Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybo(t) Won't Start, Files With That Name Crash


  • This topic is locked This topic is locked
9 replies to this topic

#1 richard1777

richard1777

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 26 December 2007 - 10:24 PM

Hello,

My computer runs Windows XP Home ed., I have Norton Internet Security 2007, Spybot 1.5, Spysweeper 3.5 (trial), and AVG anti-spyware 7.5. I have installed in Internet Explorer 7 the lists of restricted sites from Spyware Blaster and Zoned-Out.

My system ran well, usually with Norton Internet Security and Spybot active, with the Spyware Blaster and Zoned-out restricted sites installed in Internet Explorer. However, I downloaded a file that did not get caught, and it had a W32.Spybot.worm in it. When I clicked on it, the malware was identified, caught and removed, I think by Norton Internet Security. However, since then:

- Spybot will not launch;

- A .pdf file that has "spybot" in its title will not launch Adobe Acrobat 8.1; a .doc file that has "spybot" in its title will not launch Word 2003. However, if a letter is taken out of the name, or the name otherwise changed (i.e., to "Spybo" or "spybo(t)"), that same file will launch, so it is the actual name that is initiating the response. If Word or Acrobat are already running, trying to launch a spybot-named file will crash them. Also, a .doc file with "mcafee" in the title will also crash Word.

- If I have Internet Explorer 7 open, going to a page that has spybot in the title or keywords will crash Internet Explorer. (Which is why my topic title has the parentheses: if you replied to a topic with "spybot", I would not be able to read it!) I cannot go to safer computing's site.

- Also, I found that I cannot run Hijack This.

I have tried turning on and off Norton and Spysweeper and AVG, and disabling Spyware Blaster protections, in various combinations. Somehow I managed to get Spybot to run once, but that situation ended when I restarted, and I haven't been able to launch Spybot again or duplicate the conditions that somehow allowed that one launch.

My guess is that whatever is going on is happening at the system level, not in Internet Explorer per se. As it is keying on spyware & virus protectors, it seems that it is either malware or possibly misdirected response from Norton Internet Security.

Any assistance you could provide would be greatly appreciated. Thank you.

Richard1777

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 27 December 2007 - 10:27 AM

The W32.Spybot.Worm is a family of worms that spreads via the file-sharing network and instant messaging. Are you sure the infection has been removed?

Did you try uninstalling Spybot S&D and then reinistalling?

If you can't access Spybot's site, then your HOSTS file may have been corrupted. Download HostsXpert - Hosts File Manager
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to start the program.
  • When the program opens, click the "Restore MS Hosts File" button in the left pane.
  • Click "Make Hosts Writable?" (if available).
  • Click "Restore Microsoft's Hosts file" when prompted and then click "OK".
  • Exit Hoster when done.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 28 December 2007 - 04:22 AM

Thank you for your reply, quietman7.

I tried the HostsXpert.exe approach, and replaced the hosts file, but it did not correct the problem.

I have tried turning off/disabling or removing all spyware and virus protectors and firewalls, but nothing has corrected the problem. The word "spybot" or "mcafee" in the file title will still crash Word or Acrobat or Internet Explorer, and if Spybot is in the keywords it will also crash Internet Explorer. Hijack This will still not launch.

When I access www.safer-networking.org, the home of Spybot, Internet Explorer also crashes. Trying to access a page at this site (www.bleepingcomputer.com) with Spybot in the title will also crash Internet Explorer.

I could not uninstall Spybot because when I accessed the add/remove utility, when I clicked remove for Spybot-SD it crashed the utility. (Again, Spybot in the title.) I did go in and delete all of the files in the Spybot folder (except SDhelper.dll, which would not delete, but I moved it out of the Program Files folder), but the above problems still persist.

There seems to be some file or process in the system, or some file inserted by the worm (which everything that I could run says is gone), that the protection and scanning programs do not detect but which is guarding against the use of Spybot, Mcafee, and Hijack This.

Any assistance with this problem would be appreciated. Thank you.

