Jump to content

Metallica

Trusted Malware Techs
  • Content Count

    24
  • Joined

  • Last visited

About Metallica

  • Rank
    Member

Previous Fields

  • Teams:
    Nothing Selected
  1. Working up from the last. C:\RECYCLER is your trash bin. empty it and they will be gone. Potentially unwanted tool: as we discussed, these are standard HP issues, so nothing to worry about How to control cookies: http://privacy.getnetwise.org/browsing/too...cookiesadvanced Please do have a look at my site about removing and preventing spyware where you will find that link and other information on how to stay safe®. Regards,
  2. I was under the impression you were able to delete: C:\WINDOWS\system32\csrss.dll It looks as if the Adminstrator account was infected too. Please delete (in safe mode): C:\Documents and Settings\Administrator\My Documents\?icrosoft.NET <= again, the name of the folder will probably look like Microsoft.NET and C:\WINDOWS\system32\csrss.dll Let me know if that works.
  3. Your log looks good. Windows will issue a warning about every file of certain types (like .exe) before it deletes them. Deleting the file and folder I listed will not hurt your system. In case of doubt leave them in your trashbin for a few weeks. Restoring them from there is easy enough. Regards,
  4. The so-called Hacking Tools are HP standaard issues. Not to worry about those. Now all we need to do is get rid of PurityScan. You notice the question marks in theit folder and filenames? That is not how they show themselves to you. Can you find and delete: the folder C:\Documents and Settings\Administrator\My Documents\?icrosoft.NETThe ? will probably look like a M the file C:\WINDOWS\system32\csrss.dllOnly the one with exactly that name. Let me know if you have any problems or questions. Regards,
  5. Sorry for being unclear, but you were supposed to click Fix checked. Can you repeat that part and post the new log? Glad to see the Rootkit scan turned up clean. Regards,
  6. Hi dan916, Run a HijackThis scan and put a checkmark in fornt of these items: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.surething.com/swlinks/stcd4/lin...amp;base=labels R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {B8FBB3D8-2D63-0B94-689F-5680014D0594} - C:\WINDOWS\system32\ztuyddv.dll (file missing) O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180B
  7. Thanks for the welcome radio. :beer: I know the story and the feeling.
  8. I have no objection to the discussion, but I think you will agree I had to wade through some posts that were not very helpfull. Any thread that could lead to cutting down the number of logs that go unanswered (by someone who knows what they are doing) has my interest. Edited nasty typo
  9. I think I also saw someone that was under the impression that the max. damage would be $ 1000 or a new OS. Reconsider the consequences if someone would miss a Banker trojan in a log or has fallen for a phishing scam. There are so many ways you can make yourselves usefull and be a help. If you don't like training elsewhere, it might be advisable to think about ways to expand the program here rather then opening the section for untrained helpers.
  10. Hmmm. What have we here? If this would have been the first thread I read on this forum I would have turned around straight away. I still might, in case you want to bring up my postcount, it could still be at 1 next year since my time is limited and I find it too precious to waste. The discussion, although hard to follow is interesting, but got started a few years too late. Even in the very beginning when HijackThis was used on SpywareInfo where Merijn posted, there were unwritten rules not to jump in on someone else's thread uninvited and let new malware be handled by the experts.
×
×
  • Create New...