LOL My Bad. Just a typo anythme you see something in brackets "[ or ]"
those are control characters and should not show up. Unless a mistake was made. : )
Rename it to scanner.exe or your name.exe anything but HijackThis.exe
Malware has figured out that it can be removed by HJT so it won't show up if it finds it.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
I'm starting to have many more problems now... The computer keeps giving me a blue screen that refreshes after a while and changes some of its text. I'm only able to copy down a few words of the boldfont text to a sheet of paper before it refreshes, but I have seen thus far: "UNEXPECTED_KERNEL_MODE_TRAP", "PANIC_STACK_SWITCH", and "KMODE_EXCEPTION_NOT_HANDLED"
Quote:A double fault can occur when the kernel stack overflows. This overflow occurs if multiple drivers are attached to the same stack. For example, if two file system filter drivers are attached to the same stack and then the file system recourses back in, the stack overflows.
You said you tried to fix the problem with some registry fixes..
Quote:I followed the RegEdit instrcutions given here, but that seems to do nothing! Help??
Not a good idea for a Novice?.
I don?t know if I can recover you, (no guarantees) but we?ll give it a try. I?ve got nothing to do for the rest of the night. ; )
This may result in having to reformat/reinstall your Operating System..
First, Do you have a System Disk or a Recovery Disk that came with your computer???
Is your System Restore turned on and do you have some old restore points that you can go back to, i.e. before the time of your registry fix?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
It just happened again (it seems to happen whenever I let the CPU idle for a bit), and this time it said "PAGE_FAULT_IN_NONPAGED_AREA".
I followed your HJT directions, and here is the log. I'll be honest, I'm a bit impressed that anybody can make anything from this mess of text!:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:22 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Quote:This may result in having to reformat/reinstall your Operating System..
First, Do you have a System Disk or a Recovery Disk that came with your computer???
Is your System Restore turned on and do you have some old restore points that you can go back to, i.e. before the time of your registry fix?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Go ahead and finish all the first instructions. I know what you are infected with now so, we'll see if we can get by without a system restore. Maybe not, but we can give it a try.
My concern is, by playing around in the registry, you could have borked some system files..
2OG
P.S. It is NOT a good idea to use RegEdit unless you KNOW what you're doing. That's the heart of the System! One slip and RIP! (that's rest in pieces)
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Sorry about that. I knew going into the Registry that that was the case, but from the little logic that I possess I was able to understand the instructions that were given and how using the binary code of the computer, the virus had just switched the Desktop and Screensaver tabs to "off." I'm just glad that I stumbled upon this site, because what you all have here is amazing and I really appreciate it.
I finished running the SUPERAntiSpyware scan (It took nearly 8 hours!) and cleaned up everything, and I'm going to post that log at the end of this post. Also, all of those boldface warnings that had me worried earlier? Well, as I suspected, they were part of a screensaver that the virus installed in lieu of my own - those sneaky knuckleheads... I'm going to continue to systematically follow the first set of instructions. Thanks again!!
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
This message has been edited since posting. Last time this message was edited on 15. July 2008 @ 09:11
You?re looking better. I just hope your playing with RegEdit don?t come back to haunt you..
Are you getting anymore of these error messages? "UNEXPECTED_KERNEL_MODE_TRAP", "PANIC_STACK_SWITCH", and "KMODE_EXCEPTION_NOT_HANDLED"
Quote:Do viruses like these have keylogging programs? I'm still worried to access any of my online accounts or personal information, as there is that chance...
I haven?t detected a Keylogger, yet. You have the Vundo Trojan. It?s not a keylogger, it just brings other Malware, Adware, etc. into your computer. It will sometimes bring in a Backdoor Trojan that will contain a Keylogger. This time, I don?t see any signs of one.
You have Azureus. P2P can be dangerous. I?m not going to suggest that you not use P2P, but I am going to say give it some thought and never install a downloaded P2P File without scanning it first with a good AntiVirus program. This may have been the source of your Trojan..
Vundo has a way of digging in deep, there are still some signs of it in your HJT Log.
Let?s do the following and see if we can dig it all out:
Download ComboFix from Here to your Desktop.
? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Do viruses like these have keylogging programs? I'm still worried to access any of my online accounts or personal information, as there is that chance...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:54 AM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Ad-Aware SE Personal
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3 Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
AVG Free 8.0
Azureus Bentley View XM Edition 08.09.04.51
BigFix
Broadcom 802.11 Network Adapter
CardRd81
CCScore
Combined Community CodecPack 2005-06-19 (Remove Only)
Conexant AC-Link Audio
CR2
DVD Solution
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Fallout2
GameSpy Arcade
GoZone iSync
Heroes of Might and Magic IV: Winds of War
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
ISO Recorder
iTunes J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 6
Kodak EasyShare software
KSU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital ImageStarter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Proofing Tools
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
myTunes Redux 1.0
Notifier
OfotoXMI
OTtBP
OTtBPSDK
PCGen5121
PDF Settings
PDFCanvas V1.3
Power2Go 4.0
PowerDVD
QuickTime Readiris 7.5
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SFR
SHASTA
SKIN0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tibia
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB953356)
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
VPRINTOL
Windows Backup Utility
Windows Defender Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
WinPcap 3.0
WinRAR archiver
WIRELESS
Xvid 1.1.3 final uninstall
Alright, I got your message, and I am going to post the new logs. Regarding the P2P, is it always a big hazard to download program files? I mainly only use it to watch old, old TV shows (Bill Nye was, and still is a genius!), but it's good to know that program files have high risks - I'll certainly avoid that. I actually got the virus from downloadin and running a video codec. I was playing around on the internet and on occasion some videos weren't running, so I downloaded the recommended codec - is there some way to tell if the "recommended" codecs are fake or not? I then scanned it with AVG to be doubly sure, and AVG said it was safe, but as soon as I ran it...well, you get the point. Guess I'm just ignorant.
Here is the ComboFix log:
ComboFix 08-07-14.2 - Owner 2008-07-15 13:45:55.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Application Data\rhc78uj0e13a
C:\WINDOWS\eepo.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:10 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Your Logs look great now? If you are having any problems, let me know so we can take care of it before it gets worse.. : )
I didn?t scold you for the P2P, just a little warning. I also download old movies and old rock & roll using utorrent, I like it better than Azureus because it don?t have all the ?Bells and Whistles? ; )
You?ll notice, I have removed you from my S.I.M.C. List at the end of this post.
Don?t take offence it?s Tongue in Cheek -> Simi Illiterate Malware Collectors lol ; )
Important: Please perform the 4 tasks below and then read and consider the rest.
Congratulations, your log looks CLEAN
There are a few things you must do once you are completely clean:
? Save it to your desktop. ? Run the tool by clicking on the icon.
? Click the Cleanup button.
? The tools that we used as well as this one will be removed from your system.
2. Please downloadATF Cleanerby Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All. ? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
3. Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
? Go to Start > Programs > Accessories > System Tools and click "System Restore".
? Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
? Then go to Start > Run and type: Cleanmgr ? Click "OK".
? Click the "More Options" Tab.
? Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
4. Defragment your Hard Drive
1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties. 3.On the Tools tab, click Defragment Now. 4.Click Defragment.
Here are some tips to reduce the potential for spyware infection in the future:
It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones are are Comodo Free and Online Armor Personal Firewall I have recently changed my firewall to Comodo, love it and highly recommend it..
Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.
I strongly recommend installing the following applications:
Go to these sites and read about these you may decide to use them, I do, because they work.
? Spyad<= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Malware, Cookies etc) from the sites listed, although you will still be able to connect to the sites.
? MVPS Hosts file<= The MVPS Hosts file replaces your current HOSTS file with one containing well know Malware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
If you don?t understand the Spyad or MVPS Host, just PM me and I?ll try my best to explain. I use MVPS and never get a virus while surfing.. period.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Hey 2OG, thanks again for all of your help in this - I really, really appreciate it.
I do have a couple of questions for you, if you don't mind taking the time to explain a few things. I guess the first would be, what, if any, of the various programs that I downloaded to remove the virus should I maybe keep active on my CPU? I've still got HJT, SUPERAntiSpyware, and ATF-Cleaner, and then I downloaded the programs that you recommended in your last post as well: Comodo Free, SpywareBlaster, Spyad, and the MVPS Hosts file. I'm not too sure what to do with/if I read correctly and downloaded the proper Spyad and MVPS Hosts file, and working with third party firewalls is also foreign to me, so any instructions there would be great. From what I read on the sites offering them, I couldn't quite make out how to use them effectively, or if I was going to need the ZonedOut program as well.
