2,959 Posted Topics
 | Please download the most current updates for ewido and Spy Sweeper and then reboot into Safe Mode and run scans with both programs. Have the programs fix all malicious items they find, reboot normally, and then post the logs that each program generated. Having those logs in addition to the …  |
| | [color=Blue][/color]The presence of the [b]C:\winstall.exe [/b]file in your HJT log likely indicates an infection by "Spy Sherrif", a member of the smitfraud family of parasites. Removing the smitfraud infections (spysheriff, spyaxe, spyware fighter, etc.) requires following a specific procedure, which is outlined [url="http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3"]here[/url]. Please follow the procedure [i]carefully and fully. … |
| | [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.[/color] 1. Download and install the following utilities: [u]CCleaner[/u] - [url="http://www.ccleaner.com/"]www.ccleaner.com[/url] [u]Webroot Spy Sweeper (14 day … |
| | Removing the smitfraud family of infections (spysheriff, spyaxe, spyware fighter, etc.) requires following a specific procedure, which is outlined [url="http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3"]here[/url]. Please follow the procedure [i]carefully and fully. [/i]When you have completed the procedure, please run HijackThis again and post the new log. Also post the contents of the ewido and … |
 | Re: hjt log You have a few separate, distinct infections; please follow the malware removal instructions below [i]carefully and fully[/i]: [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file … |
| | I see no signs of malicious infections or other problems in your HJT log. Can you please give us some details and background on the problem? |
| | 1. realsched.exe is a component of RealPlayer, and it definitely doesn't need to be running. 2. 68 processes is pretty extreme; if there are that many processes running just after starting Windows (that is, before opening up any programs), [i]I'd[/i] be suspicious. A "normal" XP system usually has around 40 … |
| | Hi cjfb_1, Sorry we didn't get to this sooner; we've been pretty busy and a bit shorthanded here lately. Your log is clean- there are no signs of infections or anything else amiss. If you can provide specific details of the DNS issues/errors, that would give us something to go … |
| | Hello ski38off, welcome to DaniWeb :) Thanks for starting your own thread; you were right in thinking that each person's "fix" is slightly different. In your particular case, you have more than just the hacktool.rootkit infection, so we'll have a bit more work to do. Before we start to remove … |
| | Is the computer a Dell? Dell has been shipping their systems with the MyWay Search crud for a while. We can remove it manually, but what [i]exectly[/i] happens when you try to uninstall it via the A/R programs control panel? By the way- your HijackThis log was [i]not[/i] included ;) … |
| | [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.[/color] 1. Download and install the following utilities: [u]CCleaner[/u] - [url="http://www.ccleaner.com/"]www.ccleaner.com[/url] [u]Webroot Spy Sweeper (14 day … |
| | Please don't "bump" your thread. For one thing, we actually try to work on threads from oldest to newest, so bumping actually puts you further down the list. Also, we're very short on troubleshooters right now, but pretty long on members who need help; so please try to bear with … |
 | Re: jake.scr As it stands now, your log is clean. However, items that have been disabled won't appear in the log, so please re-enable any startup items which were disabled in/with msconfig, run HijackThis again, and post a new log. |
| | Re: Obnoxious Pop-up dirky083, You are running a [i]very[/i] outdated version of HijackThis. Please download the [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]latest version[/url] (1.99.1), run a scan with it, and post the new log before you do [i]anything[/i] else!! You have [i]quite [/i]a few infections, and they should be dealt with carefully; please do not perform any cleaning … |
| | [QUOTE]the computer is obviously infected[/QUOTE]Not at all; the problem could be caused by a number of things. Did SpyBot, Ad Aware, etc. turn up anything that makes you suspect a malicious infection? Personally, I'd look for non-malicious causes first; it's been a loooong time since I've seen an "unwelcomed" program … |
| | [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.[/color] 1. What can you tell us about this program that shows up in your list … |
| | Your log is clean. Secure login problems aren't usually the result of malicious infections, but there are more than a couple of possible causes. Try this fix first: Register the following system files Click Start > Run Type “regsvr32 softpub.dll |
| | You have a variant of the Smitfraud/SpySheriff/AntiVirusGold/SpyAxe/etc. family of infections, which require a special proceedure to remove: [color=Blue] You will want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.[/color] Please … |
| | Re: firewall Kerio Personal Firewall is another possibility: [url]http://www.kerio.com/us/kpf_download.html[/url]  |
| | 1. Have HJT fix: [b] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE82.tmp (file missing) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - … |
| | Your log shows signs of a few different infections. Please do the following: [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.[/color] 1. Use … |
| | A) The "MessengerPlus! 3" has two installation options, one of which (the "sponsored" mode) will install adware/spyware. If you aren't sure whether or not you installed the program with the "sponsor" option, uninstall it. If you want to use the program, reinstall it after we clean your system, making sure … |
 | That's a clean log, T :) |
| | [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.[/color] 1. Download and install these utilities (but do not run scans with them yet): ewido … |
| | You've got quite a handful of "unwanted guests" there. :( Please follow these general disinfection procedures [i]carefully and fully[/i]: [color=Blue]You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a … |
| | Re: NEWbie [QUOTE=muktadir]:mrgreen:[/QUOTE][img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/GroupGrins.gif[/img] |
| | Hi Toad53, welcome to DaniWeb :) Spyaxe is one of those infections that demands special removal steps; Norton, SpyBot, etc. alone can't kill it. Let's start with the first step; please do the following: Download the (free) HijackThis utility: [url]http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe[/url] Once downloaded, follow these instructions to install and run the … |
