|
|
|
URGENT PROBLEMS
|
|
|
mikefig
Junior Member
|
6. November 2006 @ 06:06 |
Link to this message
|
Hi
Recently, i have been havin some problems with my internet
First of all, when i click any link (e.g in google results) i get redirected to another page (somthing like 85.255.116.218) I wud like this fixed plz
Also, the other problem is that when i click and link in "open in new window" it opens but all there is is a blank screen and it seems to freeze
my HijackThis LOG IS
Logfile of HijackThis v1.99.1
Scan saved at 16:08:36, on 06/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETGEAR\WG111T CONFIGURATION UTILITY\WLAN111T.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\PROFILES\MICHAEL\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Check Trial ModemMAX] C:\PROGRAM FILES\MODEMMAX\CHECKTRIAL.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O4 - User Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.233
any help wud be grateful cheers
mike
|
|
Advertisement
|
|
|
|
Senior Member
|
6. November 2006 @ 14:44 |
Link to this message
|
mikefig-
Let's start with a few basics. You do not have any firewall, anti-virus, or Ad-Aware programs installed.
Go to http://www.download.com and download the following.
AVG Free anti-virus or Avast Free anti-virus
COMODO firewall or another firewall that is free (these will slow your system down a little)
Spybot Search & Destroy
Ad-Aware (Lavasoft)
go to http://www.emsisoft.com/en/software/download/ and download A-Squared Free
Now you need to change the location of your HijackThis. Create a folder under the C drive called HijackThis. Now drag and drop the exe file from the desktop to that folder. Now right click the HijackThis.exe file and select rename. Rename the file to HjT.exe. Now right click it again and create a shortcut to it on your desktop. HijackThis needs a place to store files.
After you have downloaded all of the files above (Make sure they are all compatible with Windows 98 SE) make sure to get updates for all of them. Run each program ending with your anti-virus. It is best to do this in safe mode.
How to get to safe mode: Restart the computer and press F8 repeatedly until a DOS screen appears giving you the opportunity to select safe mode. From here you will run your programs. After that run HjT again and let me see if we got the system clean.
Good luck!
|
|
mikefig
Junior Member
|
9. November 2006 @ 10:02 |
Link to this message
|
thanks rot the help, i have taken all you advice
here is the new log file for HijackThis
cheers in advance
Logfile of HijackThis v1.99.1
Scan saved at 20:03:58, on 09/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETGEAR\WG111T CONFIGURATION UTILITY\WLAN111T.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\HIJACKTHIS\HJT.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,UpdateRegSettings
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O4 - User Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.233
|
Senior Member
|
9. November 2006 @ 11:36 |
Link to this message
|
Your system seems to be pretty clean. if you want to turn off auto update on a section of MSN Messenger that is in your start up folder follow these steps.
To disable AutoUpdate:
1. If you can already view protected operating system files, skip to step
2. If you cannot already view protected operating system files:
a. Double-click My Computer, and then click Folder Options on the Tools menu.
b. Click the View tab.
c. In the Advanced Settings box, click Show hidden files and folders, and then click to clear the Hide File Extensions for Known File Types and the Hide Protected Operating System Files check boxes.
d. Click OK.
2. In My Computer, double-click drive C, double-click the Program Files folder, double-click the MSN folder, and then double-click the MSNCoreFiles folder.
3. Right-click the Msn6.ini file, and then click Open to open the file in Notepad.
4. In the [msn6] section of the file there should be a line that starts with AutoUpdate=URL. Change the line to AutoUpdate=0.
5. On the File menu, click Save, and then quit Notepad.
6. Restart your computer.
Note To turn on the AutoUpdate feature again, change the AutoUpdate=0 line to AutoUpdate=1.
Run HjT again and select the following item and then select fix
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.233
Now your system should be clean. Did the programs that I had you run in safe mode find anything? The next thing that you need to do is install Firefox as your web browser. IE7 is out and you may update to that, but I still feel that Firefox is a better browser.
Now I do not and have not had 98 SE for a long time so it would be hard for me to tell you exactly where your temp folders, cache, and cookies folders are. You can remove most of the stuff from IE. Go to tools -> Options and look at the choices. Remove all cookies from your system, and remove all temp files from your system.
