|
i surfed the net & now my pc has spyware pop ups,i copied the highjacker file for you to help me out
|
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 10:19 |
Link to this message
|
|
ok hre goes wish me luck,what i have done is to print out what instructions you gave me so that i got it in my hand i will do all now of what you have asked of me,
i thought you went out i sen t you a few messages before but i got no reply even though what i saw on the profile was what i think just to protect you,no problem,lets now move on if you are around can you send me back a message to let me know you are there & to know you just got my message now,thank you bruce
|
|
Advertisement
|
 |
|
|
Member
|
29. March 2008 @ 10:22 |
Link to this message
|
|
I've sent you the message to your inbox. You can proceed to do the instructions. :)
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 10:50 |
Link to this message
|
|
hi ive set up the sdfix onto my desktop now ive rebooted & i went into safe mode but on the next page where it says please \sellect the opperating system to start i don't know which one to click on is it xp professional or is it microsoft windows recovery console,im running 2 pc's so im using the other one to send you the message same ip address but its all going through a edimax 5 way broard band roughter & its using my virgin media modem which is called webstar just thought it might be important for you to know,
will your reply still come to this computer i don't think it can vcan i don't know how to set up another hotmail account on this pc,
but ive got a hotmail account which in a couple of days i will delete if you know how i could put my same hotmail e-mail address onto this pc that would be great,this is the e-mail can you send it to me on what to do just for this one time now so i know what to do if i don;'t hear from you then i will just go ahead & to put it into xp profeeional
eazyrasta@hotmail.com
|
Member
|
29. March 2008 @ 10:55 |
Link to this message
|
|
Select Windows XP professional and proceed. :)
Since you have two computers, use one to see my reply and fix the other one.
Windows and system security is my priority.
This message has been edited since posting. Last time this message was edited on 29. March 2008 @ 10:57
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 11:22 |
Link to this message
|
the box has opened up into the destination white box where it says c:/ do i type anything into there & what is it you want me to type is it just y & then press enter to clean
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 11:36 |
Link to this message
|
|
did you get my last message
|
Member
|
29. March 2008 @ 11:43 |
Link to this message
|
|
Yes just type Y then Enter.
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 11:51 |
Link to this message
|
|
i typed in y next to the c:/ into destination & it was working fine at the end of it it just disapeard,then i pressed a few letters on the key board & nothing happened all i heard was a bleep sound coming from the pc
|
Member
|
29. March 2008 @ 11:55 |
Link to this message
|
|
Did it prompt you to restart your computer? If it didn't, restart yourself, this time restart in normal mode (get out of safe mode that is).
Follow the rest of the instructions from there.
Windows and system security is my priority.
This message has been edited since posting. Last time this message was edited on 29. March 2008 @ 11:56
|
Member
|
29. March 2008 @ 12:01 |
Link to this message
|
|
Hey,
I got to sleep now, it's late here. I'll help you tomorrow. Night.
~Ltangel~
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 12:08 |
Link to this message
|
|
ok but at least we are nearly finished send me the next message to let me know in uk time when you want to start again,if its 4.10pm here it must be 12.10am there sorry for keeping you up,goodnight bruce,one thing i can say we are both doing well,its nearly finished
|
|
engin123
Account closed as per user's own request
|
29. March 2008 @ 12:31 |
Link to this message
|
|
sorry to tell you this but theres nothing on the desktop nothing new anyway,all the items that are on there now are items that we had on there before there were only one new folder on its own with no name on it & inside the folder it was empty,plus there was an office word file or what do you call it but when i tried to open it up i couldn't it was like it was invisable looking like & also it said it cant open it up because it is corrupted & i hear some popping sound on the pc sometimes & when you want to reboot sometimes you get that box that opens up with that round circle in it with the red x & it makes that bad sound ,
it says that it has failed to finish properly inishalizing something along them lines,
so i cant find no fixstool on here,im stuck from after doing the reboot,because what it says on here never happened ,so im down to the last line which is 3 lines under the script where it says type y,im on the script where it says where the pc restarts the fixtool will run again & complete the removal process then display finished i never saw that ha
|
Member
|
29. March 2008 @ 23:44 |
Link to this message
|
Ok, skip that part and download the second tool (SmitFraudFix) and do the cleaning process.
