Well I think my best idea there is: I always use valid html with only one html tag. The virus is tagged on the end of the page between two html tags, so if I can count the first html tag with a temp variable I can start and end deleting on the second ones.
Can you give me any example files where I could find the 'search through the hard drive' or 'go down a list of files opening them', and also the 'deleting a block of code'? I'm fairly new to java, so I've done opening one file and reading the contents with the command line, but never anything with multiple files... or deleting from a file.
The background to this question is that I have discovered a virus on one of my computers that adds a block of encrypted activex code to html and php pages. Unfortunately all the virus cleanup tools delete the infected files... being a webdeveloper this means a lot of my 'working files' would be deleted. Luckily none of them are current projects, but I'd really hate to lose my records of past developments.
Since I'm learning java as part of my degree, I was wondering, could java be used to either search my hard drive for php/html files and then remove the block of activex code from them, or could it take a text file input of all the file names (one of the antivirus programs gave me a list of all the infected files as a csv), and remove the block from those files?
Here are some of the options: 1) overheating - does the case very hot? if you take the side off the case does the inside seem hot (by hot I mean something more than warm...) If it does you may need to improve your ventilation - try running your computer with the side off. Be careful not to touch any of the circuits inside the case, and make sure no children are going to insert fingers etc... PC's are 5 and 12V so you shouldn't killl yourself, but it doesn't hurt to be careful. 2) Corrupted system files - this would normally affect everything. 3) Virus/worm/trojan. I think that BHO I pointed out may be the problem here. I can't think of any more, but no doubt there are some.
Recently one of my computers was infected with a vbs worm that spread through a backup folder adding an activeX script to my html pages. When I installed and ran AVG it deleted most of the files.Is there any way to undelete them? I can then remove the code by hand.... (all 450 files :( )
well you have this strange entry in your log: O2 - BHO: wowfawk - {5CE88842-FCF5-7575-9F91-520F80390773} - C:\WINNT\System32\WOWFAWK.dll I can't find any info on it. Do you know what it is?
I don't think this entry should be there either. O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
Wait for someone else to confirm them just in case. You also appear to have a few broken servies in there, but I don't know if there's a bug in that bit or not.
That's because, thougn PNGs suport transparency, web pages generally don't.
What may have happened is that you may have used the alpha transparency feature, which IE doesn't support. Normal transparency is supported in most relatively recent browsers (IE5+). It's all down to the way you export it from your graphics program. Try experimenting with a few different options on your export screen.
Anyways, that was a very good answer actually. Didnt think of anything shorter to say as usual.
lol ;)
Ok.. so this is like a graphics program?
It's the industry standard html editor... generally used with photoshop, the industry standard graphics editor.
Why don't you head over to www.Macromedia.com, and download their 30 day trial version of Dreamweaver? Sort of 'try before you buy', to get a feel for what it does.
Also, could I offer you one piece of advice? Well I'm going to anyway lol ;) Instead of using a massive image and slicing it up to a million little pieces, try using a layout, either in a table from a html editor, or a proper css layout, and use html background colors to save some of your images. That really cuts down your download times, and if your layout breaks it's easier to fix.
Hey buddy Dreamwever is a WYSIWYG coding tool. What comes out of dreamweaver is a reflection of the users graphics skill, not how good the program is. Any text editor in experienced hands can produce exactly the same web site, and that includes Notepad.
Also your image files are corrupted. Check them locally to ensure they're ok, then reupload. Firefox says: "The image has errors and cannot be displayed".
It's not an opinion. It is a fact. The W3 says clearly:
Tables should not be used purely as a means to layout document content as this may present problems when rendering to non-visual media. Additionally, when used with graphics, these tables may force users to scroll horizontally to view a table designed on a system with a larger display. To minimize these problems, authors should use style sheets to control layout rather than tables.
If you scroll down that page you get to the table of contents. Appendix F, the full property table, is very useful if you need to know what CSS properties you can use, or you've forgotten the exact wording of it. Other than that you can look up specific properties in the rest of the spec.
Can you go to this page: http://www.sophos.com/support/disinfection/donkd.html and follow the 'windows disinfector' instructions? You also have a second worm in there which probably won't be removed by that tool, so reboot and post a new log when done and we'll continue from there. cheers
edit: actually it might be a good idea to download the trend dct stuff: http://www.trendmicro.com/download/dcs.asp <- sysclean.exe on this link http://www.trendmicro.com/download/pattern.asp <-latest windows pattern on this link Unzip the pattern into the same folder as sysclean, then run sysclean. I can't remember if it will runin safe mode or not, so you may need to boot normally to do it.