Richard1777

#4 d_dursley

d_dursley

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 28 December 2007 - 07:27 AM

Hi richard1777, quietman7:

My DELL Optiplex GX620 was infected about a week ago after a BitTorrent download. The symptoms are identical to the ones described in Richard's posts, so I wont repeat them.

Somehow I managed to "duplicate conditions" described by Richard and got Spybot Search & Destroy 1.5.1.15 installed. The full SpyBot scan shows no issues.

The malware also allowed me to install free edition of AVG Anti-Virus. The full scan with AVG Internal Virus database version 269.17.9/1197 released on 12/25/2007 shows no issues as well.

AVG and SpyBot are the only 2 programs which the malware has so far allowed me to install. Apparently this anti-virus software is "too weak" and doesnt constitute a threat to the malware.

The following installation attempts have been rejected:

- Kaspersky,
- Symantec,
- McAfee,
- HiJackThis.

The behavior is identical to what Richard has described - any reference to the above keywords on the webpage instantly kills the browser, as well as any attempt to run an executable file. Renaming the executable to h.exe doesnt help either.

At this time I'm unable to remove the malware - any help would be greatly appreciated.
d_dursley

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 28 December 2007 - 04:06 PM

Welcome to BC d_dursley

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more people in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.

richard1777, please download SDFix by AndyManchesta and save it to your desktop.
alternate download
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save a copy into the SDFix folder as Report.txt.
  • Copy and paste the contents of Report.txt in your next reply.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 29 December 2007 - 04:17 AM

Thank you again, quietman7.

I downloaded the SDFix package, installed it and followed the directions.

The program itself started fine and showed no errors, but the computer wouldn't take input from the keyboard (i.e., I couldn't type either y or n), even after I tried the several fixes and confirming that the environment variable was correct. So, I used the msconfig program to allow rebooting in safe mode, and then SDFix.exe accepted the keyboard input "y" and ran correctly.

It seemed to run cleanly, except that at two or three points it noted that it couldn't open "enterpr~1.dll". My computer is named "Enterprise" (yeah, I liked Trek), so I assume that that .dll file derives its name from it. Anyway, I also assume that the DOS-based SDFix.exe couldn't open the C:\Windows\System32\ENTERPRISE.dll file because it exceeded the "8+3" DOS naming formula. I don't know if this is reflected in the log below, but I thought I'd document it just in case.

I tried opening a test "spybot.doc" file, and it still crashes, so something is still awry.

The SDFix log is as follows:

SDFix: Version 1.120

Run by Administrator on Sat 12/29/2007 at 12:22 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 00:37:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7630d239
"s2"=dword:236c5d62

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa]
"LsaPid"=dword:0000037c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:0000038a
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Watchdog\Display]
"ShutdownCount"=dword:00000251
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\eeCtrl\Parameters]
"LastUsedDefs"="C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ERSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
"Sources"=str(7):"Microsoft H.323 Telephony Service Provider\0WSH\0WMIAdapter\0WmdmPmSN\0WinSAT\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WinDefendRtp\0WebClient\0VSS\0VBRuntime\0Userinit\0Userenv\0UPHClean\0SysmonLog\0Starter\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Outlook\0Offline Files\0Oakley\0ntbackup\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0MPSampleSubmission\0mnmsrvc\0Microsoft Office Document Imaging\0Microsoft Office 11\0Microsoft Fax\0Microsoft ® Visual C# 2005 Compiler\0MDM\0LPR Print Monitor\0LoadPerf\0LiveUpdate\0Java VM\0HostMIBAgent\0HelpSvc\0Folder Redirection\0File Deployment\0EvntAgnt\0EventSystem\0ESENT\0DrWatson\0DiskQuota\0crypt32\0comHost\0COM+\0COM\0Ci\0Chkdsk\0ccSvcHst\0ccEvtMgr\0Bonjour Service\0Automatic LiveUpdate Scheduler\0AutoEnrollment\0Autochk\0ASP.NET 2.0.50727.0\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0ACW_DE\0.NET Runtime Optimization Service\0.NET Runtime 2.0 Error Reporting\0.NET Runtime\0Application\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch]
"Epoch"=dword:00119a8e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SPBBCDrv\Parameters]
"Configuration"="C:\Program Files\Common Files\Symantec Shared\SPBBC\2007-12-28-25be.kc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}]
"Lease"=dword:0003839d
"LeaseObtainedTime"=dword:4775e5d9
"T1"=dword:4777a7a7
"T2"=dword:4778f902
"DhcpRetryTime"=dword:0001c1cb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{7EB37A5A-0FF5-4E61-8144-CC6E52EE5AC3}\Parameters\Tcpip]
"Lease"=dword:0003839d
"LeaseObtainedTime"=dword:4775e5d9
"T1"=dword:4777a7a7
"T2"=dword:4778f902