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 04:51 |
Link to this message
|
ok,remember in the uk the clocks went forward one hour last night,i will do the cleaning task,iv'e saved it to my desktop is that ok,yesterday the good news was that the yellew little windows update came on to my start up menu & i updated it then inernet explorer came on onits own so i allowed it to download no7,after that everything was ok,until i think i put a add on on then this window pops up like it did before when this problem started,it only comes on now whenever you open up internet explorer 7,warning w42.myzor.fx@ is a virus that infects files with exe.extentions.it atempts to steel passwords,i cant write the rest of it its too long,so theres the update for you so far,i know that most of the things we all download has exe extentions in them so what do we do,i will have to try to keep these softwares to use them in future when explorer 7 gives me these problems,or do you have a desktop software that like an antivirus software it works its self or you just prompt it to work,should i get rid of explorer 7,i have got already avant browser & i got firefox beta 3,its just that my e-mail address & windows live i think are maybe linked up to it or can another browser do the same thing,the reason why i worry in the last 2 weeks when after latley i uninstalled explorer 7,when i tried do download or open certain items it told me that these extions could only be oppened by explorer 7
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 04:52 |
Link to this message
|
ok,remember in the uk the clocks went forward one hour last night,i will do the cleaning task,iv'e saved it to my desktop is that ok,yesterday the good news was that the yellew little windows update came on to my start up menu & i updated it then inernet explorer came on onits own so i allowed it to download no7,after that everything was ok,
until i think i put a add on on then this window pops up like it did before when this problem started,it only comes on now whenever you open up internet explorer 7,
warning w42.myzor.fx@ is a virus that infects files with exe.extentions.it atempts to steel passwords,i cant write the rest of it its too long,so theres the update for you so far,i know that most of the things we all download has exe extentions in them so what do we do,i will have to try to keep these softwares to use them in future when explorer 7 gives me these problems,
or do you have a desktop software that like an antivirus software it works its self or you just prompt it to work,should i get rid of explorer 7,i have got already avant browser & i got firefox beta 3,its just that my e-mail address & windows live i think are maybe linked up to it or can another browser do the same thing,
the reason why i worry in the last 2 weeks when after latley i uninstalled explorer 7,when i tried do download or open certain items it told me that these extions could only be oppened by explorer 7
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 04:57 |
Link to this message
|
|
ive closed all progras & clicked 2 to clean it said it might reboot but nothing is happening or moving do i have to press one to search,
|
Member
|
30. March 2008 @ 05:02 |
Link to this message
|
|
You need to press 1 to search for it first and give me a report.
Don't click on any pop ups or anything that looks suspicious, we don't want any more infections coming in!
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 05:07 |
Link to this message
|
|
ok bruce,good morning to you
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 05:12 |
Link to this message
|
|
i clicked 1 for seach & nothing happened then i took off the 1 & 2 then i spaced them out this time then i pressed enter,then it just disapeard,its still on my desktop
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 05:45 |
Link to this message
|
iv'e done it,what it was all i had to do was click onto number 2 then press enter,you didn't tell me that so i thought of trying it again & iv'e done it,you must be busy i sent you 2 messages alredy but im glad this was the one you were waiting for,send me back the details on what to do next,i will be back at 12.15 up to 12.45pm maybe even earlier,
SmitFraudFix v2.309
Scan done at 10:41:17.25, 30/03/2008
Run from C:\Documents and
Settings\EDDY\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] -
Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler
Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\SharedTaskScheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"="bimacula
te"
[HKEY_CLASSES_ROOT\CLSID\{d70e9b0f-aabc-4066-817
6-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d70e
9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\kknwg.dll ->
Hoax.Win32.Renos.gen.o
C:\WINDOWS\system32\kknwg.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\375013\ Deleted
C:\DOCUME~1\EDDY\FAVORI~1\Online Security
Test.url Deleted
C:\Program Files\NetProject\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet
NIC - Packet Scheduler Miniport
DNS Server Search Order: 62.30.112.39
DNS Server Search Order: 194.117.134.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{99525DF8-A407-
4756-8479-1E90AA2806D3}:
NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{99525DF8-A407-
4756-8479-1E90AA2806D3}:
NameServer=62.30.112.39,194.117.134.19
HKLM\SYSTEM\CS2\Services\Tcpip\..\{99525DF8-A407-
4756-8479-1E90AA2806D3}:
NameServer=62.30.112.39,194.117.134.19
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After
SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
|
Member
|
30. March 2008 @ 05:46 |
Link to this message
|
Ok, answer this question for me.
Did you do SmitfraudFix scan in normal mode or safe mode? You should NOT do it in safe mode.
Windows and system security is my priority.
|
Member
|
30. March 2008 @ 05:51 |
Link to this message
|
Good job, now let's do the following:
Run SDFix
Double click SDFix.exe and it will extract the files to C:\.
Please then reboot your computer in Safe Mode (Restart then press F8 before Windows starts)
[*] Open the extracted SDFix folder in C:\ and double click RunThis.bat to start the script.
[*] Type Y to begin the cleanup process.
[*] Press any Key to restart the PC.
[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
[*] Once the desktop icons load the SDFix report will open.
(Report.txt)
[*] Finally paste the contents of the Report.txt back on the forum with a new HijackThis log.
Go!
~Ltangel~
Windows and system security is my priority.
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 05:51 |
Link to this message
|
|
i did it on number 2 where it says clean (safe) mode recommended,
but there is another clean on there number 5 search & clean dns hijack
shall i do no 5 then send you the report then i will leave after that & come back,
im only going by what instructions you told me to go by bruce ,read what you asked me to click onto & read again after what i asked of you
|
Member
|
30. March 2008 @ 05:52 |
Link to this message
|
|
It's not necessary to run option 5, just run SDFix, as I've posted earlier. Go!
Windows and system security is my priority.
|
|
Advertisement
|
|
|
|
engin123
Account closed as per user's own request
|
30. March 2008 @ 07:37 |
Link to this message
|
|
ive done all of what you told me to do its just that after the final reboot the fixtool did not come onto the desktop to finish off its job
|
