Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Security Center/antivirus 2008


  • This topic is locked This topic is locked
13 replies to this topic

#1 chansey

chansey

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 August 2008 - 04:15 PM

I am running Windows XP and got XP Security Center on it. Through the Malwarebytes, I was finally able to delete the XP Security Center, however I am still receiving windows popups that says that I have a
Trojan-Downloader.win32.agent.bq
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Clicker.Win32.Tiny.h
Trojan-Spy.GreenScreen

On the popup there is a button that reads "Enable" and when that is clicked, it goes to a website for SmartSoft PC Antispy and PC Clean Pro. Also, when I run a McAfee Scan, it doesn't show anything.

Does anyone know if this is a true trojan and how to get rid of it?

Edited by chansey, 11 August 2008 - 06:22 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 11 August 2008 - 07:56 PM

Hello and welcome. Although you have run it.please check for an update and rescan with MBam. Post the log result.
You may want to disable temporarily the MaCaffe during the scan. Sometimes Mac doesn't like other tools.

Follow with this...
Download Attribune's ATF Cleaner and then SUPERAntiSpyware, Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post 2 logs and Let us know how the PC is running now.

Edited by boopme, 11 August 2008 - 07:57 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 eagletip

eagletip

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 11 August 2008 - 07:58 PM

Try running combofix. You can get a good copy from here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
scroll down to the bleepingcomputer link, download then run. Worked for me in many situations.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 11 August 2008 - 08:06 PM

Hello eagletip,please note the blue text at the top of the forum.
It says...

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.


If required we wil request it and state where to post it. I am glad it worked for you but for another it can be a real problem. Thanks for complying.

Edited by boopme, 11 August 2008 - 08:09 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 chansey

chansey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 August 2008 - 08:53 PM

I downloaded ATF Cleaner and Super AntiSpyware, following directions above. When I rebooted into Safe Mode, I could not locate the ATF-Cleaner.exe. However, when I reboot into normal it is there. Should I run this in normal mode?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:53 PM

Posted 11 August 2008 - 09:08 PM

After rebooting into safe mode, when you are at the logon prompt, make sure you log in as the same user account which you used to download/install the file. If not, you may not be able to find it file on your desktop. If your still having problems finding the file, go back to normal mode and move it to the root of the system drive (usually C:\) where you will be able to easily locate it when going into safe mode.

If for some reason you still cannot find it, then run the program in normal mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 chansey

chansey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 August 2008 - 12:25 AM

I did both, ATF Cleaner and Super scan in safe mode as directed. The Super scan did not find anything. However, I am still getting the same Trojan popups.

Here are the results from both scans:

Malwarebytes' Anti-Malware 1.24
Database version: 1043
Windows 5.1.2600 Service Pack 2

8:30:17 PM 8/11/2008
mbam-log-8-11-2008 (20-30-16).txt

Scan type: Quick Scan
Objects scanned: 49083
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/12/2008 at 00:04 AM

Application Version : 4.15.1000

Core Rules Database Version : 3534
Trace Rules Database Version: 1523

Scan type : Complete Scan
Total Scan Time : 02:45:22

Memory items scanned : 210
Memory threats detected : 0
Registry items scanned : 6413
Registry threats detected : 0
File items scanned : 128967
File threats detected : 0

---

Any other suggestions on getting rid of the Trojan popups?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:53 PM

Posted 12 August 2008 - 06:50 AM

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 chansey

chansey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 August 2008 - 11:20 AM

Here are the results from the rescan in normal mode:

Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 2

11:08:06 AM 8/12/2008
mbam-log-8-12-2008 (11-08-06).txt

Scan type: Quick Scan
Objects scanned: 44821
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---

Rebooted after the scan, but the popups are still there for:
Trojan-Clicker.Win32.Tiny.h
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.Win32.KeyLogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.Bankfraud.dq

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:53 PM

Posted 12 August 2008 - 11:30 AM

Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

Edited by quietman7, 12 August 2008 - 11:31 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 chansey

chansey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 August 2008 - 01:02 PM

Here is the results, however the same trojan popups are still there...


SDFix: Version 1.215
Run by Administrator on Tue 08/12/2008 at 12:25 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\sdfix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found




Folder C:\Program Files\kernel - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 12:39:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\MFX.SYS 50892 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"="C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:NTVDM.EXE"
"C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_4\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\m6.16\\mirc.exe"="C:\\Program Files\\m6.16\\mirc.exe:*:Enabled:mIRC"
"C:\\trivbot2001v22\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v22\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\m6.16\\inkytrivia\\mirc32.exe"="C:\\Program Files\\m6.16\\inkytrivia\\mirc32.exe:*:Enabled:mIRC"
"C:\\Program Files\\mbabotr\\mIRC\\mirc.exe"="C:\\Program Files\\mbabotr\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\trivbot2001v2_41\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_41\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\trivbot2001v2_41 copy\\trivbot2001v2\\MIRC32.EXE"="C:\\trivbot2001v2_41 copy\\trivbot2001v2\\MIRC32.EXE:*:Enabled:Internet Relay Chat Client"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\lxbxcoms.exe"="C:\\WINDOWS\\system32\\lxbxcoms.exe:*:Enabled:7100 Series Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbxPSWX.EXE:*:Enabled:7100 Series Printer Status"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Thu 12 Aug 2004 196 A.SHR --- "C:\BOOT.BAK"
Wed 10 Sep 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 10 Sep 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 10 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Wed 28 Apr 2004 238,792 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 13 Aug 2006 70,656 ..SHR --- "C:\Program Files\Weight Commander\Setup.exe"
Sun 20 Mar 2005 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Sun 27 Jul 2008 88 ..SHR --- "C:\WINDOWS\system32\A5D3FCA00E.sys"
Sun 27 Jul 2008 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 14 Aug 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 15 Apr 2000 6,483,440 A..H. --- "C:\eGames\Win_A_Million\Game\WCSUP.DLL"
Mon 11 Aug 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Mon 11 Aug 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Sat 7 Feb 2004 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Sat 7 Feb 2004 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Sat 7 Feb 2004 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Sat 7 Feb 2004 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Sat 7 Feb 2004 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Sat 7 Feb 2004 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Sat 7 Feb 2004 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Sat 7 Feb 2004 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Sat 7 Feb 2004 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Tue 10 Feb 2004 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Sat 7 Feb 2004 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Sat 7 Feb 2004 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Tue 10 Feb 2004 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Sat 7 Feb 2004 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Sat 7 Feb 2004 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Sat 7 Feb 2004 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Sat 7 Feb 2004 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Sat 7 Feb 2004 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Sat 7 Feb 2004 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Fri 19 Mar 2004 67,944 ...H. --- "C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\PhotoShow Express.exe"
Wed 19 Apr 2006 95,892 ...H. --- "C:\Program Files\Walgreens\Walgreens PhotoShow 4\data\Walgreens PhotoShow Express.exe"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT7.tmp"
Sat 14 Aug 2004 4,348 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak"
Sat 14 Aug 2004 20 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 14 Aug 2004 400 ...H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Sat 14 Aug 2004 18,944 A..H. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2lic.bak"
Wed 10 Sep 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"

Finished!

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:53 PM

Posted 12 August 2008 - 01:29 PM

This infection will require further investigation and probably the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a hijackthis log.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log" and complete all the steps. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 chansey

chansey
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 13 August 2008 - 03:26 PM

I have posted on the Hijack This boards, and am waiting to get a response. Thank you so much for your time and help to this point.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:53 PM

Posted 13 August 2008 - 03:58 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users