Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 robotpajamas

robotpajamas

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 February 2009 - 02:54 AM

Hi,


My computer's started acting up and I can't seem to fix it and can't really afford to have a pro physically take a look at it so I thought I'd turn to you fine people. I've often just browsed through here and found other threads where people have faced problems similar to mine and used your help from there to fix my pc.



Anyway, getting to the point:


A few days ago I got infected. I use Spyware Doctor which detected and cleaned a few Trojans. One of the several effects of the infection was a sudden appearance of Zango Toolbar (something which has happened before) and some other software which I hadn't downloaded consciously. Once this was done, my computer refused to start up. It started restarting every time it reached the windows xp loading screen. I used my XP CD to repair windows after which it worked fine and started up. However, after the first time when I restarted the computer, the Data Execution Prevention screen popped up and stopped init logon and then stopped me from running task manager and then stopped me from running explorer. However, I manage to get around this by pressing alt+ctrl+del twice so it blocks the first attempt to run the manager but starts the second time. I do the same thing running explorer to start my computer. A little dubious, I know but I get desperate. A lot of my computer games stopped working at this point. I used Spyware Doctor to scan but it found no infections but the problem still continued. However, my IE and Firefox still work fine and so do my messengers.


Anyway, since the repair wasn't working for me, I decided (unilaterally) to try and reinstall XP which I did. The same thing happened again. It started fine the first time but the DEP thing happened again and happens everytime I start my computer. I'm a little flummoxed since I have no idea where to go from here.

I downloaded Malwarebites Antimalware, updated it and ran it but it still doesn't show any infections. I also tried to disable DEP which lets me run my computer but then again, it doesn't really solve the problem.


I'm appreciate any help any of you people could give me with this.


Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 PM

Posted 14 February 2009 - 10:09 AM

Hi, well only a full wipe of the hard drive and then reinstall will remove a deep seated malware. But let's see if SAS shows something. Is this XP?

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 robotpajamas

robotpajamas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 14 February 2009 - 09:40 PM

Hi,

Thanks for your response. I'd done this late night yesterday (about 6 hours ago) and woke up and scanned again today and here are the 2 logs I got:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2009 at 02:21 AM

Application Version : 4.25.1012

Core Rules Database Version : 3758
Trace Rules Database Version: 1721

Scan type : Quick Scan
Total Scan Time : 01:16:43

Memory items scanned : 203
Memory threats detected : 0
Registry items scanned : 278
Registry threats detected : 14
File items scanned : 128301
File threats detected : 8

Trojan.Unknown Origin
[vxsgxyut.exe] C:\WINDOWS\VXSGXYUT.EXE
C:\WINDOWS\VXSGXYUT.EXE
[vxsgxyut.exe] C:\WINDOWS\VXSGXYUT.EXE
HKLM\System\ControlSet001\Services\ajrucuyp
C:\WINDOWS\SYSTEM32\DRIVERS\AJRUCUYP.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ajrucuyp
HKLM\System\ControlSet002\Services\ajrucuyp
HKLM\System\ControlSet002\Enum\Root\LEGACY_ajrucuyp
HKLM\System\CurrentControlSet\Services\ajrucuyp
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ajrucuyp

Rootkit.Dopper/ETH
HKLM\System\ControlSet001\Services\ethmfugk
C:\WINDOWS\SYSTEM32\DRIVERS\ETHMFUGK.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ethmfugk
HKLM\System\ControlSet002\Services\ethmfugk
HKLM\System\ControlSet002\Enum\Root\LEGACY_ethmfugk
HKLM\System\CurrentControlSet\Services\ethmfugk
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ethmfugk

Trojan.Agent/Gen-UGR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\4.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\5.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\E.TMP.VIR

Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\9.TMP

Adware.Vundo/Variant
D:\PROGRAM FILES\DIABLO II\D2NET.DLL








and about 10 minutes ago-

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2009 at 07:56 AM

Application Version : 4.25.1012

Core Rules Database Version : 3758
Trace Rules Database Version: 1721

Scan type : Complete Scan
Total Scan Time : 00:08:50

Memory items scanned : 204
Memory threats detected : 0
Registry items scanned : 2935
Registry threats detected : 6
File items scanned : 18392
File threats detected : 2

Rootkit.Dopper/ETH
HKLM\System\ControlSet001\Services\ethmfugk
C:\WINDOWS\SYSTEM32\DRIVERS\ETHMFUGK.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_ethmfugk
HKLM\System\ControlSet002\Services\ethmfugk
HKLM\System\ControlSet002\Enum\Root\LEGACY_ethmfugk
HKLM\System\CurrentControlSet\Services\ethmfugk
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_ethmfugk

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1925A3E8-990B-49B2-9D50-C06AF38AD080}\RP8\A0004496.EXE




I'm not sure if the deletion has helped. However, when I tried to start the computer, it restarted a couple of times before switching on and the DEP still comes on though not as persistently.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 PM

Posted 14 February 2009 - 10:07 PM

We have some rootkits on here causing a lot of trouble. Let's run 2 tools
Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.


