Posts by caperjack

Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Go
Here and Get Trojan-Hunter Fully working trial!
,,,,,,,,,,,,,,,,,,,,,

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the …

You hujackthis program is way out of date please do the following to get a newer version ,and delete the old one .
Please do this.

Go
Here and Get Trojan-Hunter Fully working trial!
,,,,,,,,,,,,,,,,,,,,,

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan here.
If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-

http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before …

asks me to press F6 if i want to install SCSI or RAID Drivers. then to press F2 for ASR,.

You don't hit f6 unless you are going to setup raid or scsi .If harddrive is IDE ,just skip hitting any keys until it asks to hit f8 to agreee!!

ashserv.exe is part of the Avast Anti-virus Suite. This process is the main executable for this piece of software,
unless you deleted Avast then i think you may need to reinstall and unistall it properly if this is the case !

Huh? :?: I don't get it :confused:

HeHe ,in the post above there is link to a what to do thread ,and in that thread is a link that said , Some further useful sites, courtesy of caperjack and the caperjack is a hyper link that goes to the below link
http://www.daniweb.com/techtalkforums/member.php?find=lastposter&t=6917

Boy did I ever change my looks ,I click on this link [ Some further useful sites, courtesy of caperjack ]in the reference page post in you above post .No No No it aint me Babe !!

Abit of reading that might help ,Till someone who knows excatually what to do comes along .
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/intwork/inbe_vpn_NAXE.asp

Uh oh...

I was checking system 32 for suspicious dlls by arranging them bt date modified and came up with vsconfig.xml...

I googled it and symantec seem to think its to do with backdoorIRC aladinz.

Itried deleting it but can't access as something's using it. Deleted it in safe mode but it was back agin on reboot.

I tried symantecs removal instructions in normal and safe modes. Also I can't back up the registry either ( Iget an error message )

Sorry about this now but I need to know if there's still a problem or if vsconfig.xml should be doing what its doing... Even though symantec know about the trojan nothing showed up on the scan ( in either mode) but vsconfig.xml is still there...

Sorry again. I'm REALLY NOT an attention-seeking, bunny-boiling, psychotic IT forum addict...

Gabh mo leithsceal agus slan! :o

I think it time to stop worring about what not on you computer and try using and enjoying you machine !LOL

Try not putting you antivirus progam on right away, and load some other software ,and see what happens ,use it off line for a few days to see how it acts ,if ok install the antivirus program and see what happens .
What antivirus program are you trying to use .

Ad-aware and spybot ,are unlike microsoft spyware tool ,as they are after the fact removal tools ,and the microsoft one will scan and remove after the fact, but also watches whats coming and going on you computer ,and will block them if they are bad and in the programs database !!! and does give lots of info on the problems .In short I like it .

:mrgreen: Hi there, thanks for your help.
It took me a day and a half but my laptop is up and running fine.

Thanks again. :lol:

Your welcome ,glad to have been able to point you in the right direction .

Yup! the 016 and the 08s and 09 ,any you want to fix go right ahead

actually re-reading you post just download the dll from Crunchies post .

Thanks Caperjack.

After I fixed the following entries last night, when I got back into IE, I received some severe errors. I did a system restore which restored these entries. Can you advise if this is expected? Should I be concerned? Thanks.

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Doing a system restore will bring back all the baddies ,what type of error did you recieve ,run hijackthis again and post a new log .

draging and dropping files to a burner in windows explorer is only for formatted CD-RWs', with Neros INCD or that program from Roxi,whats it name ?? installed on the computer

why do u think that?? I don' buy pc's i build them the way i want and how i want even modify on needs

I say that because I buy and sell older computers and the Compaq site is the worst one for finding motherboard info and drivers ,and i usually endup using driversguide !!!:)

Make sure all windows are closed ,run hijack and fix these .R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
just to safe fix all the 016s' like this one .
as the good ones will download when yiu return to that site .
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

Im confused ?????

about what !

This doesn't sound like a programming or software design issue. You didn't even bother to mention what browser you use. They're all different you know. Since you're somewhat clueless, I'll assume Internet Explorer. Go to Tools, then Internet Options, then Clear History.

>Basically i need to set on my computer so no one can see anything i have
>searched for or sites i have visited
You could stop searching for porn at work.

Hi ,she double posted and in other post said thank you for you help and mentioned that the other person was rather RUDE ,now i see why !!

I did that but I don't know how to open it or where it installed to......do I just click on the icon on the desktop, sorry to ask so many questions, just don't want to screw this thing up again.....LOL

Heidi :)

Hi ,i think i just figured out why you are confused ,it is not a program, so its not installing a program for you to use ,it just editing you registry so all you need to do is right click and hit install and that it ,run hijack again and post a fresh log .to see if the 015s are gone

Edit : you just posted a new log and it looks good !

Have you tried safe mode .
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&ExpandSection=4&Src=sec_doc_nam

Great tip, but would the machine run SP2?

I thought the requirements on SP2 where a bit higher (256Mb RAM)

SE (Dave)

Yeah ,you could be right ,missed that ,I actuall would recomend 256 for XP with out any of the sps'
just a note sp1 doesent have protection for the latest sasser worm so i thing you will need some of the security updates before you connect to the net after installing .
http://www.microsoft.com/downloads/Popular.aspx?DisplayLang=en&categoryId=

If you have a burner I would suggest yo ugo to http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displaylang=en and get SP2 first and burn it to disk and make it you first install right after you install winxp .

