453 Posted Topics
 | [QUOTE=Michael_Knight;542026] My advice for removing anything is to turn off [B]System Restore [/B]first. [/QUOTE] That used to be the prominent opinion three or four years ago. I admit I used to advise the same.... But now, with the influx of much more complex and difficult malware, the concensus in the …  |
| | Sounds like you got a lot more than just a Hijacked Desktop. Please have a look at my linky here--> [URL="http://forum.networktechs.com/showthread.php?t=49"]PhilliePhan's Malware Cleaning Steps[/URL] Please obtain the HJT Log (if you want to update to Trend Micro's version of HJT, that's cool) and also do the ESET online scan step. … |
| | [QUOTE=overwhelmed;521302]download CCleaner from the link in my signature, that has a registry cleaner in it.[/QUOTE] What is the point of this? Are you inferring that posters should have it "Scan for issues?" Because, that is not good advice. Only people familiar with how the registry works should do this. And, … |
| | [QUOTE=benny73;539849]. When I open firefox it keeps opening windows that say build yahoo toolbar. [/QUOTE] Not sure what you mean.... Did you install yahoo add-on? Can you post a screencap or url of the page? [url]http://help.yahoo.com/l/us/yahoo/toolbar/troubleshootff/toolbar-55.html[/url] -- At very quick glance, your HJT looks OK, but you should update your …  |
| | [QUOTE=e.p.i.;539040]hey... im in need of some aid for my laptop... lately it's been really slow starting up and applications have been taking a while.. anyone who knows how to analyze HijackThis! logs and could help me would be greatly appreciated.[/QUOTE] Your HJT log looks OK. But, that doesn't mean a … |
| | [QUOTE=bdmallalieu;298472]Besides Windows DEFENDER, how many other anti-spyware programs (e.g. Freebies) do you recommend sensibly installing on a notebook? Am I right that too many can cause conflicts and/or reduce operating speed? Which one's do you suggest? (I am running XP Pro SP2)[/QUOTE] You can get by just fine with a …  |
| | [QUOTE=ghrantt;330308]hello im new to the site and it appears others have had help from you attached is my hijackthis log please help me. my explorer directs me to different places other than my intended search and dumps me out of explorer if i try to back out . here is … |
| | [QUOTE=Meddle11;329935]Hi, Well I've completely hit the wall on this one. Short of formatting I've used all of the programs listed on your forum to try and exorcise this thing from the teenage boy's computer...[/QUOTE] No need for such drastic measures! :cool: Please EXTRACT HijackThis from the ZIP to a [b]safe[/b] … |
| | [QUOTE=Rockman;328474]There you have it. I am not very computer literate (when it comes to problems like these). I would appreciate any help you can offer. Thanks.[/QUOTE] No Worries! The fix is pretty straightforward. Let us know if you have any questions. FIRST: Navigate to HijackThis.exe and RightClick on it and … |
| | C:\WINDOWS\system32\protector.exe C:\WINDOWS\system32\ntio256.sys These two are a malware downloader and the FOOP Rootkit driver that protects it. I am interested in seeing if AVG Anti-spy can remove it. The Legacy Reg Keys are a pain to remove. Sp please do have AVG try to clean all it finds! PP :)  |
| | Also, you are running a very old version of HijackThis on your unpatched system. You should install the latest version of HJT. (v1.99.1) And, while you are at it, please[B] RENAME HijackThis.exe to goodscan.exe[/B] so certain malware cannot hide from it. -- Crunchie will tell you which Windows Updates to … |
| | [QUOTE=GREENHOUSE;320975]Hi all spybot found these SPYARSENAL MICROSOFT WINDOWS SECURITY ANTIVIRUS DISABLE NOTIFY. MICROSOFT WINDOWSECURITY FIREWALL DISABLE NOTIFY. Would these have replicated and should i reinstall after these? :sad:[/QUOTE] A reinstall would be a bit extreme. :cool: You should investigate SPYARSENAL - Sounds like something you'll need to track down and … |
