1,366 Posted Topics
 | You ABSOLUTELY have an infected computer. Do steps 2, 7, 8, and 9 [B][URL="http://www.daniweb.com/forums/thread134865.html"]here[/URL][/B]. When doing step 9, the ESET Online Scanner please allow it to FIX or REMOVE whatever is found. Be sure to REBOOT after using MBA-M and also the ESET Online Scanner. Be sure to save both …  |
 | Do steps 7, 8 and 9 given [B][URL="http://www.daniweb.com/forums/thread134865.html"]HERE[/URL][/B], be sure to reboot after MBA-M and ESET Scanner. Then do a new HJT scan and post all three logs here. |
| | First thing I note is you are running NO anti-virus program and no firewall, unless you are using the built in Windows Firewall. I see the following listings on the HJT log: R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} … |
| | Honestly have no clue what your thread title means. You need to spell out some symptoms so we can actually know what to look for in your log. One thing I do see is you are running TWO antivirus programs. ESET NOD32, which is an excellent program, and Spyware Terminator … |
| | [QUOTE=mheidi;764247]I'm using Windows XP[/QUOTE] MBA-M works perfectly well with XP. Is that what you are asking? See this info from their website: [QUOTE]Operating Systems: Microsoft ® Windows 2000, XP, Vista.[/QUOTE] Judy |
| | You may be using Firefox, but where is your full antivirus program? I see some Norton files but it doesn't appear to be the full program running, am I wrong? |
| | [QUOTE]I ran HijackThis but did not come up with any checked instances, so I just closed it. [/QUOTE] Not exactly certain what you mean by "checked instances" HJT is just a scanner. Can you run it again and save the log and post it here?  |
| | Hi, some questionable entries there for sure. First of all you must TURN OFF the Spybot TeaTimer as it will interfere with fixes attempted. To do this open the program. Go to Mode, Advanced. Then go to Tools and Click Resident. When Resident opens take the check mark OUT of … |
| | Not sure what problems you are having for sure, we need a bit more of a description but one thing I note, you are running AVG8 antivirus, which is fine BUT there is at least one file of an old Norton program running and it most definitely should be removed. … |
| | Re: Please Help Me I may be wrong but it certainly looks to me as if you are running TWO anti-virus programs. I cannot find any information for a stand alone Norton firewall. This appears to be contained within various Norton Security programs, all of which also contain Norton Anti-virus. Your HiJackThis log shows … |
| | The files found by MBA-M are in your System Restore. The HiJackThis scan was run while the computer was in safe mode. This will not give a clear picture. It must be run in Normal Mode. Was the MBA-M run in normal or safe mode? This program is designed to … |
| | Here is the link that caperjack is referring to [url]http://www.daniweb.com/forums/thread134865.html[/url] Also, please turn off the SpyBot TeaTimer as it can interfere with any fixes attempted. To do this open the program and go up to Mode. Choose Advanced. Then go to Tools and then choose Resident. When that opens take … |
| | Try again also turning off the BitDefender Antiphishing Helper and see if you can get that Windows Malicious Software Tool. |
| | I honestly think none of us know what to tell you here. Since you cannot get into Windows it seems you cannot run the programs needed. It sounds to me, I could be wrong, that key windows files have been damaged by whatever it was you downloaded or the attempted … |
| | [QUOTE]I have tried combofix and a bunch of other stuff that usually works for me.[/QUOTE] First of all combofix is not a "regularly used" tool. It should only be used when directed to do so and never should be re-used on another problem. The instruction to use combofix in a … |
| | These files should be copy/pasted into a reply not attached. Can you do that for us? Thanks, Judy |
| | Your log basically looks clean to me. You could run HJT again and place a check mark next to these entries: O2 - BHO: (no name) - {D6C69009-9E98-4DDC-9A25-BC2EF6520908} - C:\WINDOWS\system32\ddcCRLCu.dll (file missing) O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing) O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} … |
| | [QUOTE]Is there a virus still? I scanned with adaware and spybot too but I'm just makin sure thanks [/QUOTE] Neither of those programs would remove a virus, they would only remove spyware/malware and adware. What virus did you have and how was it removed? I don't see anything in the … |
| | Try this on the infected computer: Open Device Manager and on the VIEW Tab, select the Show hidden devices option. Go down to non plug and play drivers and see if there is one called TDSSserv and disable it. Then see if you can get online. If you can then … |
| | This thread is 18 months old and he refers to a thread which is 4 years old so don't consider anything in these two threads as now gospel. Many things have changed since the original 4 year old thread quoted here in this 18 month old thread. The original poster … |
| | [QUOTE=timbang;771176]From reading other threads, I realize I ought to delete any TDSS files. My problem is when I go to search for files, I get the bue screen of death. I don't know what step to take now. I managed to download combofix from the zip Cohen put up (thanks) … |
| | You are running two anti-virus programs on one computer. This is an absolute NO-NO. Please TOTALLY uninstall one of these. What version of HiJackThis are you using? You didn't post that top line of the scan which tells us the version of HJT. Current version is 2.0.2 If you are … |
| | Re: jeefo removal Have to be honest here, never heard of Dr. Web 32. It certainly isn't something I have see recommended here. Do the steps we commonly recommend [B][URL="http://www.daniweb.com/forums/thread134865.html"]here[/URL][/B] especially MBA-M, the ESET online scanner followed up by a full system scan with [B][URL="http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download"]HiJackThis.[/URL][/B] When you have completed those three programs post … |
| | Re: Too many Trojans Are these the ONLY items found and removed by MBA-M? I really need to see the entire log, from top to bottom. |
| | Please download [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B] * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, it will download and install the … |
| | First of all I don't see two anti-virus programs running BUT no matter, get rid of the second one now. This will actually lessen your protection not improve it. It is recommended that instead of installing two anti-virus programs on the same machine, which is a definite NO-NO for the … |
