Jump to content


Trusted Malware Techs
  • Content Count

  • Joined

  • Last visited

About Blade81

  • Rank
    MRU Master
  • Birthday 02/22/1981

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
  • Interests
    Floorball, football, music, computers..

Previous Fields

  • Teams:
    Nothing Selected
  1. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  2. You're welcome recommended Firefox addons are Adblock Plus and NoScript
  3. Good. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions. THESE STEPS ARE VERY IMPORTANT Let's reset system restore Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. NOTE: only do this ONCE,NOT on a regular basis Now lets uninstall ComboFix: Click START then RUN Now copy-paste Combofix /uninstall in the runbox and click OK Please download OTC and save it to desktop. Double-click OTC.exe. Click the CleanUp! button. Select Yes when the Begin cleanup Process? prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it by yourself. Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so. UPDATING WINDOWS AND INTERNET EXPLORER IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates. If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item. hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!! Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps: Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok Run Secunia vulnerability check here and fix its findings.Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions. Just a final reminder for you. I am trying to stress these two points. UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks. Make sure all of your security programs are up to date. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Once again, please post and tell me how things are going with your system... problems etc. Have a great day, Blade
  4. You're welcome but let's have a few more steps Open notepad and copy/paste the text in the quotebox below into it: Driver:: caepweic pvikzsrv File:: c:\windows\system32\drivers\caepweic.sys c:\windows\system32\drivers\pvikzsrv.sys DDS:: EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe Then post the resultant log. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. * Go here to run an online scanner from ESET. Note: You will need to use Internet explorer for this scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is not checked. Click Scan Wait for the scan to finish Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
  5. Please run ComboFix again (let it update itself) and post back its report + fresh dds log.
  6. Hi, 1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller). 2. Execute the file TDSSKiller.exe and wait for the process to finish. 3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
  7. Hi, Disable protection. Then run ComboFix and let it update itself. Post back the report + fresh dds.txt log.
  8. Hi, ComboFix should be run only when asked by a trained helper. Download DDS and save it to your desktop from here or here or here. Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Post them back to your topic. Download GMER here by clicking download exe -button and then saving it your desktop: Double-click .exe that you downloaded Click rootkit-tab, uncheck files option and then click scan. Don't check Show All box while scanning in progress! When scanning is ready, click Copy. This copies log to clipboard Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
  9. Ok. Thanks for letting us know
  10. Hi, Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Copy-paste following contents into custom scan -area:netsvcs %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  11. Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
  12. Hi Log appears to be clean. Check this text about slow computers. Your Java is outdated so it's recommended to update it. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u3. Scroll down to where it says The J2SE Runtime Environment (JRE) allows end-users to run Java applications. Click the Download button to the right. Check the box that says: Accept License Agreement. The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
  13. Seems like case is resolved. I'll lock this up now.
  14. BG Warthog, Aaflac is helping you here so no need to keep this topic open anymore.
  15. If log hasn't changed after previous hjt log post then it's ok
  • Create New...