crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Hardware and Software
>
Microsoft Windows
>
Viruses, Spyware and other Nasties
>
Win2000Pro Desktop Black Screen Message Virus Warning Fix?
Have something to say? Contribute New Article Reply to this Article Win2000Pro Desktop Black Screen Message Virus Warning Fix?
A few days ago I accidentally inadvertently clicked upon a popup ad that I was trying to get rid of and a black screen appeared on my desktop replacing my wallpaper with a message that still reads, 'Warning, your computer is infected!
How the hec do I get rid of this ruddy thing?
I am fairly new to computers, therefore, at this stage will not go into areas of the computer where I have no knowledge. I have tried using various tools to assist me to change this situation, get it back to normal, to no avail so far.
I have on the computer Symantec Premier System Tools 2005 + AVG Grisoft free edition, also running Spybot Search and Destroy, Adaware, CWShredder, AdwareAway, SpySubtract, Trojan Remover, SysClean and finally Norton GoBack.
An hour or so ago I ran the Trojan Remover, at least the computer after running this speeded up considerably, prior to this it was attaining web pages dead slow.
The computer is a Compaq PIII.
Please be patient with me if you would be so kind, walk me through the process and please help to get this machine; virus, trojan, doodah this and doodah that, completely free of all this crap that seems to have found it's way on here.
Would really appreciate professional experience upon this from someone trustworthy.
Please keep it as simple as possible.
Thank you ever so much for your time and consideration.
All the best!!
Mark
Thanbk you for taking the time to assist with this.
You say that once I have downloaded the self extracting zip file (done) to double click on the file something or other. How do I do this? What do I click on next?
Thank you for your patience!!
Mark
Hi. Just double click on the file you downloaded and follow the prompts. It should self install to C:\Program Files\HijackThis
Go to that location and double click on hijackthis.exe and then follow the instructions from my previous post :).
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Some of what you say makes sense, the rest is like the French language, however - Do I now copy and paste the contents into my next reply or ought I to put the dooberry somewhere else? My apologies for my complete lack of computer language!! Appreciate your help and thank you for getting back to me.
So I take it you have scanned with hijackthis and have a log that it created? If so, open the text file and then highlight the entire text by pressing Ctrl+A together. All text should now be highlighted. Now press Ctrl+C and the text will be copied to the clipboard. Hit the reply button here and then press Ctrl+V and the text will be copied here.
--
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete".
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Not sure that I have / am doing the right thing here, but here goes:
I'm not sure either :D. Did you download from the link that I gave you? What you posted there was an online scanner. I gave you a link for the actual hijackthis program to install on your pc. If you go to other threads here, you will see what is needed to be posted :).
Did you try the other suggestion from my previous post?
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Ok I cocked up I can see that, my apologies.
I followed your instructions ( I think (hopefully)):
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete".
Clicked Start, clicked Settings, went into Control Panel, clicked on Display, so far so good, that made sense, but where the ruddy dickens is Customise Display, not showing up, hmmmmmmmm my apologies for being just ever so slightly thick as five short planks of wood, but what now? :rolleyes:
Oh my giddy aunt, computer language is more baffling than bloomin French!!
Aghhhhhhh!!! You poor sod putting up with me!!
Can we get this any simpler?
I've edited this section for I was not sure whether it was wise to post the entire logfile here. Is that what you need me to do?
Apologies for being so cantankerous.
Ok I cocked up I can see that, my apologies.
I followed your instructions ( I think (hopefully)):
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete".Clicked Start, clicked Settings, went into Control Panel, clicked on Display, so far so good, that made sense, but where the ruddy dickens is Customise Display, not showing up, hmmmmmmmm my apologies for being just ever so slightly thick as five short planks of wood, but what now? :rolleyes:
Oh my giddy aunt, computer language is more baffling than bloomin French!!
Aghhhhhhh!!! You poor sod putting up with me!!
Can we get this any simpler?
My bad. In W2000 just click on the web tab not the customise display, which I don't think exists.
As for the log........almost got it. What did you save it in? The log you posted looks like the results from an online scan that you did, yes??
We need to start again from the beginning. Download onto your pc, the hijackthis program from the link that I provided in my first post. Do not go anywhere else :). Scan your pc with that program only. When the scan has finished the scan button will change to a save button. Save the log to your desktop where it will be easy to access. Copy the entire log and paste it back here please.
