|
Some1 please help me save my computer
|
|
|
shameek
Suspended permanently
|
15. February 2006 @ 06:29 |
Link to this message
|
|
i know guys this maynot be the forum or website to ask this question so im sorry but i have Trojan Spy HTML Bankfraud IX on my computer i have trojen remover and spyware doctor on my computer and nothing can kill this thing can some1 please help i have credit card info on my computer i dont want to do a factory reset please help also i have googled this and cannot find nothing to kill it
|
|
Advertisement
|
 |
|
|
Senior Member
|
15. February 2006 @ 09:48 |
Link to this message
|
|
Can you delete the file(s) manually? Are you saying it's detected, but it can't delete it?
|
|
ddp
Moderator
|
15. February 2006 @ 13:40 |
Link to this message
|
|
moved
|
|
dg0896
Suspended permanently
|
15. February 2006 @ 14:11 |
Link to this message
|
|
Do this!
1. In your computer's start menu, click My computer.
2. Right click on whatever hard drive(or drives) you are using.
3. click on format on the drop down menu.
4. Check the Quick format box.
5. Click start
6. Say yes to the question it asks you.
7. Repeat for all drives.
If you have any questions that have not been awnsered send me a private message ASAP.
Newbies guide to backing up and playing ps2 DVD games:
http://forums.afterdawn.com/thread_view.cfm/299140
visit i_suck's ps2 website http://ps2burns.host.sk
Before posting search for awnsers throughout the sight.
Understatement: All information given by me is true to the best of my knowledge. The 100% accuracy of the information I give cannot be guaranteed.
DG0896
Proud Senior Member
Afterdawn.com |
Senior Member
|
16. February 2006 @ 11:20 |
Link to this message
|
NO dont do that, we dont have to format it yet.
This is what we'll do for now, send in a HJT log and we'll find the b****** and delete it, heres how.
http://www.download.com/HijackThis/3000-8022_4-10227353.html (usefull for finding problems)
Heres how to use it, btw thanks to axxxel for posting this info.
-> download -> Unzip to C:\HJT-> Press Ok and Close window
Make sure that you actually extract HijackThis to its own folder: C:\HJT.
DO NOT run it from within a zip manager (Winzip), or Desktop as no backups will be saved.
----------------------------------------------------------------------
Step 4: Scan your computer
Now Open Hijackthis -> Click "Do a system scan and save log file"
Hjt will scan your computer for about 15 sec. -> Log file will pop up.
Most items are perfectly fine. You should not remove them.
Never remove everything by yourself.
This forum will now help you work with the Experts to clean up your system.
-> Copy and paste the contents of the HijackThis log into your post.
Make new thread for your own log
Post full log, begins with: Logfile of HijackThis v1.99.1... etc
This message has been edited since posting. Last time this message was edited on 16. February 2006 @ 11:21
|
|
dg0896
Suspended permanently
|
18. February 2006 @ 13:50 |
Link to this message
|
|
Well I guess either his computer crashed or he forgot about this thread. If he'd had listen to mee his computer would have been fine.
If you have any questions that have not been awnsered send me a private message ASAP.
Newbies guide to backing up and playing ps2 DVD games:
http://forums.afterdawn.com/thread_view.cfm/299140
visit i_suck's ps2 website http://ps2burns.host.sk
Before posting search for awnsers throughout the sight.
Understatement: All information given by me is true to the best of my knowledge. The 100% accuracy of the information I give cannot be guaranteed.
DG0896
Proud Senior Member
Afterdawn.com This message has been edited since posting. Last time this message was edited on 18. February 2006 @ 13:50
|
Senior Member
|
18. February 2006 @ 14:03 |
Link to this message
|
|
yep it woudlve worked but you cant format while in windows, it has to be done in DOS and then youd have to get him the disk for it,that info you put there would most likely not do anything at all,it would come up saying "cannot format disk is in use"as your in windows,if you did it right it would work sure but he would have lost all his data over somthing that could have been fixed easily..
But some people do kinda do this, they ask the qeustion on like 10 sites and just go to the one that gives you the fastest fix..
|
|
dg0896
Suspended permanently
|
18. February 2006 @ 15:02 |
Link to this message
|
|
oh well.
