 Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 10 2005, 12:52 PM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 27,952 Joined: 24-January 04 From: USA Member No.: 3  |
Hi and welcome to the Bleeping Computer malware removal forum. If you are reading this article, then you are most likely looking for a solution to a possible malware infection on your computer. Please follow these steps in order to provide information that we can use to analyze your computer's configuration. Please note that these steps may appear to be long and daunting. In reality, though, they are very simple and are only so many steps as we wanted to be detailed as possible in the instructions.  - Not all slow computers are caused by Malware.A very common reason members post malware removal topics is because they find their computer has become slow. We suggest that before you follow any of the steps below, you first read the following topic that provides a wealth of information on how to increase the performance of your computer. Slow Computer/browser? Check Here First; It May Not Be Malware If after following the suggestions in the above topic, you still have a problem, then please proceed with the rest of the steps.  - Create a free account In order to submit a HJT log you
will need to be a logged into the forums with a registered account.
Registering is free and allows us to distinguish one user from another. To register an
account simply click on the following link:After you click on this link you will be brought to a page asking you to fill in some information in order to create your free account. Please enter a login name, a display name that will be your public nickname on the site, a password, and a valid email account that you check regularly. It is important that you enter a valid email address as notifications will be sent to this address when someone replies to a topic you have created. You can then optionally enter the other information that is requested. Finally, when all required fields are filled in, enter the security code found in the image and press the Submit my registration button. After you press the Submit button, the site will generate an email and send it to the email address that you registered with. In this email is a validation link that you must click on in order to finish the registration of your new account. Once this process has been completed, you will now be able to post in all the forums at Bleeping Computer.  - Enable topic reply notification by
default.In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:
 - Enable a firewall Before you continue it is important that you enable a firewall. Doing so, will help to stop your computer from being further infected with malware as we are cleaning your computer as well as provide an easier disinfecting process for our helpers. When the cleaning process is done, we will recommend other firewalls that you can use instead of the built-in Windows XP or Windows Vista firewall if you wish.For instructions on how to enable the Windows XP Firewall, you can read this tutorial. To enable the Windows Vista firewall, you should enter the Control Panel and then click on the Windows Firewall menu icon. Once the Windows Firewall settings open, you can enable or disable the firewall.  - Scan your computer with the Kaspersky Online Scanner (Optional Step) Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer. Therefore, by providing a log from Kaspersk'y free online scanner it is possible for us to find leftover or missed malware files on your computer. Using this info we can now further clean up your computer.This step is optional because the scan can take quite a long time. If you have the time, then please scan your computer using the Kaspersky Online Scanner and then post that log along with the information below. Please note, that you will need to use Internet Explorer in order to run the Kaspersky online scanner.  - Download and Run Deckard's System Scanner (DSS)Download DSS from the following location: Deckard's System Scanner Download Link When you click on the above link you will see a download prompt similar to Figure 1 below.  Figure 1: DSS Save File dialog box Click on the Save button. You will now be presented with a screen similar to Figure 2 below asking where you would like to save the file.  Figure 2: Save dss.exe to the desktop Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. Your computer will now download the file to your computer and save it on your Desktop. When it is done downloading you will now find an icon on your desktop that looks like Figure 3 below.  Figure 3: DSS Icon Double-click on the dss.exe icon to start the program. Once you double-click the icon a security warning may appear asking if you are sure you would like to run the program. This warning is shown in Figure 4 below.  Figure 4: Windows security warning Click on the Run button to start DSS. If no warning appeared, as shown above, then you should just continue reading. DSS will now display a disclaimer stating what the program will do as shown in Figure 5 below.  Figure 5: DSS Disclaimer If you want to continue then you should press the OK button, otherwise to cancel you should press the Cancel button. When you press the OK button, a new message will appear stating that you should allow the program to continue if an antivirus or firewall program attempts to stop it.  Figure 6: Second DSS Disclaimer At this point you should press the OK button to let DSS scan your computer, otherwise you can press the Cancel button to end the program. Once you press the OK button, DSS will create a new System Restore Point and backup your Windows Registry. When it has finished, DSS will look on your computer for a copy of HijackThis. If HijackThis is not found, you will be presented with a new message box as shown in Figure 7 below.  Figure 7: Locate HijackThis If you have the latest version of HijackThis already installed, then click on the No button and browse to the HijackThis.exe file and press the OK button. If you do not have HijackThis installed, or are concerned it is not the latest version, then press the Yes button to have DSS automatically download the program for you and place it on your desktop. We suggest you press the Yes button. After you press the Yes button, a new prompt will appear stating that you should allow the download to take place if it is blocked by your firewall. Press the OK button and DSS will automatically download HijackThis. Once done, it will tell you where it was downloaded to and you should press the OK button once again. DSS will now start scanning your computer and compile a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer.  Figure 8: DSS is scanning your computer When DSS has finished scanning, all of this information will be compiled, along with a HijackThis log, and be displayed in two Notepad windows.  Figure 9: DSS Report The first window will be for the main.txt report and will be maximized already. The second report will be called extra.txt and will be in a minimized window. Please do not close these windows as you will need to post the contents of both reports in the next step.  - Create a new malware removal topic and post the DSS and Kaspersky ReportsNow click on the following link to open a new browser windows where you will create a new topic in the HijackThis and Malware Removal forum: Post a new malware removal request In the new browser window you will see a screen that asks you to fill in various information. For the Topic Title please enter a description of your problem containing the infection name or something specific to the infection you are having. For example if you have a particular worm, type the name of the worm in the title. If you are infected with Virtumonde or Winfixer, type that into the title. We have found that those people who enter in specific and detailed info about their infection tend to get cleaned up quicker as the helper is prepared. In the Topic Description field enter some more information that you think will be informative to the people helping with the logs. Examples of how we would like the titles and descriptions can be seen in the two images below:  Example 1 - Topic Title and Description  Example 2 - Topic Title and Description The next part that you must fill out is the actual message of the post. An example of the message area appears below: 
Example message area In the white message area, as shown above, write a detailed description of your problem and then press the enter key. Now copy and paste the contents of both reports generated by DSS into the post. You can do this by going to the Main.txt DSS Notepad window and right-clicking in the notepad and selecting Select All. Then right click again and select Copy. Now go back to the Post and right click in the post area and select Paste to paste the contents of the Main.txt report into the post. Now, please do the same steps for the Extra.txt report. If you performed as Kaspersky scan, please provide that report as well in the post. When done, you should now have a post consisting of the detailed description of your problem, the reports from DSS, and possible a Kaspersky scan report. The more you can tell us about a problem, the better and easier it will be to help you. In other words, "Help, I get a blue screen when I start my computer" will only result in the helper asking you what the specific message is. Instead in your first post, actually tell us the exact message, word-for-word, that you are receiving. Once you have typed the explanation, click on the Post New Topic button to actually post your new topic to the forums. At this point you should be patient and wait for someone to look at your log and advise as to what you should do. This may take a few days, so please be patient. Thank you and have a nice day! The Bleeping Computer Staff -------------------- Lawrence
|
 |
 
|
|
| Lo-Fi Version | Time is now: 9th May 2008 - 10:41 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.