D3m3nt3d

Hello Shadow, Have you ran the preliminary steps listed here: [url]http://www.daniweb.com/forums/thread134865.html[/url] If so, could you please post the other logs as well. :)

Seems to be a good method - there are several forums that have implemented this way of removing MWSA. Good info! :)

Log is hard to read really, but I am seeing some bad names in there. Follow the instructions in this post on using HijackThis and attach a log for us [url]http://www.daniweb.com/techtalkforums/thread28196.html[/url] Also look in Add/Remove Programs and let me know if you see either of these [quote]SpyFalcon SpyAxe[/quote] [B]When you …

Regardless if all of your logs are clean, you have 24 gigs of music and videos, your computer is not going to be optimal. Opening internet connections opens more processes, so yes you may slow down more. I suggest if you do not want to remove your music and videos, …

<blockquote>hi how r u.</blockquote> Did you have a question or just introducing yourself? Either way you should start a new thread either in the Malware Forum, or the Introduction Forum

This may need to be in the Software Forum and not the Malware Forum...what makes you think its Malware? Also - what version of Windows are you currently running?

I will get you started, due to time constraints one of the regulars may get back to you before I can. Please run Vundofix [url]http://vundofix.atribune.org/[/url] Follow the instructions noted, then post a fresh HJT log

Shouldnt be a problem, however the windows.old folder is for older documents and settings...do you already have your important documents backed up? If so you can just delete the windows.old folder.

Wow...been a long time since I seen one of these [b]26/M/NC[/b]

You should please not that you do not want to delete [b]C:\WINDOWS\System32\regedit.exe[/b] Also - this is a Look2Me infection, you will be deleting all week long ;) Download the following two tools for me [B][color=red]Spysweeper[/color][/B] [url]http://www.ianag.com/files/14/SpySweeperTrialSetup_EN-MajorGeeks.exe[/url] [B][color=red]WinPFind[/color][/B] [url]http://www.bleepingcomputer.com/files/winpfind.php[/url] -Follow [b]step 9[/b] here on how to properly run it: [url]http://wiki.castlecops.com/Vundo_Rootkit_Detection_and_Removal_Procedure[/url] Attach …

My initial thought would be - let the numbers do the talking. You have one of the most active PC Forums around, if this has all been done by yourself - I see no reason for you to hire an outside affiliate. I would base outside hiring more towards A. …

I think if it is drawing the attention like your site does Dani - it's fine. I have wondered ever since I built the MalwareTeks forum - if maybe we dont have too many forums to the point of confusing people.... Only thing of course is, it's going to appear …

By the looks of the [b]R1[/b] line I would look for [I][color=Darkred]Lop[/color][/I]

I would uninstall [B]Logitech Desktop Messenger[/B] if you do not use it. Download [B][color=red]ISeeYou[/color][/B] [url]http://forum.networktechs.com/attachment.php?attachmentid=22664&d=1143686508[/url] -Reboot to Safe Mode -double click [b]ISeeYou.bat[/b] -Save and attach the notepad

Has the PC been rebooted since then? You have/had a Look2Me Infection here [B] O20 - Winlogon Notify: Run - C:\WINDOWS\system32\hr0q05d5e.dll[/B] Generally without running a specific tool, they do mutate and change names. So with that being said I fear it may return... Wouldnt hurt to run [B]Spysweeper[/B] and remove …

You have got alot of problems... Spybot S&D will remove NewDotNet and WebHancer by the way :) But let's start here... Look in Add/Remove Programs and uninstall [QUOTE]New.Net NewDotNet WebHancer Logitech Desktop Messenger (if not used)[/QUOTE] Download [B][color=red]Spysweeper[/color][/B] here [url]http://www.malwareteks.com/dload.php?action=download&file_id=5[/url] -Update to the latest definitions and run it -Remove everything …

One solid Cartwheel for the Chocolate ones I guess....never been big on Ice Cream ;)

Spysweeper should grab the Look2Me infection, although by the log the user already has it and Ewido installed, but dont forget these [QUOTE]O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com[/QUOTE]

I see this post was accidently overlooked, sorry about that, it has been busy around here. :) If you are still requiring assistance, please let me know. It may take some manual steps to remove the [b]F2[/b] lines.