If you have any questions that have not been awnsered send me a private message ASAP.
Newbies guide to backing up and playing ps2 DVD games:
http://forums.afterdawn.com/thread_view.cfm/299140
visit i_suck's ps2 website http://ps2burns.host.sk
Before posting search for awnsers throughout the sight.
Understatement: All information given by me is true to the best of my knowledge. The 100% accuracy of the information I give cannot be guaranteed.
DG0896
Proud Senior Member
Afterdawn.com |
Senior Member
|
19. February 2006 @ 02:24 |
Link to this message
|
|
lol no worrys buddy :P
|
|
ibkwaazi
Suspended due to non-functional email address
|
20. February 2006 @ 21:54 |
Link to this message
|
HELP!!! I also have the Bankfraud.IX trojan and can't get rid of it. I've never seen anything like it. Spyware Doctor logs 188 infections! I clear them but they keep coming back.
Here is Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 1:14:29 AM, on 2/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [1ClickSweep] C:\Program Files\Secure PC Solutions\1ClickSweep\1ClickSweep.exe
O4 - HKLM\..\Run: [rscn] C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4X2JSLUV\svchost[1].exe ymmud
O4 - HKLM\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcins...
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup160.cab
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
|
|
-kemisti-
AfterDawn Addict
|
20. February 2006 @ 22:37 |
Link to this message
|
@ibkwaazi
First, move HjT int its own folder -> c:\hjt
Fix with HjT (do a system scan only, checkmark these and press fix checked):
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [rscn] C:\DOCUME~1\BRORON~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4X2JSLUV\svchost[1].exe ymmud
O4 - HKLM\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe
O4 - HKCU\..\Run: [0162e2f42bc] C:\WINDOWS\System32\0162e2f42bc.exe
Download ewido -> http://www.ewido.net/en/download and update it
Boot in safe mode (tap F8 while booting)
Delete this, if found:
C:\WINDOWS\System32\0162e2f42bc.exe
Delete all files this directory:
C:\DOCUME~1\BRORON~1\LOCALS~1\Temp
Scan with ewido and save report.
Reboot normally, send a fresh HjT log and ewido's report.
|
Member
|
21. February 2006 @ 10:38 |
Link to this message
|
boot to safemode under administrator if the program will not uninstall with the internet running.Run hijack this to delete it out of the registry or run ccleaner to remove activeX and other installers out of the registy.Run Ad-Aware pro or other ad remover program and update your ant-virus protection.And don't put credit card information on a computer it's not a smart to do that when people can look at you computer with spyware.
Is it crap or is it memorex?
|
|
dg0896
Suspended permanently
|
21. February 2006 @ 10:58 |
Link to this message
|
|
If necesary use my above instructions to re-format your computer.
WARNING IMPORTANT: re-formatiing will delete all of your files only re-format if necesary.
If you have any questions that have not been awnsered send me a private message ASAP.
Newbies guide to backing up and playing ps2 DVD games:
http://forums.afterdawn.com/thread_view.cfm/299140
visit i_suck's ps2 website http://ps2burns.host.sk
Before posting search for awnsers throughout the sight.
Understatement: All information given by me is true to the best of my knowledge. The 100% accuracy of the information I give cannot be guaranteed.
DG0896
Proud Senior Member
Afterdawn.com This message has been edited since posting. Last time this message was edited on 21. February 2006 @ 10:59
|
|
Advertisement
|
|
|
|
dg0896
Suspended permanently
|
21. February 2006 @ 11:01 |
Link to this message
|
|
The logfile looks like the virus is attacking your Mcafee virus scan and other important files.
If you have any questions that have not been awnsered send me a private message ASAP.
Newbies guide to backing up and playing ps2 DVD games:
http://forums.afterdawn.com/thread_view.cfm/299140
visit i_suck's ps2 website http://ps2burns.host.sk
Before posting search for awnsers throughout the sight.
Understatement: All information given by me is true to the best of my knowledge. The 100% accuracy of the information I give cannot be guaranteed.
DG0896
Proud Senior Member
Afterdawn.com |
