is gone, but Vundo has come back again. Go here to Upload Malware Fill out the infomation, and post the link to this thread. In the File(s) To Submit: box 1. copy and paste the following: C:\WINDOWS\SYSTEM32\autdev.dll Click on Send File and close the page Lets use VundoFix again, but slightly different than before.Double-click VundoFix.exe to run it. Right Click inside the listbox (white box) and click Add more file? Copy & Paste the 2 entries below into the top 2 boxesC:\WINDOWS\SYSTEM32\autdev.dll C:\WINDOWS\system32\vedtua.* Click Add Files an
  23. Hi LJK, Please install a Firewall and post a new HijackThis log. Then, download Findlop by Metallica. Unzip it to your desktop. Double click findlop.bat. It will open a notepad file. Copy the content of that file and paste it here in your reply.
  24. Hi LJK, While we work to solve your problem, please do not you any Peer2Peer programs to download, accept what I ask you to. You need to get a Firewall as instructed in my last post. If you are having problems with one of them, try the next one. If you cannot install any, please let me know what happens i.e error messages? ===== Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present: Live.0nline.Po rtal << I can't find any info on this so uninstall it, unless you know that it is safe LiveUpdate << Belon
  • Create New...