965 Posted Topics
 | Let's do this: Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other than your Desktop or the Temp folder[/i][/b]. Suitable examples …  |
| | [quote=nizzy1115]or maybe they meant it for the windows xp section?[/quote] Roger that. Ya, it's a dead issue, but let's put it in the correct forum. Moved :)  |
 | Moved to Virus/Spyware/Nasties thread :) |
| | Re: Check Up> Well first off, you're running HJT from a *.tmp folder. Fix this by first creating a new folder in the Program Files, titled 'HJT'. Then, move the HJT icon into this folder and run it from there. Then, fix the following with HJT: [b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://us.rd.yahoo.com/customize/ie/...ch/search.html[/url] … |
| | Well, Ewido didn't kill [i]everything[/i], but alot of it. Begin by opening HJT and placing checks next to the following entries: [b]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet …  |
| | Awsome. I see some things in there, but first, let's run Ewido/CCleaner: Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. 3. Select the [b]"Tools"[/b] menu … |
| | Welcome to Daniweb :) Roger that, you're infected with a SpyAxe infection. Let's begin by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will be created on your Desktop. ______________________________ Next, download the trial version of [url=http://www.ewido.net/en/download/]Ewido[/url]. [list][*]Install Ewido. [*]When installing, under [b]Additional Options[/b] [color=red]uncheck[/color] … |
| | Arg alrite. This one's pesky :) Some of this may sound repetetive, so just bear with us. Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. … |
| | Woah, COMPLETELY don't see how we missed your thread. I apolegize ;) Ok, now for the fix _____________________ First off, I don't see much that could be casuing the problem, BUT, let's fix some things anyways. Open HJT and place checks next to the following: [b]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page … |
| | That's a clean log. Are ya still having problems? Thanks. |
| | Hmm...that IS odd. Adh, try looking inside the System32 folder for other folders that could be similar (where the ? is any letter) Possibilities are: [b]Fants Funts[/b] etc... Report back on what ya find. Thanks. |
| | Welcome to Daniweb :) Ok, first thing I see in the processes are things like this: [color=orange] C:\DOCUME~1\Elise\LOCALS~1\Temp\Adobelm_Cleanup.0001[/color] In other words, they're running from a *.tmp folder, and generally are bad. SO, first thing we're gonna do is run CCleaner in safe mode: ________________ Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically … |
| | Alrite, let's do 2 things. First, let's use CCleaner to clean things out. Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. 3. Select the [b]"Tools"[/b] … |
| | Re: sysinit32z.exe Here's the full fix: Begin by uninstalling the following program via the Add/Remove Programs list: [b][color=green]Spyware Begone[/b][/color] Now, open HJT and fix the following entries: [B] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :8080 F2 - REG:system.ini: Shell=Explorer.exe sysinit32z.exe O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan [/B] Now, restart the computer and … |
 | Hmm, did ya happen to run this in Safe Mode? 1 more thing. Be sure all programs are enabled on startup (do this through the 'msconfig' utility). Then, restart, and post back here with a log from normal mode. Thanks again. |
| | OK, several things to do before the fix Tijay posted. You are INFESTED. And, we're gonna fix the Nail infection before the AntiSpylab one. SO, follow the instructions below FIRST (before the ones in the last post): BEGIN by uninstalling any of the following via the Add/Remove Programs list: [b][color=green]MyWebSearch … |
| | Well first off, I see one major problem with the log--it was run from a *.tmp folder. To fix this: Open Program Files, and create a new folder here. Name it 'HJT'. Now, drag the current HJT icon into this folder and run a new scan, posting back the log … |
| | Hmm, well that's a clean HJT log. Are ya still having problems? Thanks.  |
| | HJT log....heh, post when ya get the chance :) Thanks. |
| | Hmm, let's do this. Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. 3. Select the [b]"Tools"[/b] menu and click "Folder Options". 4. After the new … |
| | Awsome, ya found it :) Alrite, we need to have a HijackThis log to diagnose the problem. Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your … |
| | Ok, we now know that you're infected with the Troj/Podrop-C trojan, which has a possiblity for rootkits. Due to this, we're gonna try killing it with Adaware, seeing that Ewido hasnt already take it out: [b][u]Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.[/u][/b] [list] … |
 | |
| | Um...ya. Again, you're infected with the AntiSpyLab Virus. SO, post a log back here so we can tell exactly how to fix this. I can tell ya ahead of the time, we're gonna need to fix some more entries with HJT, and clean up with CCleaner and Ewido. Thanks. Tijay-read … |
| | Hmm, some entries look fishy. First, begin by uninstalling the following via Add/Remove Programs: [b][color=green]WeatherBug Desktop Weather HbTools Hotbar[/b][/color] Next, place checks by the following: [b]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://resultsmaster.com/SmartOffers...meLeftPane.htm[/url] O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.7.7.0\HbtHostIE.dll O4 … |
| | Re: Lil Help? ..er, not exactly. First, youre running HJT from a[COLOR="Orange"] termporary folder[/COLOR]. Fix this by creating a new folder in Program Files, and naming it HJT. Now, drag your HJT icon into this new folder and run a new scan. THEN, fix the following via [B]HJT[/B]: [b]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = … |
| | Heh sry to add more to that long list, but after fixing this problem, I would strongly recommend changing browsers and using FireFox instead (link can be found below). FireFox has less security flaws, more timely updates, etc., meaning less spyware on your computer. Ah well, I think others here … |
| | Tijay, heh I just wanna be sure ya kno what I mean with the 'just because the file's missing doesnt mean its not there' idea. I apolegize if im sounding mean about it all...but I don't intend to be. Mainly because I learned the same way ya did, posting here … |