Because of the technology that Spysweeper uses, alot of times it alarms you of potentially masked rootkit files. Typically this is nothing to be alarmed about as it only looks for differences between the disk and what Windows reports back. This is not definition based. We can have a look …

[QUOTE=adamt]How do you know which items are harmful based on a HJT scan? I'd like to learn to diagnose some of this stuff myself for future reference sake[/QUOTE] A great place to learn would be [url]www.malwareremoval.com[/url]

That particular error usually reflect either a Driver or RAM problem. I would guess it has something to do with the driver if it only started doing it after installing the writer. Or you could try the RAM first, remove one stick at a time and run the PC - …

If [b]caperjack's[/b] advice doesnt work, you have a few options. 1. Uninstall and Reinstall Service Pack 2. You cant just repair or reinstall IE when you have SP2 1. Since you said it happened yesterday, try doing a System Restore to an earlier point Also your Java is out of …

[QUOTE=tayspen]Looks like [b]netmon.exe[/b] is a trojan. Chack it in HJT, then click fix checked. [b] O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) [/b] Then do this. Start>Run type Services.msc -Right click [B]Network Monitor[/B] and choose Stop -Now choose Properties and change Startup Type …

You are going to want to uninstall [B]MessengerPlus 3![/B] thru Add/Remove Programs. Usually this comes with a [color=red]Lop Infection[/color]. Download [B][COLOR=Blue]ISeeYou[/COLOR][/B] [url]http://forum.networktechs.com/attachment.php?attachmentid=22563&d=1141266457[/url] -Save to Desktop -Reboot to [U]Safe Mode[/U] -Double Click [b]ISeeYou.bat[/b] -In 20-30 seconds a log will generate -Save it for me and attach when you return

This is similiar to the fact that the Mac OS is now experiencing viruses targeting it. Simply put, it's getting popular as mentioned. The fact that FF doesnt use Active X will always make it more secure than IE regardless..

In a case like this...a repair may work, but a reformat and clean start may be the way to go.

Download [B][color=red]Spysweeper[/color][/B] here [url]http://www.malwareteks.com/dload.php?action=download&file_id=5[/url] -Update to the latest definitions and run it -Please attach the log when returning Download [B][color=blue]WinPFind[/color][/B] [url]http://www.bleepingcomputer.com/files/winpfind.php[/url] -Follow [b]step 9[/b] here on how to properly run it: [url]http://wiki.castlecops.com/Vundo_Rootkit_Detection_and_Removal_Procedure[/url] -Save the log and attach for me Also include a new HijackThis log and we'll go from there.... …

EDIT - Tay beat me to it ;)

Yeah - that one looks fine, Other than one toolbar, Ewido just found cookies which is normal..

First place I need you to start is download the following tools for me [B][COLOR=blue]CCleaner[/COLOR] [/B] [URL="http://www.filehippo.com/download/51b30b1401c95091feb32bb89cfe8bbe/download.html"]http://www.filehippo.com/download/51b30b1401c95091feb32bb89cfe8bbe/download.html[/URL] [B][COLOR=blue]Ad-Aware SE Personal[/COLOR] [/B] [URL="http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-2"]http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-2[/URL] [B][COLOR=blue]Spybot Search and Destroy[/COLOR] [/B] [URL="http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1"]http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1[/URL] [B][COLOR=blue]Ewido[/COLOR] [/B] [URL="http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1"]http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1[/URL] [B][COLOR=blue]Spysweeper[/COLOR] [/B] [URL="http://www.malwareteks.com/dload.php?action=download&file_id=5"]http://www.malwareteks.com/dload.php?action=download&file_id=5[/URL] [B][COLOR=blue]Pocket Killbox[/COLOR] [/B] [URL="http://bleepingcomputer.com/files/spyware/KillBox.zip"]http://www.bleepingcomputer.com/files/spyware/KillBox.zip[/URL] -Unzip to its own folder Now since you have Windows XP - …

Go to [b]Start>Run[/b] type [i]Services.msc[/i] and press Enter

[URL=http://www.ianag.com/files/14/SpySweeperTrialSetup_EN-MajorGeeks.exe][COLOR=DarkRed]Spysweeper[/COLOR][/URL] should work for Windows 98. Update that to its latest definitions and run it. Remove anything it finds.. I shall back out now....;)

I'm here .......but then again I am on every board battling the fight against Malware :)

[QUOTE=jhay116] [COLOR=Green] NOTE TO MODS: I thought Vundo, but after fixing with HJT, the entries disappeared. From what I recall, if vundo, the entries wouldn't disappear. Eh?[/COLOR][/QUOTE] Usually it does not, however VundoFix should still be ran since with a Vundo Infection you also have to remove the filenames that …

Whew...you have a whole slew of things that need to go... Please look in Add/Remove Programs and uninstall any of the following [QUOTE][B][color=Darkred]WebHancer New.Net or NewDotNet Internet Optimizer MessengerPlus 3! (usually comes with [I][color=blue]Lop[/color][/I] Infection) Ares Limewire Windows AdService[/color][/B][/QUOTE] Afterwords do these few scans for me Download [B][color=red]Spysweeper[/color][/B] here [url]http://www.malwareteks.com/dload.php?action=download&file_id=5[/url] …

Please follow the instructions here for removing SpywareQuake [url]http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=85&blogId=3[/url] After you have done the procedure, please include the [b]smitfiles.txt[/b] file along with a new HijackThis log.

