Posts by caperjack

I suggest Spybot

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

also go to Control panel add and remove programs and uninstall, NEW DOT NET

then this .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

You have that many viruses and trojans on you computer i don't know where to start ,did you run the online virus scan in my signature allready if not do so after you fix the rappid blaster one .download the rapid blaster fix ,
http://www.wilderssecurity.net/downloads/rbkiller.exe,

no what i want you to do for now is run the online virus scan in my signature .

well lets try this just for the hell of it !

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything

Good thing ,try right clicking on the desktop and hit properties .then along the top go to SETTINGS and change the screen resolution to 800x600 and color quality to high 16

The cwshredder should have fixed most of that are you sure you hit FIX when you ran the program in safe mode !! Run it again please and ,don't hit SCAN , hit FIX!!! and let it go until it stops

you missed this one .
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvit.exe>>>> bad

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

And it would be a good idea to run one of the free online virus scans in my signature .

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

not likely ,right clcik on mycomputer ,choose properties,go to device manager ,is there any yello or red ! marks ,check + by display adapters what does it say for your video card ,does it say windows default or does it give the name of your video card !!

first i would run adaware and swshredder to clean up most of it the post a new log and cleanup the rest ..Cwshreddr first !!

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then adaware

Download the latest version of Ad-Aware at ADAWARE

Download SPYBOT

How to setup ad-Aware and spyBot
http://www.zerosrealm.com/scanning.php

And after that, please do the following:

reboot computer and post a new hijackthis log

Symantic suggestion .
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

For me to look at ,
run hijackthis and post a hijack log

Wupdater is spyware releated !! do the following >Try safe mode to get into computer .
Reboot to SAFE mode to run hijackthis
How to start computer in safe mode

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is …

sorry i should have noticed that we are in the 95/98 fourm.

try this !
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE

this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

you could look for it in Start/run/msconfig/startup ,and uncheck it if found

O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe

i cant find this one on the list

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
>>>>>>O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe<<<<<
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

Its right there in the middle of the last few 04's
You should not reactivate you system restore untill you get rid of all baddies !:)

Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Like C:\HJT\hijackthis.exe ,Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

looks ok! a few things to consider .when you use hijackthis to fix , it saves backups so it should not be run from a temp folder or from the desktop put it in a folder of its own like C:\HJT\hijackthis.exe .
You could fix this rescource hog,that not needed at startup

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

Rescource hog
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

If you don't use messenger you could fix it .but by the looks of it you do use it !!
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Can the 2 even work together on the same computer !
Everything i read talks about one or the other.

not sure ,when you search with it what search engine does it use ,like MSN.Google,MYWEBSEARCK ECT.ECT

After that do this and we'll check for spyware.

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then …

You need to disable the messenger service ,go here and download and run Shoot the messenger .
http://www.grc.com/stm/shootthemessenger.htm

i would get them to run one of the free online virus scans like the ones in my signature ,i do believe its trojan/malware releated .

a little more info ,like what error message you get ,or how far do you get when you try to restore !!

Your welcome hope it helps .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place in my signature

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

Now reboot into safe mode and delete the following files and folders .

C:\Program Files\Common files\updater --delete this folder

to delete the above files and folder you will need to do the following
go to Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files

How to start computer in safe mode

reboot computer and post a new log

follow the same close all browser windows as above and fix this one .

O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari...tia32_EN_XP.cab

to change boot sequence in the BIOS its usually in the Boot section Phoenix bios or in the Advanced BIOS features in Awared BIOS!
Award Bios

just found this site looks interesting .

http://tuxmobil.org/disassembly_laptop.html

Compaq 700
http://www.geocities.com/hpmsgs/700xx/

in nero did you choose the option to, make a bootiable disk

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

In case it returnes !!

1. Download reglite
2. install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar.
3. Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
4. You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
5. Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
6. Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
7. Rename the windows folder back to its original name "Windows".
8. Next step will be to remove this dll file so make sure you have it noted down.
9. Click "Start" => "Run" and type in "cmd" (Without the quotations) and click on "Okay".
10. This will open a command window I will assume you have a basic knowledge of DOS if you have any problems at this point just write back I will outline the commands.
11. Type in dir <path and name of dll as found in the appinit value box> and press "Enter". You should see the name of the file listed.
12. Go to the …

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

And run the free online virus scan in my signature .

ie /tools /internet options/advanced/browsing .and uncheck display a notivacation for every script error

Format time .I'de give in anf koin MAD_ DOG ,by now !!!!

in IE /tools /internet options /advanced /Browsing /check off .disable script debuging,it should be the 4 in the browsing list!!

ok... but it's still impossible for me to change my start page. When I open IE, change my home page in the internet options, close IE, and open it, it will load the home page I wanted once, but the second time I open IE, it will put back about:blank....

it's also impossible for me to save .exe from http sites....

what do you think it could be??

Thanx for your help!

try this just for the heck of it .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log.

Also check in my signature ,how to setup ad-aware and spybot just to make sure you have them setup right .

Sorry I see nothing in you log to indicate a problem .

so whats wrong with logging on ! giving what the program is for logging on seems logical .
http://msdn.microsoft.com/netframework/using/gettingstarted/default.aspx?pull=/library/en-us/dndotnet/html/faq111700.asp

No guarentees, as it could be a couple things, but please do these:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.

Then:
Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own. Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for …

Here is is explained at another fourm ,way over my head ,Really !!If it were my computer i would Format .there i said the nasty :)

http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

for this one I starting to agree with MAD DOG !!Sorry

the top part of you log is missing plese repost whole log thanks . check the how to setup hijack in my signature

just a tip ,instead of posting the link to all the post in that thread ,click on the # of the post in the thread and use that so the person gets to the one releated to them ,instead of having to read and figure out what one is the right one .like this .

http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

My internet explorer changed sites, and won't allow me to start where I want it to. So I read previous posts and downloaded spybot. It won't allow me to update, get an error message and no list of updates. I'm still faulting to the wrong internet explorer page. Also, the size of the fonts has been changed on all my web pages, is this the same problem or another problem.

I do my best at doing this stuff, but I'm a veterinarian, not a computer maven. Any help written plainly would be greatly appreciated.

thanks
ruth

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions.
http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now …