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Ok I'll try, I'm sooo sorry to be such an annoyance.
As a present for you in the meantime feel free to peruse my landscape photographs: http://inlunarsunphotography.myphotoalbum.com/
In your spare time, sit back and enjoy!! Click on any photograph on the left to be taken to a new page, click on Slideshow.
Logfile of HijackThis v1.99.1
Scan saved at 04:47:41, on 06/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\inet10079\winlogon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINNT\system32\UMonit2K.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINNT\YumgoHomepageProtector.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E96RIB65\hijackthis_sfx[1].exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abebooks.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.abebooks.com
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2K.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\\histkill.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - Startup: BJ Status Monitor Canon i350.lnk = C:\Documents and Settings\Administrator\cnmss Canon i350 (Local).exe
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://inlunarsunphotography.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Sorry I'm getting a bit slow at this only it is 4:51 in the morning here and I'm ever so knackered. Tell me, have I done it right this time, only I think I followed your instructions to the letter. Please advise if I have done anything wrong.
Cheers mate!!
OK I clicked on Web after doing the Control Panel thingermejiggy but can't see no box with any delete function or something or other???
Looks a lot better. You have the latest version of smitfraud.
-
The annoying message on your desktop is kind of hard to get rid until you do the following.
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
-
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.
Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
*IMPORTANT* CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES
* I need you to copy all of the Killbox file paths below and paste them into Notepad.
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINNT\sites.ini
C:\WINNT\popuper.exe
C:\WINNT\System32\hhk.dll
C:\WINNT\System32\wldr.dll
C:\WINNT\System32\helper.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\shnlog.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\msmsgs.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\ole32vbs.exe
C:\WINNT\inet10079\winlogon.exe
C:\WINNT\loader.exe
C:\WINNT\System32\LogFiles\A5281300.so
C:\WINNT\System32\winnook.exe
C:\WINNT\System32\desktop.html
C:\WINNT\System32\screen.html
* Please download the Killbox by Option^Explicit . *In the event you already have Killbox, this is a new version that I need you to download.
* Save it to your desktop.
* Please double-click Killbox.exe to run it.
* Select "Delete on Reboot".
* Open the Notepad file where you saved the file paths earlier and copy the file paths to the clipboard by highlighting ALL of them and pressing CTRL + C
* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\WINNT\System32\Log Files
C:\Program Files\Security IGuard
C:\WINNT\inet10079
While still in Safe Mode, do the following:
Make sure all programs and windows are closed, including Internet Explorer. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
Close HiJackThis after hitting the 'fix checked' button.
Reboot into normal mode.
1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run this online virus scan: ActiveScan - Save the results from the scan!
Post a new HiJackThis log along with the results from ActiveScan.
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
You REALLY need to cut down on the amount of security and system tools software programs you have installed on that system! You are taking paranoia to a whole new level, it's a wonder your system isn't slowed down to the point of being unusable, and it's a wonder that you are not getting program crashes and blue screens as a result of all those tools trying to run at once!
Catweazle
Grandad
Team Colleague
4,335 posts since Mar 2004
Reputation Points: 229
Solved Threads: 149
Hmmmmmm now I'm tempted to agree with you, please advise what I ought to get rid of.
Too, in the past two hours tonight I have had a hell of a job just getting my connection back up and running, and yes, now I have a blue screen too with something called smitfruad virus on it (turned my screen from black to blue).
Please keep each step by step instruction as simple as possible in plain English if you do not mind as at the best of times I find this computer language quite baffling.
Did you enjoy my photos?
Best regards!!
Mark
You said:
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
Ok I did that, absolutely nowt happened, well, it did, a white line appeared and if I moved the mouse left or right, by the white line a box appeared then disappeared (sort of), what am I doing wrong now?
Blinkin hec, one of these days I might give up garden design, simply cos it bloomin rains too much here to make it a worthwhile enterprise and take up some sort of software programming instead. If only there was a ghost screen, come box for problems like this that guided you visually every single step of the way. It'd be such an ideal solution and help twats like me from wasting so much of guys like you, time.
Now, where were we?
What do I do next?
Apologies for such ignorance on my part!!
Though your assistance is ever so much appreciated.
I'd much rather be having a conversation about UK politics!!!!!!!!
Bottoms up. Cheers mate!! :rolleyes:
This question has already been solved
You
© 2012 DaniWeb® LLC