Would you like to post a hijackthis log? You can download the current version from http://radiosplace.com/ - just hit the 'scan and save log button', then post it in here. Cheers
My usual technque is to nest a number of divs, and apply the solid background color to the bottom one, along with the first corner, then have the rest transparent, but each has a different corner as a background. I'll find an example for you if you like. If you examine the ebay code you find a link to the following image: http://pics.ebaystatic.com/aw/pics/navbar/topLeft_12x12.gif it's just droppped in front of the text and gives the rounded corner effect, whilst allowing the block to expand (theoretically).
you mean bootorder of device channels, you still have to boot off of Master though? just select which ide cable it's on
in response to this:
why can't you install dos on your slave drive by switching the boot sequence in the bios?
If it is, then actually you can on every pc I've ever touched. If you hit 'boot sequence', you can change it through hard drives 0 to 3, which correspond to every available plug on your ide buses. Master or slave on both cables. The drives then switch letters under windows.
well you could consider using a partition resizer like http://www.zeleps.com/ however, they all reccomend you back up your data in case it goes wrong....
the easycleaner link on step 3 is broken. I guess this is the program it's referring to: http://www.majorgeeks.com/download414.html I would suggest that you don't use the 'find duplicate files' option in this program as it has been known to remove essential system files.
actually this might look better <div style="text-align: center;"> <div style="margin: 0 auto; width: 300px;"> <img src="logo/logo%20(4.09).gif" style="margin: 1em auto;" width="194" height="91"> <h1 style="color: purple; /*insert hex color */">Your Holiday Special from Exotic Publishing </h1> <p>While everyone is spending tons of money on gifts for the holidays, here is your chance to save with Exotic Publishing.</p> <p> Just click on the link below to purchase your "How to Become an Escort" e-book and save your 15% for a Limited Time Offer.</p> <p style="margin: 1em 0;"> <a href="http://www.ewebcart.com/cgi-bin/cart.pl?merchant=3107&add=1&item_id=20">Add to Cart</a></p> <p>From all of us at Exotic Publishing, we wish you a Happy & Healthy Holiday Season. </p> <p style="margin: 1em 0;">Michelle<br> Exotic Publishing</p> </div> </div>
is there a file called "logo 20(4.09).gif" in a logo subdirectory? e.g.has the stuff in brackets been added as an extra and screwed up the link?
Also where do you link to your website style sheet?
Also would table-less design be easier? e.g. <div style="text-align: center;"> <img src="logo/logo%20(4.09).gif" style="margin: 1em auto;" width="194" height="91"> <h1 style="color: purple; /*insert hex color */">Your Holiday Special from Exotic Publishing </h1> <p>While everyone is spending tons of money on gifts for the holidays, here is your chance to save with Exotic Publishing.</p> <p> Just click on the link below to purchase your "How to Become an Escort" e-book and save your 15% for a Limited Time Offer.</p> <p style="margin: 1em 0;"> <a href="http://www.ewebcart.com/cgi-bin/cart.pl?merchant=3107&add=1&item_id=20">Add to Cart</a></p> <p>From all of us at Exotic Publishing, we wish you a Happy & Healthy Holiday Season. </p> <p style="margin: 1em 0;">Michelle<br> Exotic Publishing</p> </div>
Are you sure you didn't download the update which actually detected the virus you had? ;) In any case, I once took a pc out to a client, set it up, dialed up the internet to download zonealarm cos I hadn't got the disk and had the blaster virus berfore I'd got from the tiscali homepage to Zonelabs... so yes viruses can hit you fast... I usually reccomend AVG and Zonelabs. (just to return to the topic) :cheesy:
Does it make any difference when it just shows the number, not the description or address? e.g. do a google search for that number and it has a description and an address, whereas here it has neither... Also one of my pcs shows all the dpf entries without the descriptions/address. Just wondering... ;)
Nothing really showing in there that I can see. First item is only if you don't recognise it as your homepage, the others are just broken links (as shown by the (file missing)).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=home&SEC=bnav O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Tick them and click 'fix checked'. then reboot and post a new log just in case.
Also I'd suggest you move HJT into a folder e.g. c:\hjt\hijackthis.exe The reason being that when it creates backups it's a good idea to be able to find them again, rather than having to search the hard drive for them.
edit: btw did you get spoolsv.exe from someone else? I was about to send it Saturday and it was showing as running in your log... so I thought I'd check first!
They both mean a html file. the reason that there is two, is that seriously old computers only supported 3 letters in the file extension. Now that is no longer a problem, but people just haven't moved on. So just use whatever is easiest for you - some editors make .htm files by default, some .html. Just don't waste your time going round changing them all...