Ok I got that but where did it download to?? On my desktop now it has the icon with a yellow wheel thingy to the right of it....is that right? I'm not sure of the next step so I'll wait for your reply

THANKS
Heidi ;)

Thats it ,now take you mouse and right click on the file ,and second from the top of the list you should see install click on that

also if you are using IE 6 ,when in Internet option go to advanced ,and scroll down to browsing and check off to delete temp internet files when you close IE.
Also when in there go to Content /auto complete ,and check off what you don't want to have happen !!

thanx thats cool.
but it costs 100$, I wasn't looking to spend that much.
I can't always get on the other computer to scan because my boss is on it most of the time. thats why I wanted to do it remotely. sometimes the boss is a pain in the butt about using his computer. lol

Yeah ,a hundred bucks ,is bit much .I only paid 30$cdn for my used scanner ,that maybe you best option buy a good used scanned and tell the bos to go F__ a kyte :)

Go on over to the Security section of this fourm and post you problem along with a hijackthis log .
Spyware & Trojans and Other Nasties
,,,,,,,,,,,,,,,,,,,,,,,,
Please Don't post the hijackthis log in this section Thanks .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

Please do this.
Download 'Hijack This!'. HijackThis
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

double posting ,gets confusing !!1 check my suggestion in your other thread !
http://www.daniweb.com/techtalkforums/thread17764.html

no i actually need sites like driverguide.com

You must own a Compaq !:)

when i try to play toontownonline..it says scipting no enabled..where do i check to fix this...i would greatly apprecate any help

Open IE,go to tools /internet options /security /custom level /and scroll down to you see script ,and set Active Scripting to prompt !!

Hi ,I did a Google and came up with this from Computing.net
Aside from the software i was thinking the same thing when i read you post !!

Quote:
Normally you cannot share a scanner over a network as scanners are input devices while printers are output devices. You can send stuff to a printer, but you cannot send stuff to a scanner.

However, there is software that will allow a scanner to be shared.

http://www.remote-scan.com/download-free-client.php

I have not used this software so canned verify that it works as described. Personally I cannot see the point. You have to stand next to the scanner to put in the originals, so why not use the computer it is attached to. You can always send the resulting file over the network.

in my signature you will find tools used to block bad sites , programs like spywareblaster.iespyad,and spywareguard ,they block over 3500 sites none to be associated with trojans ans spyware ,also firewall program all free!!

hello guys, but it said it couldnt find any.....any suggestions?

Suggestion #1 please start a new thread of you own detaling you problems and download hijackthis and post a log along with you comments .
,,,,,,,,,,
Please do this.
Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

Then post a HJT log as a reply to this topic.

Can you put the EXE link on here, when I clicked on it, it asked what I wanted to open it with, I don't have a zip program.

THANKS
Heidi :D

thanks to Crunchie for coming in with the needed help on this one .
i will unzip it and add it here ,download it and right click on the file and choose Install.
I had to rename the file extension to be able to upload the file so when you download it right clik on the file and choose rename ,and change the extension only ,change it so it reads DelDomains.INF,then right click again and hit install ,good luck

I have used free virsus scanners ,both mentioned in this thread .
I used Norton most of the time !all the time since the last free one kept finding viruses on my computer ! You would think that would be a good thing .but It sould have stopped the virus from getting on the computer but didn't !!:)

I think you should run spybot and ad-aware on your computer to clean it first then use hijackthis for final cleanup!
Both programs are in DMRs' signature

some info here.
http://www.geocities.com/~budallen/mscompat2.html

This might help
http://support.microsoft.com/default.aspx?scid=kb;en-us;307545

Thanks for the sites I downloaded Spyware Blaster and Spyguard, when I was setting up Spyblaster I noticed in tools section and browser pages they have all the browser pages and there are 2 identical ones that say they are affiliated with search assistant but I did not see them on my HJT log they read....
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

any idea how to get rid of this or should I just ignore it since it is not in my HJT log?

THANKS AGAIN
Heidi ;)

Yeah just leave it ,its ok ,its in mine also !

check out these 3 programs for spyware prevention .
http://subratam.org/?page=software&part=Spyware-preventions

maybe in IE go to file .and uncheck work off line !

Yeah I think it will be all right .!

Yeah you can fix that one ,I missed putting it in the first fix !
not sure what to tell you ,how is you computer behaving what problems are you having !1
,i don't know why the 015 keep coming back the ip that is showing belongs to :
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
Address: Reston Executive Center
Address: 12100 Sunset Hills Road, Suite 300
City: Reston
StateProv: VA
PostalCode: 20190
Country: US

run hijack again and fix these again .
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)

As for the mccafee all we remove was a 016 for updates or the online scan ! that shouldn't have affected it !

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.
You might want to print out or copy & paste to notePad , these instructions as you will need to close this browser window to fix with hijackthis !

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {E5BCD11D-CF53-13E8-21A0-55210FBE13D2} - (no file)

Unless you set this up fix it
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)

Fix all the O16s'just to be safe ,the good ones will download again when you go back to that site .

reboot computer and post a new log

Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. Since Temporary folders are emptied now and then (the files are DELETED), it would not be a good idea to have your backups there. Those backups would be VITAL to restoring your system if something went wrong in the FIX process!

1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.

2. Copy and paste HijackThis.exe to the new folder.

3. Close ALL windows except HJT

4. SCAN with HJT

5. POST the new log in this thread using 'Add Reply'

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH

go to the saved file ,open it with notepad ,copy it from notepad and paste it into this thread .

on way would be to buy a faster wirless card !

log looks good ,just fix these two !
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O23 - Service: X10 Device Network Service - Unknown - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Go into bios and detect Hard Drive if computer is old enought it will be there if its newer it will auto detect so skip that part , say yes to what it detects for bot primary and secondary ,save and exit .then get a win98 boot disk from http://www.bootdisk.com/bootdisk.htm and boot computer with cdrom support ,at the a:\ prompt type in FDISK if you think you need to create a new partition ,if not with the win98 cd in the cd rom type SETUP .