Rootkit scanning

Before performing a Anti rootkit scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

Please navigate to the download page of Avira AntiRootkit and click on Download to save it to your Destop.
  • You should now find a file called: antivir_rootkit.zip on your Desktop.
  • Extract the file to your Desktop (you may then delete the zip file).
  • You should now have a folder with Setup.exe and some other files within it on your Desktop.
  • Double-click Setup.exe.
  • Click Next.
  • Highlight the radio button to acceppt the license agreement and then click Next.
  • Then click Next and Install to finalise the installation process.
  • Click Finish (you may now also delete the folder with the extracted files from the zip archive)
You successfully installed Avira AntiRootkit!
  • Please now navigate to Start > All Programs > Avira RootKit Detection. Then select: Avira RootKit Detection
  • Click OK when a message window pops up
  • Click Start scan and let it run
  • Click View report and copy the entire contents into your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 robotpajamas

robotpajamas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 15 February 2009 - 04:49 AM

hmm, I managed to get the SDFix done. However, Avira wouldn't start for me no matter which mode I tried. Is there something different I can do?



I also had to run SDFix twice since my network settings got corrupted the first time I ran it. Here are the two logs-


SDFix: Version 1.240
Run by Apu on 2009-02-15 at 13:05

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
restore

Path :
\??\C:\WINDOWS\system32\drivers\restore.sys

restore - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\8.tmp - Deleted
C:\WINDOWS\system32\B.tmp - Deleted
C:\WINDOWS\system32\D.tmp - Deleted
C:\WINDOWS\system32\2.tmp - Deleted
C:\WINDOWS\system32\119.tmp - Deleted
C:\WINDOWS\system32\11A.tmp - Deleted
C:\WINDOWS\system32\133.tmp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 13:08:31
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

C:\Documents and Settings\Apu\ocvdl.exe [1480] 0x89AAADA0

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1a,f4,b3,12,7b,1d,03,a0,07,13,a2,6e,6f,c0,de,47,fb,25,3d,8b,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,81,7b,e2,5a,59,35,ab,be,d2,2a,bf,42,c4,cd,f5,54,..
"khjeh"=hex:74,98,ef,fb,4e,e9,6e,a1,9a,d7,fb,25,f6,e4,d3,cf,d4,4f,c7,21,8c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,b2,1a,55,0f,e6,c7,2f,51,82,30,3b,29,9f,1d,6c,10,d4,0c,f6,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1a,f4,b3,12,7b,1d,03,a0,07,13,a2,6e,6f,c0,de,47,fb,25,3d,8b,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,81,7b,e2,5a,59,35,ab,be,d2,2a,bf,42,c4,cd,f5,54,..
"khjeh"=hex:74,98,ef,fb,4e,e9,6e,a1,9a,d7,fb,25,f6,e4,d3,cf,d4,4f,c7,21,8c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,b2,1a,55,0f,e6,c7,2f,51,82,30,3b,29,9f,1d,6c,10,d4,0c,f6,a4,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\bdki.exe"
Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\fhkuk.exe"
Sun 15 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\ocvdl.exe"
Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\wgnp.exe"
Mon 20 Aug 2001 86,016 ...H. --- "C:\Program Files\Sid Meier's Sim Golf\go_ez.exe"
Mon 20 Aug 2001 598,016 ...H. --- "C:\Program Files\Sid Meier's Sim Golf\Sid Meier's SimGolf_EZ.exe"

Finished!




and then from half an hour later which is what it took me to fix my network settings-


SDFix: Version 1.240
Run by Apu on 2009-02-15 at 13:44

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 13:46:12
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

C:\Documents and Settings\Apu\ocvdl.exe [1288] 0x89A2B8B0

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1a,f4,b3,12,7b,1d,03,a0,07,13,a2,6e,6f,c0,de,47,fb,25,3d,8b,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,81,7b,e2,5a,59,35,ab,be,d2,2a,bf,42,c4,cd,f5,54,..
"khjeh"=hex:74,98,ef,fb,4e,e9,6e,a1,9a,d7,fb,25,f6,e4,d3,cf,d4,4f,c7,21,8c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,b2,1a,55,0f,e6,c7,2f,51,82,30,3b,29,9f,1d,6c,10,d4,0c,f6,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:1a,f4,b3,12,7b,1d,03,a0,07,13,a2,6e,6f,c0,de,47,fb,25,3d,8b,c4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e2,81,7b,e2,5a,59,35,ab,be,d2,2a,bf,42,c4,cd,f5,54,..
"khjeh"=hex:74,98,ef,fb,4e,e9,6e,a1,9a,d7,fb,25,f6,e4,d3,cf,d4,4f,c7,21,8c,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7c,b2,1a,55,0f,e6,c7,2f,51,82,30,3b,29,9f,1d,6c,10,d4,0c,f6,a4,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\bdki.exe"
Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\fhkuk.exe"
Sun 15 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\ocvdl.exe"
Sat 14 Feb 2009 31,744 A..H. --- "C:\Documents and Settings\Apu\wgnp.exe"
Mon 20 Aug 2001 86,016 ...H. --- "C:\Program Files\Sid Meier's Sim Golf\go_ez.exe"
Mon 20 Aug 2001 598,016 ...H. --- "C:\Program Files\Sid Meier's Sim Golf\Sid Meier's SimGolf_EZ.exe"

Finished!



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 PM

Posted 15 February 2009 - 01:16 PM

Hi it appears this rootkit wants to have control. It may be gone but I think it best to look deeper with tools in the HJT forum.
We need to run HJT.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know it it went OK !
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 robotpajamas

robotpajamas
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 15 February 2009 - 11:06 PM

Thanks a lot, man. I appreciate your help.


In the unlikely event you need help with guitar or anything Indian, hit me up :thumbsup:

I posted a thread here-

http://www.bleepingcomputer.com/forums/t/203801/hijack-this-log/

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 PM

Posted 16 February 2009 - 10:34 AM

Thanks I will keep that in my notes.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Post in this thread when you haven't received an answer in five days.".

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users