I looked in my recycle bin for spoolsv.exe and it's gone.
1) Is there somewhere I can download it to get it back? 2) If not, is it essential
I think it's essential for printing. I will zip it and email it to you later when I get home, assuming you're happy to accept exe files from me!
I have Ad-Aware 6.0 Personal. A friend sent it to me and it's been great. Is the one you mentioned better or are they the same?
Same program, but the link I gave is to a newer version - they've changed the numbering system and gone to 1.05 for some reason. If you press the update button on your version it should tell you that. I think updates have been suspended on your version, so it might be a good idea to download the new version when you have time.
My computer is running a lot better. My pages are loading without errors, pics are showing up, and I haven't had one instance of that dreaded "Page cannot be displayed. The page you are looking for is currently unavailable."
I found PC=cillin on Trend Micro's website. I'm thinking of running the free scan and then downloading the free evaluation version for future use. Good idea or not
lol they are virus files. Virus writers are now naming files to look like system files, which is probably why you're worried. Anyway, if you google them all, you come up with the following info:
C:\WINDOWS\System32\svcload.exe http://www.google.com/search?hl=en&lr=&q=svcload.exe if it was legit then LIUtilties would be top of the list. As it is there is simple a much reduced list and every time it occurs it is in a HJT log and marked to be removed. so...
R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [Video Process] sysconf.exe O4 - HKLM\..\Run: [RpcxWindows Extensions] rpcxwinex.exe O4 - HKLM\..\Run: [Rpcx Intelligent Security] rpcxis.exe O4 - HKLM\..\Run: [Microsoft Windows Key] rpcxsys.exe O4 - HKLM\..\Run: [RPCMicrosoft Original Windows Updater] rpcxmowu.exe O4 - HKLM\..\RunServices: [RpcxWindows Extensions] rpcxwinex.exe O4 - HKLM\..\RunServices: [Rpcx Intelligent Security] rpcxis.exe O4 - HKLM\..\RunServices: [Microsoft Windows Key] rpcxsys.exe O4 - HKLM\..\RunServices: [RPCMicrosoft Original Windows Updater] rpcxmowu.exe O4 - HKCU\..\Run: [RpcxWindows Extensions] rpcxwinex.exe O4 - HKCU\..\RunServices: [RpcxWindows Extensions] rpcxwinex.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Choose fix checked, reboot in safe mode by repeatedly pressing f8 during bootup, then delete the following files. (probably located in C:\windows\system32) sysconf.exe rpcxsys.exe rpcxis.exe rpcxmowu.exe rpcxwinex.exe
You may need to go to tools -> folder options -> view to show hidden and system files.
Then search for all those filenames in the windows find feature, and delete any of those files that it finds in the prefetch folder.
Then reboot and post a new log.
PS you may want to wait for someone else to independantly confirm this.
um... dmr said to delete spoolcsv.exe, not spoolsv.exe... Look in your recycle bin to see if it's still there. If spoolsv.exe is in your recycle bin then restore it.
DSO exploits can be ignored - it's a bug in spybot. there is a fix you can download but it's not worth it.
1) AVG is good 2) umm... I have it installed, but there isn't really a concensus of opinion on whether to go for it or not. In any case you need to get your spyware cleaned up first. I'm not sure why it's come back this time. 3)Ad-Aware from www.lavasoft.de is good. Normally I use it with Spybot though.
Let's try this:
alt + ctrl + del end the following processes: C:\WINDOWS\System32\winupd.exe C:\WINDOWS\System32\winxp2.exe C:\WINDOWS\System32\svcload.exe C:\WINDOWS\System32\syswin32.exe
the trick is the custom palette. It doesn't work if it's a photo, but say it's something like my logo. because it's two colors I use the custom palette (optimised octree), reduce it to 17 colors, and it's down to 1,729bytes. Whereas a gif in the same optimised octree palette is 2,380bytes. Same image, same palette.
go to the hijackthis link in my sig, download to a permenant folder, run it, choose scan, then save log once it's done. Then post the log in here. Don't tell it to fix anything as most is legitimate. That way at least we can eliminate virus/spyware as a cause.
ok lots of bad stuff in your log, but before someone can help you, can you: 1) Update to the latest version of HiJackThis - try http://www.spychecker.com/program/hijackthis.html if you can't find it. 2) Put HJT into it's own folder, not in a temp directory. for example go to my computer, open the c drive, right-click to make a new folder, call it HJT, then put HJT into that folder. Then rescan and post a new log. Thank you. ;)