| | Follow the instructions given [B][URL="http://www.daniweb.com/forums/thread134865.html"]HERE[/URL][/B] Ignore the section about Deckard Scanner and use instead [B][URL="http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download"]HiJackThis[/URL][/B] post back with all requested logs. |
| | [QUOTE]i know they can compromise one another and exacerbate the dilemma, so please don't bother to tell me it is that[/QUOTE] I won't but it could have..... You say you ran combofix. This is NOT a tool that should be run without being told to do so as it is … |
| | Hi Paul, sorry we somehow missed your post. Please try the following routine given in the MBA-M forum to see if you can get into this forum with the infected computer. * Click on Start, click Run, and then type devmgmt.msc and click OK * On the View menu click … |
| | We would need to see some logs in order to have an idea of what may be going on with the computer. First do the steps listed[B][URL="http://www.daniweb.com/forums/thread134865.html"] HERE[/URL][/B] but ignore step concerning Deckard Scanner and substitute instead HiJackThis. Download [B][URL="http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download"]HiJackThis[/URL][/B] Do a full system scan with it and save the … |
| | We rarely recommend registry tools. Many of the fix tools we note do correct registry problems when fixing. If you will note your MBA-M log registry problems WERE fixed and removed. The warning you received from AVG notes this tool was not a good one and you were wise to … |
| | Follow all the steps given[B][URL="http://www.daniweb.com/forums/thread134865.html"] HERE,[/URL][/B] with the exception of Deckard Scanner instructions. That program is no longer available. Substiture instead a full system scan with [B][URL="http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe"]HiJackThis[/URL][/B]. Post back here with all requested logs. DO allow all programs run to clean or remove all items found.  |
| | [QUOTE]3. Ran the EST online scanner (will attach screenshot of results)[/QUOTE] You need to have the ESET Scanner clean those items and then save the log and post that here. Two of those files found by ESET are .tmp files and should have been removed by AFT Cleaner We definitely … |
| | Hi Osterman and welcome to daniweb. First of all SuperAntispyware is a good program so no worries for you there. Couple things you need to do, TURN off Spybot TeaTimer because it can interfere with fixes done also turn off AdAware Service as it can also interfere. To turn off … |
| | We need to see a log of MBA-M AFTER fixes have been completed. Also a full system scan log of HJT also completed after a reboot following MBA-M. Judy |
| | You doing file sharing? Also what is your location? |
| | If the song files are infected then I doubt there is anything you can do to correct that but remove them, as they have probably been damaged. If the files are still on the computer then the computer IS still infected also. [QUOTE]I listen to it either in car music … |
| | Re: help please!! Please try the following routine given in the MBA-M forum to see if you can get Malwarebytes to run. * Click on Start, click Run, and then type devmgmt.msc and click OK * On the View menu click on Show hidden devices * Browse to Non-Plug and Play Drivers and … |
| | #1 here is that you never have two anti-virus programs on one computer. This would be one reason neither work correctly and your protection was lowered. If both are old then uninstall both. If one is current then keep that one and totally Uninstall the expired one. Then try the … |
| | I don't really see anything in the log indicating infection. The only thing I see are a LOT of unnecessary processes running and yes, some unnecessary start ups. There really is no reason for a program such as Speed Startup. While there is nothing wrong with this program, the best … |
| | Ok, first of all to rikonos, the original poster of this problem, we need to know what your operating system is and if you have all the latest updates for your Microsoft programs. Had you installed anything new prior to these errors occurring? Have you done full system scans with … |
 | This infects the computer via USB media drives and instant messaging clients Yahoo! Instant Messenger and Microsoft Windows Live Messenger, AOL IM. You also have to clean the USB drive also, if you don't each time you plug it in you will re-infect the entire computer. I also must again …  |
| | Turn off that uTorrent for the duration. Also turn off IndieVolume Run the [B][URL="http://www.eset.com/onlinescan/"]ESET Online Scanner[/URL][/B] and attach the ScanLog with your post for assistance. [B]* You will need to use Internet Explorer to to complete this scan.[/B] [B] * You will need to temporarily Disable your current Anti-virus program.[/B] … |
 | Download [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install MBA-M. [B]* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, it will download and install the latest version. … |
| | Let's try this: Open Task Manager. To do this hit the Ctrl-Alt-Delete keys. When Task Manager opens find the following running processes; aIg.exe winlogin.exe csrssc.exe If you find any of the above then highlight and click End Task. IF you are able to stop these then see if you can … |
| | You shouldn't have run combofix without first posting the MBA-M logs showing items fixed and then the HiJackThis log run after a reboot. Also combofix was run from c:\documents and settings\ and it should have been run from the desktop. [QUOTE]The administration tools shows an empty message as well as … |
| | We need to know operating system and also Internet Explorer version. How long has this been happening? Did you install anything new prior to the errors beginning? Have you done a scan with your updated antivirus program? Check the Event viewer and see if it lists anything with Red X's … |
| | Hi welcome to daniweb, Please download [B][URL="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button"]Malwarebytes' Anti-Malware (MBA-M)[/URL][/B] to your Desktop. * DoubleClick [B]mbam-setup.exe[/B] and follow the prompts to install[B] MBA-M.[/B] [B]* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.[/B] * If an update is found, it will download … |
| | Re: Hijacked? You didn't allow MBA-M to fix anything. You need to run the program again, once it finishes scanning then be sure everything is checked and click Remove Selected. Reboot and then see if you can download HiJackThis. Judy |
| | We need to see the MBA-M log too please. Thanks Judy |
The End.