Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

About Metallica

  • Rank

Previous Fields

  • Teams:
    Nothing Selected
  1. Working up from the last. C:\RECYCLER is your trash bin. empty it and they will be gone. Potentially unwanted tool: as we discussed, these are standard HP issues, so nothing to worry about How to control cookies: http://privacy.getnetwise.org/browsing/too...cookiesadvanced Please do have a look at my site about removing and preventing spyware where you will find that link and other information on how to stay safe®. Regards,
  2. I was under the impression you were able to delete: C:\WINDOWS\system32\csrss.dll It looks as if the Adminstrator account was infected too. Please delete (in safe mode): C:\Documents and Settings\Administrator\My Documents\?icrosoft.NET <= again, the name of the folder will probably look like Microsoft.NET and C:\WINDOWS\system32\csrss.dll Let me know if that works.
  3. Your log looks good. Windows will issue a warning about every file of certain types (like .exe) before it deletes them. Deleting the file and folder I listed will not hurt your system. In case of doubt leave them in your trashbin for a few weeks. Restoring them from there is easy enough. Regards,
  4. The so-called Hacking Tools are HP standaard issues. Not to worry about those. Now all we need to do is get rid of PurityScan. You notice the question marks in theit folder and filenames? That is not how they show themselves to you. Can you find and delete: the folder C:\Documents and Settings\Administrator\My Documents\?icrosoft.NETThe ? will probably look like a M the file C:\WINDOWS\system32\csrss.dllOnly the one with exactly that name. Let me know if you have any problems or questions. Regards,
  5. Sorry for being unclear, but you were supposed to click Fix checked. Can you repeat that part and post the new log? Glad to see the Rootkit scan turned up clean. Regards,
  6. Hi dan916, Run a HijackThis scan and put a checkmark in fornt of these items: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.surething.com/swlinks/stcd4/lin...amp;base=labels R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {B8FBB3D8-2D63-0B94-689F-5680014D0594} - C:\WINDOWS\system32\ztuyddv.dll (file missing) O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {B8FBB3D8-2D63-0B94-689F-5680014D0594} - C:\WINDOWS\system32\ztuyddv.dll (file missing) O2 - BHO: (no name) - {CB8F9B22-5998-7A34-95FE-70222BF92AC2} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKCU\..\Run: [iaes] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ICROSO~1.NET\rundll32.exe" -vt yazr O4 - HKCU\..\Run: [Mebzba] C:\WINDOWS\??crosoft\?ervices.exe O4 - HKCU\..\Run: [Vkdxmby] C:\WINDOWS\STEM32~1\SCHOST~1.EXE O20 - AppInit_DLLs: Then reboot and : Surf to: Sophos free tools: Anti-Rootkit Click the "Download" button Read the conditions and fill out your Details. Click the Download Sophos Anti-Rootkit link. Save the sarsfx.exe to location on your harddrive where you can find it later on. InstallingClose as many applications as possible and execute sarsfx.exe by doubleclicking it. Accept the EULA and install the software to the loaction of your choice.(Default is C:\SOPHTEMP) Running for analysisIn that folder find and double-click sargui.exe Select the areas that you want to scan for hidden objects (Running processes, Windows registry, Local hard drives) Click Start > Run and copy this command into the window %TEMP%\sarscan.log and click OK to execute. A textfile will open. Post the content of that file.
  7. Thanks for the welcome radio. :beer: I know the story and the feeling.
  8. I have no objection to the discussion, but I think you will agree I had to wade through some posts that were not very helpfull. Any thread that could lead to cutting down the number of logs that go unanswered (by someone who knows what they are doing) has my interest. Edited nasty typo
  9. I think I also saw someone that was under the impression that the max. damage would be $ 1000 or a new OS. Reconsider the consequences if someone would miss a Banker trojan in a log or has fallen for a phishing scam. There are so many ways you can make yourselves usefull and be a help. If you don't like training elsewhere, it might be advisable to think about ways to expand the program here rather then opening the section for untrained helpers.
  10. Hmmm. What have we here? If this would have been the first thread I read on this forum I would have turned around straight away. I still might, in case you want to bring up my postcount, it could still be at 1 next year since my time is limited and I find it too precious to waste. The discussion, although hard to follow is interesting, but got started a few years too late. Even in the very beginning when HijackThis was used on SpywareInfo where Merijn posted, there were unwritten rules not to jump in on someone else's thread uninvited and let new malware be handled by the experts. Unfortunately HijackThis became so pouplar and malware so divers that the small gang of experts couldn't keep up and neither could the anti-spyware industry. Imagine if they could and you could just say: use Spybot and AdAware and aqll your worries are history. You can go out and get re-infected, see you later. So initiatives were taken to train interested people in dealing with logs. And some people started helping unsupervised on other forums, like Radio did here and I did elsewhere. Only to find out that at one point we couldn't cope with the number of logs anymore and needed help. Trained help As I see it you have two options: show you are really interested and get training. After doing this successfully you will be accepted at a great number of boards. Or show that you can do it all by yourself. There are plenty of boards where you can start posting straight away (even a few respected ones) or you can start your own (as many have tried). But I do not think it is feasible to talk any of the big boards (that have a name to live up to) into changing their rules according to your wishes. Regards, Pieter
  • Create New...