| | [QUOTE=Josh S;319043]Im kinda getting the impression theres nothing wrong with my HJT log. If no one can spot anything can they tell me that the HJT log is fine and i'll consider getting someone in to fix it. Thanks[/QUOTE] Hi Josh, At very quick glance, I do not see anything … |
| | Honestly, Vik, if this computer is only two weeks old I suggest returning/exchanging it. It sounds like there is more going on/wrong than just malware. Take it back and get an exchange. And, make them give you a Windows OS disc! Or, have them burn one for you (using your … |
| | Re: lsas.exe Sounds like a worm or two..... --- Didn't you have another thread recently where you ended up Re-Formatting? --- Six instances of svchost.exe running is not unreasonable. Anyhoo, I'd be happy to have a look ( time permitting ) Follow the [URL="http://forum.networktechs.com/showthread.php?t=49"][B][COLOR="Blue"]steps that I have written here[/COLOR][/B][/URL]. Please obtain the … |
| | [QUOTE=Zyan17;316166]I recently had a virus problem and virus protection took care of it. . . . [/QUOTE] Wow - I have not seen this many different infections on a machine in quite some time! You have collected quite a diverse boatload of malware! [B]It may be easier to simply reformat … |
| | GetRunKey is a tool created by my friend Chaslang at Majorgeeks. If you are following the "Read and Run Me First" that he wrote, I suggest going ahead and posting a thread for help in his Forum and let him know you had difficulty downloading GetRunKey. Best Luck :) PP |
| | You have a fairly serious baddie that is protected by a rootkit. If nobody else is here able to help you clean your compy, I will try - I do not have a lot of Forum time these days.... C:\WINNT\system32\[B]xcttgs.dll [/B]-> Backdoor.Haxdoor.ky : Error during cleaning. [408] C:\WINNT\system32\[B]xcttgs.dll [/B]-> Backdoor.Haxdoor.ky … |
| | Hey guys, I have run across something similar to this a few times. Hard to tell from just a HJT Log, but..... You may likely have a baddie in the Nuwar or Peacomm family. Some components may be protected by a rootkit. Also - you may have been initailly infected … |
| | Hi Sarah, There are a few "iffy" items in the combofix log - we'll figure them out later. [B]First, these steps need to be run - pretty much same as before [/B];) You may want to print out these instructions for reference, since you will have to restart your computer … |
| | [QUOTE=lrsears;314458]Here's my Hijack log, can you help? Thanks, Ray[/QUOTE] Hi Ray, That's a baddie and you should be able to remove it. You just need to stop it from running via Task Manager, fix any related entry(s) with HJT and then DELETE the file using Windows Explorer. I can talk … |
| | [QUOTE=Swapnil30;314785]It might be related to AIM, since i downloaded it a few hours after I booted up my PC for the first time. [/QUOTE] The linky I gave you in the other thread [url]http://www.daniweb.com/techtalkforums/thread69791.html[/url] should explain why you cannot find this AIM-related file after you do not allow it to … |
| | [QUOTE=Swapnil30;314281]Hi, I just got my new laptop yesterday, which came with Vista Premium.[/QUOTE] [B]EXEC.EXE[/B] has been used by both legitmate apps and baddies. You would really need to look at it more closely to make the distinction. (check properties or upload to an online scanner such as Jotti...) However, I … |
| | [B]Hi somethingelse, I have replied to your thread on this topic at Spywarewarrior.com. Cheers :) PP[/B] |
 | Re: Hijack This [QUOTE=maui_mallard;313523]Hey, I see alot of people have hijack this logs in here. Should I have Hijack this? If so why?? I used to have it on my computer before I formatted it. I never put it back on because I thought it was some type of spyware....obvisously it was not. … |
