1,366 Posted Topics
 | Re: Infected j think Sorry but the first log cannot be read. Have you followed the steps given [B][URL="http://www.daniweb.com/forums/thread134865.html"]HERE[/URL][/B] with the exception of the Deckard Scanner of course. We need to see logs from MBA-M, ESET Scanner both referenced in the link I just gave you. How large is the hard drive? How much … |
| | Hi Meros, Welcome to daniweb. First of all I see by your log you are running TWO anti-virus programs on the machine, Norton and Avast. This is an absolute No-No. One of them must be completely UNINSTALLED. If the Norton is current and not expired since it is a paid …  |
| | [QUOTE]Would going back to before I got the initial infection via System Restore work? I'm pretty sure I know exactly when I was first infected (4/8/09 at 6:48 a.m.)[/QUOTE] No it would not. System Restore is generally not considered for removal of items...especially infections. Leave System Restore alone for the … |
| | Hi beezaah, you say you have posted here before but can find no previous posts for you and your info shows this is your first. We really can't give advice on anything until we see the logs. That is why we request them. Can you post both the MBA-M log … |
| | SpyHunter is not currently one of the recommended programs here because of mediocre performance as an anti-spyware scanner. In years past it was list as a Rogue Program and has been removed from that list but it still is not one of the recommended tools. Now since you say this … |
| | Hi, first of all you should know that HiJackThis isn't a fixer program really, it just gives somewhat of a snapshot of what may be running on the computer or if there are signs of infection. You need to do the following: Please download[B][URL="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"] Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. … |
| | See if you can do the following; download [B][URL="http://www.besttechie.net/tools/mbam-setup.exe"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it … |
| | Re: wjps.exe ??? We need to see scans from MBA-M and ESET online scanner. Be sure to have each program REMOVE whatever is found. Reboot after each scan and after both are run then run a new HJT scan and save that log. Post back here with all three logs. Judy |
| | [QUOTE]I have done a cleanup but still have the same redirecting problem and none of my cleaners / scanners have found the problem.[/QUOTE] We need to know exactly what steps and programs you have used for clean up. What was found and where. We need to see logs of the … |
| | [QUOTE]Note: When I ran Malwarebyte's Antimalware and removed the selected infected items, I got a notice saying that a few items were not able to be removed.[/QUOTE] Those would be those noted "Delete on Reboot". Reason then can't be removed immediately is the files are in use. This means you …  |
| | Please download[B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"] Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B] * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, it will download and install the … |
| | Please download [B][URL="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B] * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, it will download and install the … |
| | Also, your HiJackThis program is way out of date. Please remove that one from the computer and download the [B][URL="http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe"]latest version[/URL][/B]. AFTER you have run the MBA-M scan, had it remove everything found, REBOOT the computer and run a new HJT scan with the new version. Post back here with … |
| | It is ctrl-alt-delete not alt-cont-delete. But even using those keys will only open Task Manager, then you have to end a process when you are in there, it doesn't stop something just pushing those keys. You are using an out of date version of [B][URL="http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download"]HiJackThis[/URL][/B]. Remove that one and download … |
| | Have you tried ending these iexplorer processes? Please do the following...[B]BUT DON'T use combofix[/B] unless FIRST directed to do so... Follow these steps: Please Download [B][URL="http://www.atribune.org/ccount/click.php?id=1"]ATF-Cleaner.exe by Atribune[/URL][/B](Windows XP, 2K, 2003 & Vista ONLY) You can put ATF-Cleaner on your Desktop for easy access. Leave it for now Next, Right … |
| | [QUOTE=username333;826323]Hmm.. my suggestion is .. i think you should reformat your computer. Back up all important files.. Just trying to help :)[/QUOTE] Rhys, At this point the above advice is somewhat drastic. First of all [B]Turn OFF[/B] BITTORRENT and [B]all other P2P[/B] programs and don't use them, or better yet, … |
| | First of all: Disable Spybot's TeaTimer as it can interfere with fixes done or attempted. * Run Spybot-S&D in Advanced Mode * If it is not already set to do this, go to the Mode menu select Advanced Mode * On the left hand side, click on Tools * Then … |
| | I really hate to be the bearer of bad news, but this virus is so destructive to key files on the computer that most of the time, general advice is to reformat the computer. This advice seems to be given even if the antivirus programs run can remove the virus, … |
| | I would like to see [B]all new[/B] scans please. Update MBA-M and do a FULL System scan, allow it to REMOVE all found. Save the log. REBOOT the computer. Run the[B][URL="http://www.eset.com/onlinescan/"] ESET Online Scanner[/URL][/B] and post the ScanLog with your post for assistance. [B] * You will need to use …  |
| | First of all Disable Spybot's TeaTimer as it can interfere with fixes attempted. * Run Spybot-S&D in Advanced Mode * If it is not already set to do this, go to the Mode menu select Advanced Mode * On the left hand side, click on Tools * Then click on … |
| | We need to see the MBA-M log |
| | Just post the logs from ONE computer, it is hard to work with more than one at a time. Once we are finished with one then we can move onto the next. Post the log here, state problems you are having and one of us will help you. |
| | So sorry you had to wait so long for a reply. Your HJT log is incomplete. The top portion is missing, the part that says something like this: [QUOTE]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:06:34 PM, on 2/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer … |
| | You need to begin with the following steps; Please download[B][URL="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"] Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B] * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update … |
| | First of all, next time you post logs from Notepad please be certain that Wordwrap is OFF. Now, do the following: Please download [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe [/B]and follow the prompts to install MBA-M. [B]* Be sure a checkmark is placed next to Update Malwarebytes' … |