Dont forget to delete this folder as well [quote]C:\Program Files\Common Files\[B]Win Fixer 2006[/B][/quote] Other than that, the fix looks fine.

Hello [b]Kerrin[/b] Please post all replies in this thread instead of starting a new thread. This way, no one gets confused ;) Sounds like a case for Smitrem... Download [url=http://noahdfear.geekstogo.com/click%20counter/click.php?id=1][color=Blue][b]smitRem.exe[/b][/color][/url] -Save it to your Desktop. -DoubleClick it to extract the contents to a new smitRem Folder. -Just leave it for …

This thread is 9 months old - why dig it up?

You're right, it is BETA, thus limiting alot of its features and not even assuring that the features that do work are fully secure. Apparently though, the loopholes used for these particular three bugs are patched or fixed with IE7, which is why they say you are safe.

Just would like to note a few things -I have actually had users use the uninstall method and had no problems with it, this has been a while ago, and I am not sure if you gave it a shot first or not -Please make sure you have the latest …

Do you use Netscape? If so - may not hurt to verify that file is indeed missing [B] O23 - Service: Netscape Update Service (NCUpdateSvc) - Unknown owner - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe (file missing)[/B] If not, I would leave it be. :) Also - you will need to update …

Please download [b] [url=http://www.atribune.org/ccount/click.php?id=7]Look2Me-Destroyer.exe[/url] [/b] to your desktop. --Close all windows before continuing. --Double-click [b]Look2Me-Destroyer.exe[/b] to run it. --Put a check next to [b]Run this program as a task. [/b] --You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click [b]OK[/b] --When Look2Me-Destroyer re-opens, …

Hey [b]Mike[/b] There is nothing that really sticks out in your log, and unfortunately Symantecs solutions usually do not work. I prefer alternative Antiviruses.. Only suggestion I have is to do a search for [b]download[/b]. There will be one that pulls up that is in a LiveUpdate directory, delete everything …

You can't access Yahoo mail because it is in your HOSTS file. Fixing it in HijackThis will not remove it. Also - it appears you may have a [I][COLOR=Red]Lop Infection[/COLOR][/I] so let's check that as well Download [URL=http://forum.networktechs.com/attachment.php?attachmentid=22492&d=1140226765][B][COLOR=DarkGreen]ISeeYou[/COLOR][/B][/URL] and save it to your desktop for now. First I recommend looking …

Dont forget this one - possibly Krepper [B]O23 - Service: Microsoft Services - Unknown owner - C:\WINDOWS\services.exe[/B] You will have to disable it first, then use HijackThis' Delete an NT Service option :)

Quite a mess! I would uninstall [B]Logitech Desktop Messenger[/B] if not used. Now download the following tools for me [B][color=blue]CCleaner[/color] [/B] [url]http://www.filehippo.com/download/51b30b1401c95091feb32bb89cfe8bbe/download.html[/url] [B][color=blue]Ad-Aware SE Personal[/color] [/B] [url]http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-2[/url] [B][color=blue]Spybot Search and Destroy[/color] [/B] [url]http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1[/url] [B][color=blue]Ewido[/color] [/B] [url]http://www.download.com/Ewido-Security-Suite/3000-8022_4-10326287.html?tag=lst-0-1[/url] [B][color=blue]Spysweeper[/color] [/B] [url]http://www.malwareteks.com/dload.php?action=download&file_id=5[/url] [B][color=blue]Pocket Killbox[/color] [/B] [url]http://bleepingcomputer.com/files/spyware/KillBox.zip[/url] -Unzip to its own folder Now since …

[QUOTE=tayspen]There is an 023 entry im not sure about though.[/QUOTE] It needs to go ;)

[quote][b] [COLOR=Red]O20 - Winlogon Notify: winm32 - C:\WINDOWS\SYSTEM32\winm32.dll[/COLOR] [/b][/QUOTE] This is a [b]Haxdoor[/b] variant...not good at all :sad: This means there is the possibility that your PC has been compromised 1. [b]Disconnect infected computer[/b] from the internet and from any networked computers until the computer can be cleaned. 2. [b]Call …