Also, on my CPU I currently have AVG Free 8.0, Windows Defender, Lavasoft Ad-Aware SE Personal, and Spybot - Search and Destroy - What of these, if any, should I keep, again keeping in mind the several new ones that you had me download? There are so many programs!!!
Thanks much, 2OG, and I look forward to your response!
Walt
P.S.
I don't quite understand the S.I.M.C. list. I get what you're saying, but is this just some list that you keep with you? (ie, It's not actuully on the posts? You had me looking for some sort of reference that was part of your posts, listing me as being S.I.M.C.) In any case,thank you for telling me that I'm not an idiot. ::laughing:: Cheers!
P.P.S.
You wouldn' happen to know how to best fix an apparently broken g key on a Gateway MX6437 Notebook keyboard, would you? My hardware knowledge is unfortunately even more sorely limited than that of my software...
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Quote:Hey 2OG, thanks again for all of your help in this - I really, really appreciate it.
That?s what makes it all worthwhile. You?re welcome.
Quote:I do have a couple of questions for you, if you don't mind taking the time to explain a few things. I guess the first would be, what, if any, of the various programs that I downloaded to remove the virus should I maybe keep active on my CPU? I've still got HJT, SUPERAntiSpyware, and ATF-Cleaner, and then I downloaded the programs that you recommended in your last post as well: Comodo Free, SpywareBlaster, Spyad, and the MVPS Hosts file. I'm not too sure what to do with/if I read correctly and downloaded the proper Spyad and MVPS Hosts file, and working with third party firewalls is also foreign to me, so any instructions there would be great. From what I read on the sites offering them, I couldn't quite make out how to use them effectively, or if I was going to need the ZonedOut program as well.
I would keep everything there, except Spyad. It?s a little hard to understand and MVPS, in my opinion, works just as well.
Rule of Thumb is to have a good AntiVirus, a Firewall and a Malware scanner. Every computer and every computer user is different so use what works for you, in your situation. Try new programs and if you like them, change, else keep what you have. ; )
One thing that I do very strongly suggest is: MVPS
Make a New Folder and place it in there before you right click and un-zip it. It has some files you won?t need and can clutter your desktop : )
In most cases a large HOSTS file (over 135 kb) tends to slow down the machine.
To resolve this issue (manually) open the "Services Editor"
? Go to -> Start -> Run (type) "services.msc" (no quotes)
? Scroll down to "DNS Client", Right-click and select: Properties ? Click the drop-down arrow for "Startup type"
? Select: Manual, or Disabled (recommended) click Apply/Ok and reboot.
The above "Service" is not needed therefore can be Disabled...
Now install the new Host file by going to your New Folder where you un-zipped the Host.zip and locate mvps.bat and double click on it..
Your MVPS Host file has been installed and you are now protected..
Along with SpywareBlaster you are now blocking Bad Sites, Tracker Cookies, Bad ActiveX, Pop-Ups, Drive-By Trojans, etc., etc., etc.
Be sure to update your SpyBlaster every 2 weeks or so.
To receive notifications of MVPS Updates see -> HERE
Quote:Also, on my CPU I currently have AVG Free 8.0, Windows Defender, Lavasoft Ad-Aware SE Personal, and Spybot - Search and Destroy - What of these, if any, should I keep, again keeping in mind the several new ones that you had me download? There are so many programs!!![/quote
I personally don?t like Windows Defender, I think M$ blew it on this one.. IMHO
I prefer Avira AntiVir over AVG 8.0 - AVG has tried to incorporate so much into this one that it tends to eat system resources and slow your browser down? again IMHO
Quote:P.S.
I don't quite understand the S.I.M.C. list. I get what you're saying, but is this just some list that you keep with you? (ie, It's not actuully on the posts? You had me looking for some sort of reference that was part of your posts, listing me as being S.I.M.C.) In any case,thank you for telling me that I'm not an idiot. ::laughing:: Cheers!
If we didn?t have a little fun, life would be so boring!!
Quote:P.P.S.
You wouldn' happen to know how to best fix an apparently broken g key on a Gateway MX6437 Notebook keyboard, would you? My hardware knowledge is unfortunately even more sorely limited than that of my software...
I tend to do Software and NOT Hardware, unless it?s mine and I have no other choice?.
p.s. My fingers are too large to comfortably work on a Laptop ; )
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
? Double-click SUPERAntiSypware.exe and use the default settings for installation.