Let me know if your system is clean and not giving you any more problems. Thanks!
|
|
mikefig
Junior Member
|
9. November 2006 @ 11:42 |
Link to this message
|
|
well, thanks for all your help but what exactly does this do, will this make the internet google results not redirect and will it not freeze up the "open in new windows>?
|
Senior Member
|
9. November 2006 @ 12:02 |
Link to this message
|
|
Well, first tell me if it stops, if it doesn't then we have to try another step or two. if you get another error or redirect then let me know the error code that was displayed, and the page that you were directed to.
|
|
mikefig
Junior Member
|
9. November 2006 @ 12:05 |
Link to this message
|
|
ok well i cant now, im gunna watch a film, lol but thanks 4 the help, i will go on 2moro about 3:45 ish so i will try it then
cheers for the help, if you can go on at that time
p.s do you have msn, it is easier to chat on there for the tiny problems
|
Senior Member
|
9. November 2006 @ 12:14 |
Link to this message
|
|
I have MSN but I do not use it when I am at work. I think the main problem that you are being redirected to another page is because of something that is in your Cache. By removing all entries in the folders i listed above you should be fine. I might have a computer with 98 SE on it at home. I had someone give me an old computer for repairing their new one. I will boot it up when I get home and find the folders for you.
|
Senior Member
|
9. November 2006 @ 14:13 |
Link to this message
|
Quote:
I think the main problem that you are being redirected to another page is because of something that is in your Cache.
No, he has Wareout and you requested he only fix the 017 entry. And that will not rid the dll files related to Wareout. You need to request he run FixWareout and post the log incase it shows some files were not deleted. Then, you can just use KillBox on those files. I'm not home right now so I don't have the pre-written instructions for FixWareout, but I'm sure if you search FixWareout on the forums, you'll find a post with the link and instructions. I'll post them when I get home if you haven't already.
Note: the .dll files related to Wareout will be 5 characters long starting with 'dm', 'pc' or 'cs'. The 3 remaining characters will be random.
|
Senior Member
|
9. November 2006 @ 17:48 |
Link to this message
|
@ mikefig
Okay, here is a site where you can download fixwareout: http://www.experts-exchange.com/Security...Q_21860557.html
Post a log after you run it. I will let Niobis walk you through the rest so I can learn a new trick in the trade!
@ Niobis
I'm learning something new here! Where in his HjT log did you notice wareout? Teach & Learn eh!
This message has been edited since posting. Last time this message was edited on 9. November 2006 @ 17:49
|
Senior Member
|
9. November 2006 @ 18:07 |
Link to this message
|
Okay, here's the instructions. :)
Download FixWareout from here.
Open it, click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin, follow the prompts. You will be asked to reboot your computer, please do so. Your system may take longer than usual to load, this is normal.
HijackThis will launch automatically, close it since syxguns already had to delete the 017 entry.
Please post back with the contents of C:\fixwareout\report.txt and a new HijackThis log.
@syxguns, any time you see and 017 entry starting with '85.255...' or '69...' and the WHOIS search comes back as belonging to Atrivotechnologies, EstHost hosting company, Tartu Peapostkontor, pk. 12, Estonia, or InterCage, Wareout is present. The most common is '85.255...' and almost 95% of the time that IP will resolve to those companies.
Wareout has many other HjT entries that can show including, but not limited to:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.clicksearchclick.com/index.php?aff=19
O1 - Hosts: localhost 127.0.0.1 <- Could be the only thing visible
O4 - HKLM\..\Run: [dmcup.exe] C:\WINDOWS\System32\dmcup.exe <- notice the name 'dm***'.
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
Personally, I've only seen the 01 host, the 04 with the 'dm***' and the common 017 entires. Now days you won't see much of the other entries.
This message has been edited since posting. Last time this message was edited on 9. November 2006 @ 18:08
|
Senior Member
|
9. November 2006 @ 18:28 |
Link to this message
|
@ Niobis
So is the key to fixing the problem not to remove the entry from HjT, but allow fixwareout to do it for you? I can't believe I have never noticed this problem before. I have read that your anti-virus should notice and remove all entries like this.
|
Senior Member
|
9. November 2006 @ 18:41 |
Link to this message
|
Quote:
So is the key to fixing the problem not to remove the entry from HjT, but allow fixwareout to do it for you?
No. After FixWareout reboots the computer HijackThis will automatically open. This is when you request the user to fix all the Wareout entries.
NOTE: For example use only
If I see these Wareout lines in a HjT log.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.clicksearchclick.com/index.php?aff=19
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmcup.exe] C:\WINDOWS\System32\dmcup.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.154.62,85.255.112.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.166.62,85.255.112.214
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.176.62,85.255.112.245
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.266
This is what I would post.
Download FixWareout from here.
Open it, click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin, follow the prompts. You will be asked to reboot your computer, please do so. Your system may take longer than usual to load, this is normal.
