I've been looking through some old posts on this topic, which I do need help on. Most all of them say I ought to run some spyware programs, then HJT, and post a log. So, this is my log after running Ad-Aware personal SE, and SpySubtract. CWShredder catches nothing in normal mode. Any and all assistance would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 10:20:46 AM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
1. Please download the following two "about:blank"- related removal tools. Also print out the instructions given for each regarding their setup and execution:
Run About:Buster and then run HSRemove, being sure to follow the directions you printed out in each case.
2. Open your Add/Remove Programs control panel and uninstall the PartyPoker program if it's listed there.
3. Run HijackThis again and post a new log.
zexy
Apr 25th, 2005 8:22 pm
Re: about: blank virus
I was unable to get the about: Buster program, as the link is either bad, blocked, or broken. I did get HSRemove, and uninstalled PartyPoker. This is now my current log. Thank you for your quick response.
Logfile of HijackThis v1.99.1
Scan saved at 6:15:37 PM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Once you've run About:Buster, please do the following:
- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up)
- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
- For every user account listed under C:\Documents and Settings, delete the entire contents of these folders (but not the folders themselves):
Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!
1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5
- Delete the entire content of your C:\Windows\Temp folder.
- Delete the entire content of your C:\Windows\Prefetch.
Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.
- Empty your Recycle Bin.
- Reboot normally, run HJT again, and post a new log.
I honestly doubt that About:Buster is going to do the trick for all of this, but I'm hoping it can help at least somewhat.
zexy
Apr 25th, 2005 10:06 pm
Re: about: blank virus
I have done as instructed. Here is my new log.
Logfile of HijackThis v1.99.1
Scan saved at 8:03:44 PM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Then, after running 4 spyware programs (AdAware SE, SpySubtract, AboutBuster, and hsrestore), my HJT log looks like this:
Logfile of HijackThis v1.99.1
Scan saved at 8:55:14 PM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Reboot, close any open browser windows, scan with hijackthis, and post a new log please.
zexy
Apr 26th, 2005 12:05 pm
Re: about: blank virus
I have deleted all such things as you told me to, dlh6213. I believe it's gotten rid of the virus! I was unable to delete the O23 security thing. It simply came back after HJT nixed it. I'm guessing it was telling me there was a lack of something, so you can't kill what's not there.
Here is my new log upon reboot, just in case.
Logfile of HijackThis v1.99.1
Scan saved at 10:01:32 AM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
