 |  |  |  |  |  |  |  |
Shopica redirect I can't get rid of!!
Thread Solved |
•
•
Join Date: Feb 2004
Posts: 10,145
Reputation: 
Solved Threads: 770
0
#32 Nov 6th, 2009
Did you flush the dns cache as PP suggested?
Did you run deletedomains?
Are you being re-directed in more than one browser?
When you say there were no results, did it say "nothing found," or what?
Did you run deletedomains?
Are you being re-directed in more than one browser?
When you say there were no results, did it say "nothing found," or what?
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
0
#33 Nov 6th, 2009
I did the dns cache yesterday. It said "nothing found" on the two scans that were suggested. Deldomains said that installation failed and i followed the instructions. i am also being redirected when using IE.
•
•
Join Date: Dec 2006
Posts: 1,024
Reputation:
Solved Threads: 49
0
#35 Nov 9th, 2009
•
•
•
•
Originally Posted by jw22 
any other ideas anyone?
Please download mbr.exe and place it in your C:\ Drive
-- Click START > RUN > type cmd ENTER
At the prompt, type or Copy and Paste: mbr -t > C:\Logit.txt
Let it run and please post the Logit.txt
I'll be back on Tuesday if crunchie doesn't reply earlier.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
0
#36 Nov 9th, 2009
•
•
•
•
Originally Posted by PhilliePhan
Let's try this:
Please download mbr.exe and place it in your C:\ Drive
-- Click START > RUN > type cmd ENTER
At the prompt, type or Copy and Paste: mbr -t > C:\Logit.txt
Let it run and please post the Logit.txt
I'll be back on Tuesday if crunchie doesn't reply earlier.
PP
It says access denied when I hit enter
0
#37 Nov 9th, 2009
This is the only thing that appeared
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x868F9E07]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x868F9E07]<<
kernel: MBR read successfully
user & kernel MBR OK
•
•
Join Date: Dec 2006
Posts: 1,024
Reputation:
Solved Threads: 49
0
#38 Nov 10th, 2009
•
•
•
•
Originally Posted by jw22
This is the only thing that appeared
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
Please run S!R!'s SmitfraudFix Search - Option 1 as per the linky below and post the log for me.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
I have to run, but will be back Tuesday evening EST.
PP
Last edited by PhilliePhan; Nov 10th, 2009 at 1:12 am. Reason: The Usual. . . .
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
0
#39 Nov 10th, 2009
SmitFraudFix v2.424
Scan done at 1:20:08.08, Tue 11/10/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\NYKO\GAMEPA~1\ngpmap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Symantec AntiVirus\vpdn_lu.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 1:20:08.08, Tue 11/10/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\hkcmd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\NYKO\GAMEPA~1\ngpmap.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Symantec AntiVirus\vpdn_lu.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Joe\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» RK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4AECF770-1C91-4129-B483-2C7C0C188F7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E25E62E-EEA1-495B-90EF-0B4A309A27E0}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B334001-151C-40A8-A2E5-872B1ED2C834}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F92BB272-EFE7-438F-AA67-B8CDCD87B5A2}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
•
•
Join Date: Dec 2006
Posts: 1,024
Reputation:
Solved Threads: 49
0
#40 Nov 10th, 2009
•
•
•
•
Originally Posted by jw22
SmitFraudFix v2.424. . . . . . . .
It looks like crunchie and I missed something - I thought I mentioned it earlier, but apparently not.
Please do the following:
Click START > RUN > type cmd and hit OK
At the prompt Copy&Paste the complete text in Red below and hit ENTER:
Copy C:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys C:\
You should get a message confirming successful copy.
THEN:
Please Download The Avenger v2 by Swandog46
http://swandog46.geekstogo.com/avenger.zip
-- Extract Avenger.exe from the ZIP to your Desktop
-- Highlight the complete text in Red below and copy it using Ctrl+C or RightClick > Copy:
Files to move:
C:\atapi.sys | C:\windows\System32\drivers\atapi.sys
-- Now, DoubleClick avenger.exe on your desktop to run it
-- Read the Warning Prompt and press OK
-- Paste the script you just copied into the textbox, using Ctrl+V or RightClick > Paste
-- Press Execute
-- Answer YES to the confirmation prompts and allow your computer to reboot.
In some cases, The Avenger will reboot your machine a second time. No worries.
-- After reboot, The Avenger should open a log – please post that for me and let me know if that had any affect on the problem.
Cheers
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
 |
Similar Threads
- Search Engine Redirect Virus - with Vimax banners. Please Help!!! (Viruses, Spyware and other Nasties)
- Search engine redirect virus (most commonly to a site called shopica.com) (Viruses, Spyware and other Nasties)
- Another Search Engine Redirect Updated Malwarebytes will not remove (Viruses, Spyware and other Nasties)
- please help get rid of virus red circle white x in teskbar (Viruses, Spyware and other Nasties)
- How do i get rid of a hijack?? (Viruses, Spyware and other Nasties)
- need help getting rid of spyware! hijack log included (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Problems with my comp
- Next Thread: Can not access microsoft.com or any other anti-virus sites avg.com trendmicro.com etc
Views: 3828 | Replies: 52
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit explorer fake fancheckvirus firefox gaming google gumblar halloween herss.exe hijack hosting ie8 internet kaspersky legal links mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus rootkit sans school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume warning web windows worm yahoo zero-day