HijackThis will launch automatically. Click Scan, and check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.clicksearchclick.com/index.php?aff=19
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmcup.exe] C:\WINDOWS\System32\dmcup.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.154.62,85.255.112.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.166.62,85.255.112.214
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.244
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.176.62,85.255.112.245
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.62,85.255.112.266
Please post back with the contents of C:\fixwareout\report.txt and a new HijackThis log.
Edit--> Some users may experience connection problems after cleaning Wareout. In this case you would post this to them:
* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
· Double-click the Network Connections icon
· Right-click the Local Area Connection icon and select Properties.
· Highlight Internet Protocol (TCP/IP) and click the Properties button.
· Be sure Obtain DNS server address automatically is selected.
· OK your way out.
* Go to Start > Run and type in cmd
· Click OK.
· This will open a commad prompt.
· Type or copy and paste the following line in the command window:
ipconfig /flushdns
· Hit Enter
· Exit the command window
Do that before you restart.
Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log. <--End edit.
Quote:
I have read that your anti-virus should notice and remove all entries like this.
I don't know of any that will fully clean Wareout. I'd have to look into it more to be 100% sure. Do you have a link to where you read that? I know most of the time there will be an error during cleaning. And even if some files were deleted it's unlikely the AV will pick out all the .dll's and .exe's. It's just best to have the user run FixWareout.
This message has been edited since posting. Last time this message was edited on 9. November 2006 @ 18:48
|
Senior Member
|
10. November 2006 @ 14:02 |
Link to this message
|
Niobis
That site were I found that information about removing wareout led me to a McAfee site where it explained how to set it up to find undesirable programs. You are correct, it may or may not have worked.
Also as I was searching I found this site. Press here
|
Senior Member
|
10. November 2006 @ 14:11 |
Link to this message
|
Originally posted by syxguns:
Niobis
Also as I was searching I found this site. Press here
All the same. :)
|
|
mikefig
Junior Member
|
11. November 2006 @ 00:35 |
Link to this message
|
thanks for the help, here is the fixware out log but i cannot post the HijackThis log now beacause every time i try and start it up now, it comes up with a wanring message says, "unexpected error"
also, the good thing is that i no longer get redirected to 8.55 etc but now, when ever i press a link that opens in a new menu OR i open a link in a new menu manulally, the new window is blank, and is frozen. This is what i need help on now cheers
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}505F595BF000-8E0A-BD11-D9A6-02E361F6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jlxmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmxlj.exe"=-
"cslsg.exe"=-
...
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be legitimate FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
»»»»» Misc files
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM\CSCZW.EXE 51,761 2006-11-02
C:\WINDOWS\SYSTEM\CSMNA.EXE 51,761 2006-11-02
C:\WINDOWS\SYSTEM\CSLSG.EXE 51,761 2006-11-02
C:\WINDOWS\SYSTEM\CSWOW.EXE 51,761 2006-11-02
C:\WINDOWS\SYSTEM\DMFHY.EXE 60,983 1999-04-23
C:\WINDOWS\SYSTEM\DMXSZ.EXE 60,983 1999-04-23
|
Senior Member
|
11. November 2006 @ 06:15 |
Link to this message
|
Okay, will work on your 'second' problems after you're clean.
OH MY...! If the last two files listed are bad(I think they are) then you've have Wareout a very long time. Since 1999!
Restart in safe mode and delete these files:
C:\WINDOWS\System\CSCZW.EXE
C:\WINDOWS\System\CSMNA.EXE
C:\WINDOWS\System\CSLSG.EXE
C:\WINDOWS\System\CSWOW.EXE
Empty the Recycle Bin and restart in normal mode.
Go to Jotti's malware scan.
Copy/Paste these files into the "File to upload and scan" area one at a time
C:\WINDOWS\System\DMFHY.EXE
C:\WINDOWS\System\DMXSZ.EXE
Click "Submit".
Copy/paste the results to Notepad and save them.
Go to Add/Remove Programs and uninstall HijackThis.
Re-download it from the link above.
Extract the file.
Hopefully, that will allow you to scan.
Go here to run Kaspersky Online Scanner.
After downloading, click "My Computer" to scan.
After scanning, click "Save report as".
Save as a text file on the desktop.
If for some reason you can't run Kaspersky, run ActiveScan instead and post the log.
Please post back with both Jotti results, the Kaspersky(or ActiveScan) log, and a new HijackThis log(if possible).
|
|
mikefig
Junior Member
|
12. November 2006 @ 06:25 |
Link to this message
|
|
RESULTS !!!!!!!!