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B18B127E-280F-BA7A-2C2A-0B0F373C351A}]
"oafnocdfdmcncfiafmdfhmfjhghomd"=hex:6a,61,61,6b,62,6c,6b,63,62,6c,6c,6d,68,64,61,61,6e,68,65,61,00,..
"nalceenbpaohdmpjdnndockoabbn"=hex:6a,61,62,6b,67,6c,64,64,68,6f,66,68,69,6b,67,67,67,69,64,6f,00,..

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\DOCUME~1\\Richard\\LOCALS~1\\Temp\\win439.exe"="C:\\DOCUME~1\\Richard\\LOCALS~1\\Temp\\win439.exe:*:Enabled:win439"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 20 Mar 2005 211 A.SH. --- "C:\BOOT.BAK"
Thu 12 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 3 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sat 9 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 24 Jan 2004 5,120 ..SHR --- "C:\Documents and Settings\Richard\Local Settings\Temp\_Setupx.dll"
Sun 1 Jul 2007 36,352 ...H. --- "C:\Documents and Settings\Richard\Desktop\Xmas\Xmas lists\~WRL1885.tmp"
Thu 28 Jun 2007 100,352 ...H. --- "C:\Documents and Settings\Richard\Desktop\Xmas\Xmas lists\~WRL2193.tmp"
Sun 1 Jul 2007 100,352 ...H. --- "C:\Documents and Settings\Richard\Desktop\Xmas\Xmas lists\~WRL2301.tmp"
Thu 27 Sep 2007 85,504 ...H. --- "C:\Documents and Settings\Richard\Desktop\Xmas\Xmas lists\~WRL2584.tmp"
Thu 27 Sep 2007 85,504 ...H. --- "C:\Documents and Settings\Richard\Desktop\Xmas\Xmas lists\~WRL2625.tmp"
Sun 16 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sun 16 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sun 16 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Sun 16 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!


So, as something more needs to be done, what should be the next step? Thank you for your assistance.

Richard1777

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 29 December 2007 - 08:37 AM

Let's see if we can get Hijackthis to run and get a log.
  • Open My Computer or Windows Explorer and navigate to the HijackThis Folder.
  • Inside the folder, right-click on the HijackThis.exe file and rename it Scanner.exe.
  • Double-click on Scanner.exe (which is still HijackThis) run a scan, save the logfile and copy/paste it into your next reply.
If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.com

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 richard1777

richard1777
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:31 PM

Posted 29 December 2007 - 04:44 PM

Quietman7,

I tried all of the renamings you suggested, and also tried to launch them from new folders. But none of the attempts were successful. I tried to launch from safe mode, but again no success. If I tried to launch several times quickly, on a couple of occasions I could catch just a flicker of a panel, as if the program were attempting to launch but being immediately shut down.

Richard1777

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 29 December 2007 - 04:56 PM

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

What DSS will do:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically runs HijackThis, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed.
Note: You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
Note:
* When running System Scanner, some firewalls may warn that it is trying to access the internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
* If you get a warning from your anti-virus when scanning with DDS, please allow it as the scan is not harmful.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:31 PM

Posted 30 December 2007 - 08:44 AM

Since DSS was able to create a Hijackthis log and due to the ongoing problems, I moved it to the HijackThis Logs and Malware Removal forum. You can find it here. Please go there and click on the Options button in the upper right corner of that thread and choose Track this topic. Make sure you subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users