| | Re: Immortal vermin? [B]I do not want to get in Crunchie's way here, but try this:[/B] 1. Download this file : [url]http://download.bleepingcomputer.com/sUBs/combofix.exe[/url] [url]http://www.techsupportforum.com/sectools/combofix.exe[/url] 2. DoubleClick [B]combofix.exe [/B]& follow the prompts. 3. When finished, it shall produce a log for you. Please submit that for us. [I]Note: [/I] Do not mouseclick combofix's window while … |
| | [QUOTE=zeon;312122]Can anyone tell me if this IS actually causing the problem and if so what else cn i do besides changing the DNS back to automatic?[/QUOTE] I did not read that quote, but I can tell you that you have what is referred to as a Wareout infection. Give me … |
| | [QUOTE=natkia;312591]Whilst I am not the most knowledgable in computers, I have discovered that my browser has been hijacked. If someone could please look at the copy of my log below and let me know what I need to get rid of it would be very much appreciated. If there is … |
| | [QUOTE=carriemendez;307494]sites take 4ever to open and my computer takes just as long. Many thanks! Logfile of HijackThis v1.98.2[/QUOTE] Hi Carrie, It looks like you have a few malware issues. --- Your HJT is an old version and outdated. Let's kill a few birds with one stone and do this: Please … |
| | [QUOTE=RBay142;310385] i downloaded hj, and here is my log, i also have just downloaded avg anti spyware.[/QUOTE] I see a few problems in your HJT Log. But first, it looks like you installed AVG [B]Anti Virus[/B] instead of[B] Anti-Spyware[/B] - that is not good, because it will interfere with your … |
| | [QUOTE=yellowaxe5;310004]sorry about the crappy log but i don't know how to put it in without it messing up and the attachment button isnt worrking im guessing its because of my lame screwed up computer thanks for any help[/QUOTE] [B] Just make sure "word wrap" is turned OFF when you save … |
| | Hi Greg, This sounds like the work of a particular trojan to me. Please look at [URL="http://forum.networktechs.com/showthread.php?t=49"] [COLOR="RoyalBlue"][B]these steps I have written [/B][/COLOR] [/URL] and obtain the three logs as directed and post them here. 1- Kaspersky 2- AVG Anti-Spy 3- Fresh HJT Log They should give us the necessary … |
| | [QUOTE=jack_claud;309602]I think i am hit by a virus/spyware. I got a windows security alert balloon. when i restarted my computer, it disappeared but my desktop background is stuck with a blue color and when i try to change it, the option seems to be locked or diabled. I tried to … |
| | Re: downloader-AFH Actually, this is a Smitfraud infection. There are a couple dedicated removal tools for this. -- A note on HJT and Online Analyzers. Both miss a lot. An online analyzer is only as good as it's DB and there are a ton of baddies that do not show in a … |
| | [QUOTE=pip22;308138] 2. Now update your AV program and do another full and thorough scan.[/QUOTE] Flushing System Restore might be a bit hasty since AVG Anti-spyware did not show and infected restore points - If the scan is done properly, it should show them. Also, it's pretty difficult to update an … |
 | [quote=freakNpink;306906]My computers been acting "weird" for awhile. I ran a few programs and here are my results... Considering I don't know much about this I am kindly asking for help.:cheesy:[/quote] --- What is the "weird" behavior? --- What makes you think there is a rootkit on your machine? --- Note … |
| | Re: Help Rundll! [QUOTE=DonCheTito;306481]Yup...I found all 3 of those files. Also, I realized I never removed the creative file from hijack this. What's the next step with those 3 files you were talking about and should I run HT and remove the creative file?[/QUOTE] Just to butt in and back out quickly ;) … |
| | [QUOTE=cbbcisace;306849]his is my log is there anything wrong with my computer?[/QUOTE] Oh yeah . . . . A boatload of malware in that log including some nasty backdoors and a DNS hijacker. [COLOR="Navy"] -- [B]In cases like this, it might be easier/better to reformat.[/B] Also, you should [I]assume[/I] that any … |