DMFHY
Service load: 0% 100%
File: DMFHY.exe
Status: INFECTED/MALWARE
MD5 482f2f1d3566235d08ba1ae30a3293e2
Packers detected: -
Scanner results
AntiVir Found Trojan/Small.FB.216
ArcaVir Found Trojan.Small.Fb
Avast Found nothing
AVG Antivirus Found Generic2.FEQ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DnsChange
F-Prot Antivirus Found W32/Backdoor.OKF
Fortinet Found W32/Small.FB!tr
Kaspersky Anti-Virus Found Trojan.Win32.Small.fb
NOD32 Found a variant of Win32/Small.FB
Norman Virus Control Found W32/Smalltroj.MED
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Small.fb
DMXSZ
Service load: 0% 100%
File: DMXSZ.EXE
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 482f2f1d3566235d08ba1ae30a3293e2
Packers detected: -
Scanner results
AntiVir Found Trojan/Small.FB.216
ArcaVir Found Trojan.Small.Fb
Avast Found nothing
AVG Antivirus Found Generic2.FEQ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found Trojan.DnsChange
F-Prot Antivirus Found W32/Backdoor.OKF
Fortinet Found W32/Small.FB!tr
Kaspersky Anti-Virus Found Trojan.Win32.Small.fb
NOD32 Found a variant of Win32/Small.FB
Norman Virus Control Found W32/Smalltroj.MED
VirusBuster Found nothing
VBA32 Found Trojan.Win32.Small.fb
|
|
mikefig
Junior Member
|
12. November 2006 @ 06:28 |
Link to this message
|
|
Kaspersky
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 11, 2006 6:20:42 PM
Operating System: Microsoft Windows 98 SE
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/11/2006
Kaspersky Anti-Virus database records: 227071
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
d:\
e:\
Scan Statistics
Total number of scanned objects 4816
Number of viruses found 1
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:25:27
Infected Object Name Virus Name Last Action
c:\WINDOWS\SYSTEM\dmfhy.exe Infected: Trojan.Win32.Small.fb skipped
c:\WINDOWS\SYSTEM\dmxsz.exe Infected: Trojan.Win32.Small.fb skipped
c:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\LOG8021X.TXT Object is locked skipped
c:\WINDOWS\Profiles\Michael\Cookies\index.dat Object is locked skipped
c:\WINDOWS\Profiles\Michael\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\Profiles\Michael\History\History.IE5\MSHist012006111120061112\index.dat Object is locked skipped
c:\WINDOWS\Profiles\Michael\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
c:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
c:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
c:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
c:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
Scan process completed.
|
Senior Member
|
12. November 2006 @ 14:50 |
Link to this message
|
|
Delete those two files.
You'll be clean after that. :)
|
|
mikefig
Junior Member
|
13. November 2006 @ 05:46 |
Link to this message
|
|
which two files? plus after my computer is clean, cuf you help me with the "open in new window problem" cheers
|
Senior Member
|
13. November 2006 @ 07:03 |
Link to this message
|
Originally posted by mikefig:
c:\WINDOWS\SYSTEM\dmfhy.exe Infected: Trojan.Win32.Small.fb skipped
c:\WINDOWS\SYSTEM\dmxsz.exe Infected: Trojan.Win32.Small.fb skipped
These are the two files Niobis mentioned to delete. Now the open in new window error might be corrected if you update your IE to version 7. You do not need to open items in new windows because you have tab browsing.
I however would go to http://www.mozilla.com/en-US/ and download Firefox 2. It is a much better browser than IE. You will need to add some features to it, but it is easy to do.
|
|
mikefig
Junior Member
|
13. November 2006 @ 08:51 |
Link to this message
|
|
ok but a couple of problems here, one internet 7 is not supported on windows 98 and the 2nd is that although mozilla is good, i like to hav msn and msn messenger need internet explorer 6 to run so if i have both, i lose quite a bit of memory
|
|
mikefig
Junior Member
|
17. November 2006 @ 06:58 |
Link to this message
|
|
hello, sorry for double posting but can i please have some help i have tried everything you have said but still nothing to sort out the opening in new window
|
|
Advertisement
|
|
|
Senior Member
|
17. November 2006 @ 07:31 |
Link to this message
|
You can still use MSN Messenger while running Firefox. There shouldn't be a problem with memory. Firefox is a much safer browser than IE 6. Get a couple of add-ons like No Script, Pop-Up blocker, and you can change your theme to have a different appearance. Try it and if you do not like it you may remove it.
I will see if I can figure out why the open new window opens blank. Make sure you have the latest updates to IE. Something may have been removed.
|
|
