Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispy Check And Trojan-sy.win32@mx


  • Please log in to reply
6 replies to this topic

#1 hoopman

hoopman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 08 August 2008 - 07:15 PM

Hi I hope someone out there can help me.

The kids were using the internet tonight trying to find a chart that converts metric to imperial, when a lot of changes appeared on the computer. They are as follows:

1. Along the top of my internet pages I now have a Security Toolbar 7.1 with a gauge showing my security level at 4/10 and then 2 green buttons with ''Block hardware popups'' on one and ''remove spyware'' on the other

2. I also have a yellow warning triangle beside my clock icon on the botom right corner of the screen with the following text inside a ballon that comes off it:
System Alert: Trojan-Spy.Win32@mx
Type: Spyware/Trojan
Vulnerable: Windows 95/98ME/NT/2003/
Windows XP/Windows Vista
Destription: Spyware programm that sends
confidetial information to a remote attacker
Protection: Click this ballon to download offical security software

3. I also have this shield shaped icon next to the above mentioned icon. This one flashes fron red with an X across it to Blue with a question mark on it.

4. On my desktop and on my start toolbar are two icons, one with antivirus scan on it and the other with online spy test on it. I deleted the two icons on the desktop but not on the start toolbar.

My computer is:
microsoft widows 2000 professional:
version 5.0.2195 service pack 4 build 2195
Total physical memory 514,124Kb
Available physical memory 304,668Kb
There are no antivirus scans on it that I'm aware. But i have downloaded in the past half hour mcAfee site advisor after the problems occured.

Thanks for taking the time to read this. I appreciate any help or advice given

BC AdBot (Login to Remove)

 


m

#2 hoopman

hoopman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 08 August 2008 - 08:54 PM

Just to give back an update.

I read a few of the threads that I thought might help and basicly I followed the advise that Quietman7 gave to Manasa in a thread titled ''MULTI TROJANS AND PROBLEMS:

After the first scan these were the log results
Malwarebytes' Anti-Malware 1.24
Database version: 1034
Windows 5.0.2195 Service Pack 4

02:09:55 09/08/2008
mbam-log-8-9-2008 (02-09-55).txt

Scan type: Quick Scan
Objects scanned: 45156
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Infected: 5
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 24
Registry Data Items Infected: 14
Folders Infected: 4
Files Infected: 37

Memory Processes Infected:
C:\WINNT\SYSTEM32\ubpr01.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINNT\SYSTEM32\zgyhw.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2f199d0e-f3e7-41a7-a060-816c24cceea0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z387.z387mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e1465f3-56cf-4fc4-8684-1bd6245aa30d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e1465f3-56cf-4fc4-8684-1bd6245aa30d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\z387.z387mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d46beaa4-a304-40b3-a9da-ec7f7f501f25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eircomt (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{2f199d0e-f3e7-41a7-a060-816c24cceea0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{254b87bb-510d-41fa-a887-52c5fa9be585} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINNT\SYSTEM32\995937 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINNT\SYSTEM32\zgyhw.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINNT\SYSTEM32\995937\995937.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Uninstall.exe (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\eircom11.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\EIRCOMTTB0200.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\Email.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\football.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\Go.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\heart.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\motoring.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\news.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\PopOff.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\PopOn.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\property.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\recruitment.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\support.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINNT\SYSTEM32\ubpr01.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\kare\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\kare\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

After pressing remove selected, there were still a nuber of infected objects that required the computer to be rebooted.
I did this and then scanned again and this time 3 infected objects were found and when I pressed the remove selected, they were successfully removed.
I then scanned for a third time and there were no infected objects found. please see acopy of the reusts log below.
I have not got system restore on my computer.
Will ''Start windows 2000 using the last known good configuration'' do?
and if so should I also use the disk clean up?
I would really appreciate some advise on this.


Malwarebytes' Anti-Malware 1.24
Database version: 1034
Windows 5.0.2195 Service Pack 4

02:28:02 09/08/2008
mbam-log-8-9-2008 (02-28-02).txt

Scan type: Quick Scan
Objects scanned: 45252
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:14 AM

Posted 08 August 2008 - 09:55 PM

Nice work and sorry for the delay. Before you use the disk cleanup let's run two more tools.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Follow with this. Run fromsafe mode after install,setup and update.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
Windows 2000 can only boot into Safe Mode using the F8 method as it does not have a System Configuration Utility.

Using the F8 Method

1. Restart your computer.
2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. When that is completed it will start loading Windows.
3. When you see the screen that has a black and white bar at the bottom stating "Starting Windows", tap the F8 key repeatedly until you get to the Windows 2000 Advanced Options Menu
4. At this menu use the arrow keys to select the Safe Mode option, which is usually the first in the list.
5. Press the enter key.
6. Your computer will continue booting, but now will boot into Safe Mode.
7. Do whatever tasks you require and when you are done reboot to boot back into normal mode.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 hoopman

hoopman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 09 August 2008 - 08:23 AM

Thank yoy very much for the advice Boopme it is really appreciated
I've now done all that anf nothing was detected (see copy of log below)

Could i ask you if that means our computer is now safe?
Do I now run my disk cleaner and defragmation as normal
When I start my computer now the super antispyware logo appears on my desktop and also the box for me to connect to the internet. We have not got broadband in our area so we have to connect via the phoneline and so we are not always online. Only when we want to use the web emails etc, Do I just leave it the way it is and just press cancel on the internet connection box when we start up or is there another option
Could I also ask what does the ATF Cleaner do?

Sorry for all the questions, but although I know how to use a computer, I still hav'nt a clue really.
Once again many thanks

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/09/2008 at 02:02 PM

Application Version : 4.15.1000

Core Rules Database Version : 3531
Trace Rules Database Version: 1520

Scan type : Complete Scan
Total Scan Time : 00:20:31

Memory items scanned : 136
Memory threats detected : 0
Registry items scanned : 4727
Registry threats detected : 0
File items scanned : 11963
File threats detected : 0

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:14 AM

Posted 09 August 2008 - 09:51 AM

Hello yep you are good to go now and do the things you need.
ATF = All Temporary Files..Cleaner. Quote by attribune,the author,
ATF-Cleaner.exe was once upon a time just my personal temp file cleaner. There became a need for a good temp file cleaner that could do the job safely and without removing files that are crucial to windows, so I decided I'd share it with the public.

As for the SUper. I'll check later when I'm at my PC that has it installed. For now if you want to open super and see if there are options somewhere to select ,NOT run at startup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 hoopman

hoopman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:14 PM

Posted 09 August 2008 - 09:59 AM

Boopme can't thank you enough, I found the options of not running at start up and put it to that.

Once again thanks for the help. :thumbsup:

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:14 AM

Posted 09 August 2008 - 10:09 AM

You're welcome :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users