|
|
|
Downloader.PurityScan.co
|
|
|
venissa
Suspended due to non-functional email address
|
3. November 2006 @ 09:18 |
Link to this message
|
|
Message has been removed.
This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 09:33
|
|
Advertisement
|
 |
|
|
Member
|
3. November 2006 @ 16:00 |
Link to this message
|
You got some strange entries, but I think those are some Vundo variants and some in the smitfraud family...
Download VundoFix: http://www.filepedia.com/desktop_softwar...ty/vundofix.cfm
Download SmitFraudFix: http://siri.geekstogo.com/SmitfraudFix.php
Download SUPERAntiSpyware: http://www.superantispyware.com/download...ANTISPYWAREFREE
- Update, install, do not run scan yet
Instructions (copy and paste insructions onto notepad if you want):
You will need to boot into safe mode, instructions here: http://www.computerhope.com/issues/chsafe.htm
Once in safe mode, run VundoFix, choose Scan for Vundo. This may take some time...If it detects anything, choose Remove Vundo...
After that, unzip the folder of SmitFraudFix, run smitfraudfix.cmd.
A blue screen with options will appear:
Now, choose option #2, hit "enter".
You will be prompted: Do you want to clean the registry? Answer Y (yes) and hit "Enter" in order to remove the Desktop background and clean registry keys associated with the infection
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file...
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
If you are prompted to reboot, go ahead and do so, but boot into Safe Mode again...
Now, (assuming you are back in safe mode), run SUPERAntiSpyware and click on Preferences, click on the tab: Scanning Control, click to check-mark everything under: Scanner Options. Click "Close". Now, click on Scan your Computer.... Check-mark hard drive(s). Enable Perform Complete Scan. Click "Next." It may take a while to scan your entire computer...
We will fix some of the entries later with Hijack This...
Post logs from VundoFix, SmitFraudFix (rappport.rxt), SUPERAntipsyware and Hijack This in your next response. To copy and paste the log from superantispyware, run SAS, click on Preferences, click on the tab: Statistics/Logs, choose the one was saved recently, click on "View Log..." This will pop-up and this will allow you to copy and paste...
 - Ideal way to deal with the MPAA~RIAA |
|
venissa
Suspended due to non-functional email address
|
6. November 2006 @ 05:58 |
Link to this message
|
|
This message has been removed
This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 09:33
|
Member
|
6. November 2006 @ 10:00 |
Link to this message
|
Looking good, let's finish getting rid of the nasties...
It seems as though some are saved in your system restore. To clear those:
Turning off System Restore
1) On the Windows task bar, click Start
2) Right-click My Computer, and then click Properties
3) On the System Restore tab, check "Turn off System Restore" or "Turn off System Restore on all drives"
**If you do not see the System Restore tab, you are not logged on to Windows as an Administrator**
4) Click "Apply"
5) When you see the confirmation message, click Yes
6) Click OK
Turning System Restore back on
1) On the Windows task bar, click Start
2) Right-click My Computer, and then click Properties
3) On the System Restore tab, uncheck "Turn off System Restore" or "Turn off System Restore on all drives"
4) Click "Apply"
5) When you see the confirmation message, click Yes
6) Click OK
Now, run Hijack This (Do a system scan only), remove these entries, if they exist:
R3 - URLSearchHook: (no name) - {77CB09BF-CC75-9F8B-7D56-BACE6599EBC9} - C:\WINDOWS\system32\tlr.dll (file missing)
O2 - BHO: (no name) - {1A11A399-C54D-4386-FEF5-02FFE18EA978} - C:\WINDOWS\system32\jklzpuf.dll (file missing)
O2 - BHO: (no name) - {77CB09BF-CC75-9F8B-7D56-BACE6599EBC9} - C:\WINDOWS\system32\tlr.dll (file missing)
O4 - HKCU\..\Run: [Sdx] C:\Documents and Settings\user\Application Data\?dobe\w?crtupd.exe
O4 - Startup: PowerReg Scheduler V3.exe
O20 - Winlogon Notify: winhfn32 - winhfn32.dll (file missing)
Download CWShredder: http://www.trendmicro.com/cwshredder/
After removing those entries using Hijack This, restart your computer...
Run CWShredder, accept the license agreement, click "Fix"
Update McAfee for the latest virus definitions and update SUPERAntiSpyware...
Run full system scans for both McAfee and SAS...
Post new logs of McAfee (if there is one), SAS, Hijack This
- Ideal way to deal with the MPAA~RIAA
|
|
venissa
Suspended due to non-functional email address
|
6. November 2006 @ 11:09 |
Link to this message
|
|
This message has been removed
This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 09:34
|
|
venissa
Suspended due to non-functional email address
|
6. November 2006 @ 11:13 |
Link to this message
|
|
This message has been removed
This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 09:40
|
Member
|
6. November 2006 @ 12:29 |
Link to this message
|
Did McAfee detect and remove any viruses/trojans?
Let's use BitDefender to clean up what McAfee may have missed:
http://www.bitdefender.com/scan8/ie.html
- You will need to use Internet Explorer to use this online scanner. Follow the instructions and accept the license agreement and do a full system scan and be sure to save a log (if it lets you)...
Download CCleaner (clears out files in your temp folder and other unnecessary files): http://majorgeeks.com/download.php?det=4191
Run CCleaner, click on Options (on the left side), click on "Advanced", uncheck Only delete in Windows Temp foldes older than 48 hours...click on Cleaner, click on Run Cleaner (on the bottom right)....
This may take some time depending on how much stuff you may have accumulated...
Run CCleaner first, then use BitDefender's online scanner...
After you are done, post logs from BitDefender and Hijack This
- Ideal way to deal with the MPAA~RIAA
|
|
Advertisement
|
|
|
|
venissa
Suspended due to non-functional email address
|
7. November 2006 @ 05:45 |
Link to this message
|
|
This message has been removed
This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 09:36
|
|