| | Hi Eander, If nobody else answers, I suggest you follow [URL="http://forum.networktechs.com/showthread.php?t=49"][COLOR="Blue"]my steps outlined here[/COLOR][/URL] and [I]attach[/I] the requested scanlogs to this thread. -- Kaspersky Log -- AVG Anti-spy Log -- HijackThis Log If none of the other volunteers here is able to help, I will try to check back. Have … |
| | Some additional info for you. The link below can explain it better than I ever could. ;) See post #8 for the FFF entries.... [URL="http://forums.techguy.org/windows-95-98-me/128272-can-i-delete-internet-logs.html?"][B][COLOR="Blue"]Click the LINKY[/COLOR][/B][/URL] PP :) |
| | Hi gjeha, You have what look to be a couple of the nastier baddies that are making the rounds. We'll try to get the bulk of them in one pass (though one baddie replaces legit files with malware and we'll have to reconstitute to good files to their proper locations … |
| | [QUOTE=Tommi909;303465]rogram AVG Anti-Spyware - Správa o vyhľadávaní --------------------------------------------------------- C:\syst.exe -> Downloader.Small.dam : Vyčistené so zálohou (karanténa). [/QUOTE] Hi Tommi, It looks like AVG quarantined [B]syst.exe[/B]. As for your other problem, you might try the advice in this link: [B][url]http://forum.hijackthis.de/showthread.php?p=98121[/url][/B] Best Luck :) PP [COLOR="Red"]**[/COLOR] You might want to consider installing … |
| | [QUOTE=pkk76;301150]Quite some time ago, I had the 'Symantec Email Proxy' problem where 'Scanning Message One of One' kept on popping up, and it kept on sending random e-mails to unknown IPs and what not.[/QUOTE] Hi Kevin, I am not sure about the Symantec problem, but you do have a couple … |
| | [QUOTE=stephaniey;299369]mcafree on my computer just detected i have a new win32 virus (is the new win32 virus and just win 32 virus different??) i spent the last three hours searching and struggling to get rid of this thing;[/QUOTE] Hi Stephanie, I do not believe this is a specific virus - … |
| | [QUOTE=Lavatan;300478]No help huh? No one at all?[/QUOTE] Sorry. These forums are based upon the good will and free time of volunteers. Usually there is plenty of good will to go around, but never enough free time! :) When I post at SpywareWarrior, for instance, there is often a wait of … |
| | [QUOTE=piratesfromhell;300208] I have also run Hi-Jack this, however I cannot find anything I need to get rid of. [/Quote] [B]What about these?[/B] O15 - Trusted Zone: [url]http://locator.cdn.imageservr.com[/url] O15 - Trusted Zone: [url]http://scanner.sysprotect.com[/url] O15 - Trusted Zone: [url]http://*.systemdoctor.com[/url] O15 - Trusted Zone: [url]http://download.cdn.winsoftware.com[/url] O15 - Trusted IP range: [url]http://195.95.*.*[/url] O15 - … |
| | [QUOTE=JoDaCoda;300228]I know this post is a little old, but I thought I might add a possible solution. I am having the same problem. . . . [/QUOTE] That could be, but my money is on the [B]Backdoor SDBot [/B]being the culprit in this case: [B]O4 - HKLM\..\RunServices: [Windoxs Update Center] … |
| | [quote=The Ozzman;295666]At 1st there were also infected restore files but i was able to get rid of those by disbaling the system restore. According to AVG there are still two infected files in the virtual memory.[/quote] Hi Ozzman, This is typical of a Wareout infection. Please do the following: [B]FIRST: … |
| | Hi Norman, Let's have a look, shall we? [B]FIRST:[/B] Download [B]HijackThis[/B] from [URL]http://downloads.malwareremoval.com/hijackthis_sfx.exe[/URL] Save the setup file on your desktop. Then, DoubleClick on it and by default it should install to [B]C:\Program Files\HijackThis[/B] Continue through the setup and allow it to create a desktop icon for you. Follow all the … |
 | Hi jshtylr, Your HJT Log looks OK as far as malware is concerned. Just some minor issues we can clean up, if you so desire. First, do this: Please relocate HijackThis to a safer location. Most Forum volunteers expect to find it at [B]C:\Program Files\HijackThis[/B] or [B] C:\HijackThis. [COLOR=DarkRed] If … |
The End.