| | Hmm, well I don't see anything too significant in the log. Have ya tried Ewido/CCleaner? If not... Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. … |
| | Welcome to Daniweb :) Ug, theres some stuff in that log I don't like. Let's clean it a tad before we fix with it. Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. … |
| | Awsome, all clean except for 1 entry. Check off this one with HJT: [B]O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing) [/B] And other then that, it all looks good. Any more problems? Last thing, post a new HJT log just to make sure that entry disappears. Thanks. |
| | Haha welcome (you and your father) to Daniweb :) First, lemme clear up some of the confusion [quote]...it seems a person needs to run CCleaner, then Ewido...[/quote] Well, that's generally my advice for several reasons. Oftentimes, many minor trojans, tracking cookies, cookies in general, viruses etc, live in *.tmp folders. … |
| | Hmm, well let's double check this and get a better picture of your computer. Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is … |
| | Awsome, let's begin by fixing the following using HJT: [B]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://hsremove.com/done.htm[/url] F2 - REG:system.ini: Shell= O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)[/B] After this, restart the computer and post back here. I see a possibliity of a SpyAxe infection, but I only … |
| | Heh ya, like I said in the other post, please only 1 post per problem. Thanks. |
| | Re: Annoying pop-ups Ok, [B][COLOR="Red"]before ya do the fix listed above[/COLOR][/B], ya need to move HJT into a [b]permenant folder.[/b] To do this, create a new folder inside Program Files, and name it HJT. Now, drag the HJT icon into this new folder, and now run HJT from here. Now we're gonna do … |
| | [b][color=blue]NOTE: Save these directions in WordPad, as some of this fix will be done in Safe Mode.[/b][/color] Hmm alrite. First off, are ya sure ya followed ALL of tayspern's directions (uninstallation, killbox and all)? Now, fix the following with HJT: [B]R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick … |
| | Hmm, well lets take a look. Download [url=http://downloads.malwareremoval.com/hijackthis.zip][b]HijackThis[/b][/url] ([color=red]current verison is v1.99.1[/color]) [url=http://downloads.malwareremoval.com/hijackthis_sfx.exe][i]or here (Alternate 1, a self-extracting zip file)[/i][/url] [url=http://downloads.malwareremoval.com/HijackThis.exe][i]or here (Alternate 2, an *.exe file)[/i][/url] [b][color=red]Make a new folder[/color][/b] to put your [b]HijackThis.exe[/b] into. (Anywhere on your hard drive is fine [b][i]other than your Desktop or the Temp … |
| | Re: My Log Good good, I don't see any more L2Me signs in the post anymore (but ill let tayspern 2nd that :) ). I don't see anything else in the HJT log either. Are ya still having problems? Thanks. |
| | Welcome to daniweb :). Begin by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the [b]"My Computer"[/b] icon. 3. Select the [b]"Tools"[/b] menu and click "Folder Options". 4. After the new … |
| | Welcome to Daniweb :) I'm seeing several things, but all appear to be fixable, so thats good. Begin by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] [*] Install ewido security suite [*] When installing, under "Additional Options" uncheck.. [list] [*] [b]Install background guard[/b] [*] [b]Install scan via context menu[/b] [/list] [*] Launch … |
| | Alrite, we'll try this one more time. Fix the following: [B]O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll O3 - Toolbar: 百度超级 |
| | Arg, you're pretty infected. First, begin by uninstalling the following via Add/Remove Programs: [b][color=green]MyWebSearch Copernic WeatherBug Viewpoint Media Player[/b][/color] Next, continue by downloading [url=http://www.filehippo.com/download_ccleaner/][color=orange][B]CCleaner[/B][/color][/url], and specifically choosing the most recent version. Then, follow these steps: [color="DeepSkyBlue"]1. Close all programs so that you are at your desktop. 2. Double-click on the … |
| | Welcome to Daniweb :). Yes, in fact, ya got several fair sized infections. We'll fix the SpyAxe infection first, and then follow up with New.Net Let's begin by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will be created on your Desktop. ______________________________ Next, download … |
| | Re: Heeelp Welcome to Daniweb :) Hmm ya, ya definitely have some remnants of spyware that Adaware didnt clean. Let's begin by uninstalling the following via the Add/Remove Programs: [b][color=green]New.net[/b][/color] After doing this, download [url=http://www.bleepingcomputer.com/files/lspfix.php] LSP-Fix[/url], and run a scan with it, fixing everything. Next, continue by downloading [url=http://www.ewido.net/en/download/][color=#3366FF]Ewido Security Suite[/color][/url]. [list] … |
| | Heh jeez, welcome to Daniweb by the way :) Ok, about the log--try posting it where each entry has 1 line. In other words, leave all the line breaks. For an example, look at one of the other threads. Post back with a new log. Thanks. |
| | Heh alrite, your HJT folder is in a temporary folder, SO, what we're gonna do is this: 1) create a new folder in Program Files, named 'HJT'. 2) drag the HJT icon into this new folder, and now run HJT from here. Next, follow this by uninstalling the following programs … |
| | Wow, someone that followed directions. Thanks a ton Amanda :cheesy: And ya, the HJT log is clean, although Ewido did catch a fair amount of things. Are ya having any problems, or is this just a checkup (which is cool too)? Thanks. |
| | Well ya could always use CCleaner, but sometime's its a hastle.  |
| | Welcome to Daniweb :). Heh, sure are infected, I'll say that. Okie, this post might be a bit lengthy... First, uninstall the following programs via Add/Remove Programs: [b][color=green]WeatherBug Viewpoint Media Player PartyPoker[/b][/color] Now, let's continue by downloading [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix[/url]. Extract all the files to your Destop. A folder named [b]SmitfraudFix[/b] will … |
The End.