? An icon will be created on your desktop. Double-click that icon to launch the program.
? If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.) ? Under the "Configuration and Preferences", click the Preferences... button.
? Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked. ? Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked): o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
? Click the "Close" button to leave the control center screen and exit the program.
? Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All. ? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".
Scan with SUPERAntiSpyware as follows:
? Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer. ? On the left, make sure you check C:\Fixed Drive. ? On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
? After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
? Make sure everything has a checkmark next to it and click "Next".
? A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
? If asked if you want to reboot, click "Yes" and reboot normally.
After Rebooting to Normal Mode:
? To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply. ? Click Close to exit the program.
? From the desktop open Hijackthis.
? If using Windows Vista, Right-click and Run As Administrator.
? Click on the Do a system scan and save a log file button
? Hijackthis will scan and then a log will open in notepad.
? Copy and then paste the entire contents of the log in your post. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required
Make an uninstall list using HijackThis To access the Uninstall Manager you would do the following:
1. Start HijackThis 2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Please post the HijackThis log, SUPERAntiSpyware Log and Uninstall list in your next reply.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Im having the same problem and was wondering if i could get some help. ive already done the 3 scans and have the logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:32 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Ad-Aware SE Personal
Adobe Flash Player 9
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AntivirXP08
AppCore
ATI Control Panel
ATI Display Driver
AV
Battlefield 2(TM)
Battlefield 2: Special Forces
ccCommon
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX Web Player
GameSpy Arcade
GearDrvs
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP Multimedia Keyboard Software
HP Software Update
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 11
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Maxthon Browser (remove only)
Media Center Extender
Media Center Extender
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MozillaFirefox (2.0.0.16)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
neroxml
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
QuickTime Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoulSeek Client 156c
SPBBC 32bit
SUPERAntiSpyware Free Edition SuppSoft
Symantec Technical Support Controls
SymNet
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB900485)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB953356)
Updates from HP (remove only)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Winamp (remove only)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Yahoo! Messenger
ZENcast Organizer
IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis
Delete Files on Reboot
Start Hijackthis Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot.
Navigate to each file/folder in red and click on it once, and then click on the Open button.
C:\Program Files\rhcl1oj0eeq9
You will now be asked if you would like to reboot your computer to delete the file.
Click on the Yes button if you would like to reboot now, otherwise click on the No button to reboot later.
after the reboot,
Download ComboFix from Here to your Desktop.
? Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". ? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:57 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
ComboFix 08-08-06.01 - HP_Administrator 2008-08-06 15:10:02.1 - NTFSx86
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\7VL6XV4K\interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\7VL6XV4K\interclick.com\ud.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\HP_Administrator\Application Data\rhcl1oj0eeq9
C:\Documents and Settings\MCX1\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62d0ec33-46e0-11dc-b679-0013d3f995b1}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
? Save it to your desktop. ? Run the tool by clicking on the icon.
? Click the Cleanup button.
? The tools that we used as well as this one will be removed from your system.
2. Please downloadATF Cleanerby Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
? Under Main "Select Files to Delete" choose: Select All. ? Click the Empty Selected button.
? If you use Firefox browser click Firefox at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? If you use Opera browser click Opera at the top and choose: Select All ? Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
? Click Exit on the Main menu to close the program.
3. Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
The easiest and safest way to do this is:
? Go to Start > Programs > Accessories > System Tools and click "System Restore".
? Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
? Then go to Start > Run and type: Cleanmgr ? Click "OK"
Select the drive you want to clean usually C: Click OK When it completes the scan:
? Click the "More Options" Tab.
? Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
5. Defragment your Hard Drive
1.Open My Computer.
2.Right-click the local disk volume that you want to defragment, and then click Properties. 3.On the Tools tab, click Defragment Now. 4.Click Defragment.
And here are some tips to reduce the potential for spyware infection in the future:
It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Two good ones are are Comodo Free and Online Armor Personal Firewall I have recently changed my firewall to Comodo, love it and highly recommend it..
Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.
I strongly recommend installing the following applications:
Go to these sites and read about these you may decide to use them, I do, because they work.
? Spyad<= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Malware, Cookies etc) from the sites listed, although you will still be able to connect to the sites.
? MVPS Hosts file<= The MVPS Hosts file replaces your current HOSTS file with one containing well know Malware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