| | [QUOTE=cscgal]A HijackThis log?[/QUOTE]No, but close- I was after a log generated by the "smitrem" utility, an infection-specific removal tool :)  |
| | A) Can you post the exact details that SpyBot gives you on those registry locations? B) Your HJT log does have a couple of "nasties" in it. Please do the following: 1. Download F-Secure's [url="http://www.f-secure.com/blacklight/try.shtml"]BlackLight[/url] into its own separate folder. Do not run the program yet. 2. Run HijackThis, put … |
| | [QUOTE=tgreer]If this is a large enough concern, contact law enforcement....[/QUOTE]Agreed. This is, if anything, a matter for the forum's owners and/or law enforcement officials to pursue. Given that, and the fact that the question itself is quite off-topic for this particular forum, this thread has been closed. |
| | Hi Jessica, welcome to DaniWeb :) You have more than a few separate infections, and at least one of them is going to need some special attention. Let's start with some general cleaning proceedures to get the "lesser evils" removed. Please do the following: [color=Blue]You will need to disconnect from … |
| | Hi dg rider, welcome to DaniWeb :) You are right; you still have evidence of "unwanted guests" in your HJT log. Let's start with the following: Download L2MFix from one of these two locations: [url="http://www.atribune.org/downloads/l2mfix.exe"]http://www.atribune.org/downloads/l2mfix.exe[/url] [url="http://www.downloads.subratam.org/l2mfix.exe"]http://www.downloads.subratam.org/l2mfix.exe[/url] Save the file to your desktop and double click l2mfix.exe. Click the Install button … |
| | Hi leventib, First of all- welcome to our site :) In terms of the HijackThis log you posted- it shows no signs of infection as far as I see; it's actually a very clean log. Given that, and the other problems you described, it sounds like the problems you're experiencing … |
| | Do you have the program "Spyware Doctor" installed, by chance? If so, uninstall it and see if the errors go away; the runtime error is a known issue with Spyware Dr. and Win 98/ME systems. |
| | Re: Hellpp me Please You did the right thing, we're just pretty short of helpers this week, and there are a [i]lot[/i] of people who need help. Please bear with us; I'll try to get to you soon. |
| | The errors you're experiencing could be due to a few different things, so it might take some work to pinpoint/fix the exact cause. Can you help us narrow down the possibilities, please? 1. Was the spyware/virus cleaning done after the problem appeared, or before? Can you tell us the names … |
| | Re: Need help Hi kwarthc, welcome to DaniWeb :) 1. You are using a very old version of HiajckThis; please download [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]the latest version[/url], run it, and post the new log. 2. Please give us more detail/background on your problem and what you've already tried in terms of fixes. |
| | Hi walton, A couple of things, before you resort to an entire system restore or reformat: 1. [QUOTE]This problem began after I blocked something that popped up on my Ad-Watch monitor[/QUOTE]Can you tell us [i]anything[/i] more specific about that? "Something that popped up" doesn't give us very much to go … |
| | Re: xp crashed This particular forum may not be the right place for your question, as you've mentioned nothing related to virus/spyware/etc. infections. Perflib files are generated by a number of programs/processes, and should be automatically deleted during a normal system shutdown. However, the files can become corrupt or orphaned by a system … |
| | Re: Am I done? Hi rclksr, Please paste your hijackthis log directly into your post instead of attaching it as a Word doc: Run HijackThis again. Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HijackThis; the saved … |
| | Your log definitely shows signs of at least two different infections, but if you're unable to run programs or access the Internet, it's going to be a little difficult to start the cleaning process. 1. You said you had no luck with Safe Mode, but what exactly does "no luck" … |
| | Re: Trojano 3233 Hi HadYourPhil, I've edited your above post to include the HijackThis log in the body of the post. In the future, please paste your logs directly into your posts as opposed to attaching them; it makes it easier to follow the troubleshoot that way. As for the infection, please do … |
| | Hi Darren1979, You have a variant of the Smitfraud/SpySheriff/AntiVirusGold/SpyAxe/etc. family of infections, which require a special proceedure to remove: You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix. … |
| | There's only one leftover that I see in your log; run HJT again and have it fix: [b]O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing) [/b]There are a few variants of the "hacktool.root" infection, and not all of them install components that are detected in a HJT scan. Given … |
| | Re: very slow pc Your log shows no signs of malicious infections, although it [i]does[/i] show that you have/had installed some useless "fluff" like the Butterfly Oasis screensaver and Big Fish Games. Many of those kinds of programs come bundled with adware (Butterfly deifinitely does), so they should be avoided. Can you give us … |
| | The shield, the bogus spyware warning, and the desktop hijack point to a variant of the smitfraud/spysheriff/spyaxe family of parasites. Here's the standard cleaning proceedure for those infections: You may want to print out or make a copy of these instructions before starting, because you will not be able to … |
| | I use, and would definitely recommend, AVG. I haven't used Avast! at all, but the people I know who do use it are quite happy with it. Being that both programs are free, why not test drive each one (not at the same time!) and see which you prefer. |
| | Hi titan5239, welcome to DaniWeb :) Unfortunately, everything has [i]not[/i] been cleaned, but before proceeding with the fixes, there is one thing you need to take care of first: [b] C:\DOCUME~1\Chris\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe [/b] The log entry above indicates that you are running HijackThis from within a Temp/Temporary … |
 | Good Find! :) Yes, many (especially older) cable/DSL modems are only 10Base-T (10Mbps) devices. |
| | 1. Open your Add/Remove Programs control panel and uninstall the MalwareWipe and SpyTrooper "utilities". Please see [url="http://www.spywarewarrior.com/rogue_anti-spyware.htm"]this page[/url] for more information on these and other bogus "anti-spyware utilities". 2. You are running an outdated verision of HijackThis; please download and run the [url="http://www.stevewolfonline.com/Downloads/DMR/Spyware%20Tools/HJT/HijackThis.exe"]current version[/url] (1.99.1) and post a new log … |
The End.