| | 1st of all, Disable Spybot's TeaTimer, it will interfere with fixes done. * Run Spybot-S&D in Advanced Mode * If it is not already set to do this, go to the Mode menu select Advanced Mode * On the left hand side, click on Tools * Then click on the … |
| | [QUOTE=scripted;819221]Hi Community. Can anyone tell me how to remove REG/Zapchast.H and BAT/Zapchast.CE viruses? Thanks, scripted[/QUOTE] Nobody can give any info until WE have info...operating system, av program, firewall, anti-malware programs and, most important, how do you know you have these on the computer? |
| | Ok, just be calm. We are going to try to get this cleaned up. It would be easier for people here to read if you would run the Uninstall Manager in HiJackThis. It will produce a list and you will need to copy/paste that list, exactly as it shows into … |
| | Are you on dial up? I see you are running Avira antivirus which is good and you are also running McAfee Site Advisor. Good program basically but it does come with some slow down issues as it has to retrieve information about every webpage you access, or every link in … |
| | Re: virus wipe out Try safe mode with networking. This will load minimal items but enough to get it online. See if Norton is still installed on there, if it is UNINSTALL it. Then try installing Avast, update it and run a scan with it. Let it remove what it finds. IF you are … |
| | [QUOTE]I've have been told I have a virus but I can't find it[/QUOTE] WHO told you that you have a virus? If it was a person...why? If it was your anti-virus program then it should have given the name and location and WHY it couldn't remove it. Please do the … |
| | Hi and welcome to daniweb, For the missing desktop icons be certain you don't have them hidden. Do this: Right click your desktop -> Select "Arrange Icons By" Verify that the option to "Show Desktop Icons" is checked Now for your infections, yes they are still there, I see at … |
 | Turn Off TeaTimer, it can interfere with fixes done. * Run Spybot-S&D in Advanced Mode * If it is not already set to do this, go to the Mode menu select Advanced Mode * On the left hand side, click on Tools * Then click on the Resident icon in … |
| | [QUOTE]What do I need to do to find out if it came from my home computer or one of my USB drives? [/QUOTE] There are definitely some infections which can be transferred via USB drives. Now if you transferred files via email from the home computer or from the home … |
| | Sorry, but you evidently are referring to another thread on this forum since you have titled this Re: Rundll32 file not found!! Can you provide more information than this please? We need to know when this happened and how you know this. Just because your computer exhibits the same symptoms … |
| | Where is the MBA-M log? |
| | [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] download, install and update. Single file scanning is not slow. Right Click that file and choose Scan with Malwarebytes' Anti-Malware. One should never save or transfer files until you are certain they are clean. If they are infected then yes, the infections quite possibly transfer to the … |
| | Re: Slow PC Going through your HJT log nothing jumps out except all those Lenovo programs running at start, which are not required. You do have some other unnecessary starts but don't honestly know if those would slow the computer so much. One thing I did find concerning the Windows Defender problem is … |
| | Run HiJackThis again. Place a check mark next to the following entries; O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] … |
| | For one thing your version of MBA-M is way out of date. The current version is 1.34 and database version is 1798. You should always make it common practice to update MBA-M before each and every scan. It commonly updates more than once a day so it can have updates … |
| | Hi, welcome to daniweb. Please do the following: download [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. *[B] Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, … |
| | Check for this: Open Device Manager and on the VIEW Tab, select the Show hidden devices option. Go down to non plug and play drivers and see if there is one called TDSSserv and disable it. It it was there and you could disable it then try to [B]download, install, … |
| | [QUOTE]Crunchie, I have NOT done the things in your last response yet because I ran the Trend Scan and went to bed. I'm holding off on doing anything now until you see this and tell me how to proceed. Sorry to be such a pain.[/QUOTE] Hi, If you had run … |
| | Why do you want to mess with the registry? How are you trying and what message do you receive? |
| | Re: Pop up HELP You really need to explain your problem better than just listing Pop up Help. What types of pop ups for one thing, when did this begin, when do you get them? Please download[B][URL="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"] Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick[B] mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B] … |
| | You need to begin clean up by following all the steps given [B][URL="http://www.daniweb.com/forums/thread134865.html"]HERE[/URL][/B] with the exception of Deckard Scanner. It is no longer available.[B] Substitute instead [/B]as the final step a Full System Scan with [B][URL="http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe"]HiJackThis[/URL][/B] Please post back here and copy/paste the logs from MBA-M, the online scanner and … |
| | You have a very infected computer. You also have STOPzilla installed which, frankly ranks as just a "so-so" program. Those O10's are likely from that program, cannot be certain but found several references to it. Frankly, I would UNINSTALL it anyway, obviously did you no good whatsoever. [B]Every site listed … |
| | You should run these programs in[B] NORMAL[/B] mode. UNINSTALL the program you feel is the offending program. That can be done in SAFE MODE. You can leave your McAfee running when doing these scans but DO turn off SpyBot TeaTimer if you have it running as it can interfere with … |
| | Here is the link for [B][URL="http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html"]AviraFREE[/URL][/B] an excellent antivirus program. Download, install and update it. Run a Full System scan and allow it to remove or quarantine all that it finds. Then go [B][URL="http://www.daniweb.com/forums/thread134865.html"]HERE[/URL][/B] Follow ALL of the steps given WITH THE EXCEPTION of Deckard Scanner which is NO LONGER … |
| | It would really help if we had real information about the computer...operating system, hard drive size and space remaining, programs installed, how much RAM is on the computer, how are you connected to the internet, what EXACTLY were these [QUOTE]unsuccessful un-installations of various softwares[/QUOTE] and how did you try to …  |
The End.