Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pictures.pif virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 TheIsh

TheIsh

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 18 March 2005 - 10:03 PM

I was infected with the new virus found in the *.pif files going around. I was able to gain control of my active x to view files in folders but I can't move or open anything. I tried to use the trendmicro home scan but it won't let the scan begin. I have been reading these posts after searching google for trufkz.html and this is my current hijack this! log

Logfile of HijackThis v1.99.1
Scan saved at 8:57:55 PM, on 3/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Flex\LOCALS~1\Temp\mwavscan.com
C:\DOCUME~1\Flex\LOCALS~1\Temp\kavss.exe
C:\Documents and Settings\Flex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...ad/IbmEgath.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

I read some posts that told a user to download a MicroWorld Antivirus program that found the following viruses but costs $60 to fix the problems:

File C:\DOCUME~1\FLEX\MSDIRE~1.SYS infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Flex\LOCALS~1\Temp\ynwv.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken.
File C:\WINNT\system32\msdirectx.sys infected by "Trojan.Win32.Rootkit.h" Virus. Action Taken: No Action Taken.
File C:\WINNT\MVUNINST\App1\mvuninst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Flex\Local Settings\Temp\ynwv.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.12. No Action Taken.
File C:\Recycled\Dc330.reg infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\Recycled\Dc332.html infected by "Trojan-Clicker.JS.Linker.j" Virus. Action Taken: No Action Taken.
File C:\Recycled\Dc333.bat infected by "Trojan.WinREG.LowZones.f" Virus. Action Taken: No Action Taken.
File C:\temp\WinTaskAdInstPack.exe infected by "not-a-virus:AdWare.WinAD.b" Virus. Action Taken: No Action Taken.
File C:\temp\powersetup.exe infected by "Trojan-Downloader.Win32.IstBar.gg" Virus. Action Taken: No Action Taken.
File C:\DVD Wiz Install Files\DvdwizardInstaller.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.
File C:\Easydivx\softs\ck.exe tagged as not-a-virus:Tool.Win32.Pcwelt.a. No Action Taken.

Any help is greatly appreciated.

BC AdBot (Login to Remove)

 


m

#2 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 04:01 AM

What do you have to do to get a response here? I posted days ago but there are people who posted as early as today who have had help. Am I doing something wrong?

#3 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 March 2005 - 06:26 AM

Sorry it takes a few days sometimes.

You can run a free online virus scanner here,
http://housecall.trendmicro.com/housecall/start_corp.asp

After you've ran the virus scan download the following.


Cleanup!, CWshredder, Ad-aware, & Spy-Bot.
  • Updating Ad-aware:
    Double-Click the Desktop Icon > Click 'Check For Updates Now' > Click 'Connect'
  • Updating Spybot:
    Double-Click the Desktop Icon > Click Update > Drop-Down Box UniDo(Europe) > Select Pure-Elite(USA) or EON (AU) > Click 'Search for Updates' > Click 'Download Updates'
Now rebooot into safe mode (press f8 during reboot, select safe mode) and DON'T reconnect to the net.
  • Double-Click CWShredder and click 'Fix'
  • Close CWShredder
  • Open Ad-aware and make the following changes to the settings in Ad-aware.
  • Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
    check: "Unload recognized processes during scanning."
  • Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
    Check: "Let Windows remove files in use at next reboot."
Press 'Proceed'

Click 'Start'
  • Select option 'Use Custom scanning options'
  • Click 'Activate in-depth scan'
  • Click 'Select drives\folders to scan' Select the active partition which is usually C:
Click 'Customize'
  • Make sure the following are all are Checked:
  • 'Scan Within Archives'
  • 'Scan Active Processes'
  • 'Scan Registry'
  • 'Deep Scan Registry'
  • 'Scan My IE Favorites For Banned URL'S
  • 'Scan My Hosts File'
Click 'Proceed'
  • Now click "Next" to let Ad-aware scan your drives.
  • Once Ad-aware has completed its scan click 'Next' > Now Click 'Scan Summary' > Click All the Boxes with a Green Check Mark
  • Now Click 'Next' and Finally Click 'OK'
Close Out Ad-Aware

Open Spybot.
  • Click 'Search & Destroy'
  • Click 'Check for problems' (the program will now search your HDD)
  • Make sure all findings are checked and click 'Fix Selected Problems'
Close SpyBot and Reboot!

Once complete post a fresh log in your thread.

#4 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 01:02 PM

I apologize for being impatient, thanks for your attention. I was not able to run the online virus scan at trendmicro; in IE it gave me the message "cannot send html document" when I tried to select country, and in firefox it froze when starting the java applet. Here is the latest log.

Logfile of HijackThis v1.99.1
Scan saved at 12:00:05 PM, on 3/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Documents and Settings\Flex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...ad/IbmEgath.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#5 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 01:41 PM

Sorry I was able to reset to default settigns and run the trendmicro scan this is the most current log.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:07 PM, on 3/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4mon.exe
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Flex\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/sdc...ad/IbmEgath.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#6 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 March 2005 - 02:30 PM

You are aware that webshots contains spyware that tracks your browsing habits and send's pop-ups based on your browsing habits?

If you want to remove a few items from your hijackthis log you can, close all your running programs, run Hijackthis and place a check next to the following.

F2 - REG:system.ini: UserInit=
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB

close all your internet explorer browser windows and click fix in Hijackthis.

If you want to remove webshots, you can do that safely from your Add/Remove programs panel.

How's your computer running now?

#7 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 03:38 PM

I deleted the ones you said, as far as webshots program goes I do use it to upload pictures so I can't delete it. The problem I'm still having is that when I can't move files or open them. I get the message "Opening a file from this location is not safe and is not allowed with your current security settings" how can I fix that?

#8 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 20 March 2005 - 04:07 PM

Click Tools (at the top of your IE browser) > Goto 'Internet Options' > 'Security Tab'

Let me know the following Security Settings
Internet
Local Internet
Trusted Sites
Restricted Sites

#9 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 06:41 PM

Internet: Medium
Local Intranet: Custom
Trusted: Custum
Restricted: Custom

#10 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 20 March 2005 - 10:57 PM

I reset all of them to default and I still can't access files.

#11 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 21 March 2005 - 02:51 AM

What type of files are you trying to access?

#12 TheIsh

TheIsh
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:10 AM

Posted 21 March 2005 - 09:54 AM

anyting, I try to move things on the desktop and can't, I try to go into control panels and can't. Any time I open a folder I can't open a file inside. I can run programs from the start menu and open recent documents from the start menu but not when viewing the folders.

#13 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 21 March 2005 - 04:07 PM

let me do some research, i'll post back later on tonight.

#14 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 25 March 2005 - 02:56 AM

Well I can't find much on this. Can you please post a fresh Hijackthis log, and let me see what remains in your log.

#15 QuietFusion

QuietFusion

    Got Malware?


  • Members
  • 264 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 06 April 2005 - 01:53 AM

I am going to consider this thread complete. If you should have any problems please PM a moderator and request your thread be re-opened.

Review the tips below to keep your system clean.


To prevent the hijackers from taking over your system, increase the level of security on your system. Don't allow the hijackers to take you over!! Review these articles to increase the level of security.

http://www.computercops.biz/postt7736.html
http://www.markusjansson.net/eienbid.html

Also reset your restore points

Turn off System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot.

Turn System Restore Back On.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users