|
| Search | Car Forums | Gallery | Articles | Helper | Air Dried Fresh Beef Dog Food | IgorSushko.com | Corporate |
|
|||||||
| COMPLETELY off-topic Talk about anything other than cars. But you can't be mad and angry in this forum! |
 |
 Show Printable Version | 
Subscribe to this Thread
|
|
|
Thread Tools |
|
#1
09-15-2005, 06:21 PM
|
||||
|
||||
|
need pop-up help!!!
Okay. Not so long ago, I reformatted our computers hard drive. Everything was fine, until my brother who moved out of the house started coming home every night to use our computer. I told him, "don't use IE, use firefox" so what does the retard do? Uses IE, and downloads a shitload of viruses to the computer.
Now I've got popups coming out the wazoo. I'm not even using IE, and they're poping up in IE windows when I'm using firefox. What can I do, short of short of beating the hell out of my brother to relieve this problem?
__________________
 Support America's dependence on foreign oil - drive an SUV! "At Ford, job number one is quality. Job number two is making your car explode." - Norm McDonald. If you find my signature offensive - feel free to get a sense of humor. 
|
|
#2
09-15-2005, 07:00 PM
|
||||
|
||||
|
Re: need pop-up help!!!
I'll take a look at it for you.
Download HijackThis http://www.merijn.org/files/hijackthis.zip Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored. Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs. Run HijackThis and save your log file. Click Save, copy and paste the results in your next post. Do not reboot until told to do so, because some infections change names when the system reboots.
|
|
#3
09-15-2005, 10:12 PM
|
||||
|
||||
|
on top of that get fom microsoft their free antipyware program right now its probably the best of the bunch. Also get and run adaware and spybot after you update their definition files.
and ofcourse make sure you have a solid ativir program. Mcafee is my personal pref but avg is also supposed to be good and its free. Also mcafee has a good free ativir-tool you might want to run called stinger.
__________________
 (\__/) (='.'=) This is Bunny. Copy and paste bunny into your (")_(") signature to help him gain world domination
|
|
#4
09-15-2005, 11:24 PM
|
||||
|
||||
|
Re: need pop-up help!!!
Run as many of those tools as possible in safe mode AFTER UPDATING THE DEFINITIONS TO CURRENT IN NORMAL MODE. This prevents whatever components are causing the problem from loading.
__________________
Quote:
|
|
#5
09-16-2005, 01:55 AM
|
||||
|
||||
|
oh and i forgot along wth all that security sofware i higly recomend this hardware based security module to keep other users from fu***up your pc:
__________________
(\__/) (='.'=) This is Bunny. Copy and paste bunny into your (")_(") signature to help him gain world domination
|
|
#7
09-16-2005, 12:27 PM
|
||||
|
||||
|
Re: need pop-up help!!!
... if you would rather just run a bunch of cleaners......
Print these instructions or save them to a notepad so that you will have them while off line: Download, Install and Run: CleanUp! ( this will clear all of your temp files and make the scans faster) - http://www.stevengould.org/downloads.../CleanUp40.exe Download, Install and Update: (but don't scan yet) AdAware SE - http://downloads.pcworld.com/pub/new...sepersonal.exe SpyBot S&D - http://files1.majorgeeks.com/files/e...spybotsd14.exe Microsoft AntiSpyware Beta - http://majorgeeks.com/downloadget446...855a1511e.html CWShredder - http://www.bleepingcomputer.com/file...cwshredder.zip X-Cleaner (you don't have to install or update this one, it comes ready to run, just make sure you remember where you downloaded it to)- http://www.xblock.com/download/xcleaner_free.exe If you don't have a firewall or an AntiVirus program you need to get one of each. Download, Install, and Update: I recommend the free version of ZoneAlarm over all other firewalls (free or paid, except ZoneAlarm Pro) You can get it here - http://download.zonelabs.com/bin/fre...60_667_000.exe As for AntiVirus, AVG has an great one that is free - http://free.grisoft.com/softw/70free...ee_344a618.exe NOW that you have all the programs, you can start cleaning: Physically disconnect from the internet. Restart your computer in safe mode. When the system is booting up, tap F8 a few times after BIOS loads but before you see the windows splash screen. A menu will appear, Choose boot in Safe Mode. Now you can run your scans: AdAware SE: Open AdAware, before scanning you will need to configure it properly for it to be most effective. First click on the Configuration button at the top of the window, it looks like a gear. You will now be presented with a new screen with various options to set. Click on the General button on the left hand side. Make sure the following items under the Safety category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Automatically save logfile Automatically quarantine objects prior to removal Safe Mode (always request confirmation) Next click on the Advanced button on the left hand side. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Include additional object information Include negligible objects information Include environment information Include Alternate data stream details in log file Next click on the Tweak button on the left hand side. Then click on the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Include basic Ad-Aware settings in logfile Include additional Ad-Aware settings in logfile Then click on the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Unload recognized processes & modules during scan Scan registry for all users instead of current user only Then click on the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Always try to unload modules before deletion During removal, unload Explorer and IE if necessary Let Windows remove files in use at next reboot Delete quarantined objects after restoring Once these settings have been completed, you should click on the Proceed button. This will bring you to the preparation screen. Make sure you change the scan mode, to Perform full system scan. Next scan your computer and fix anything that finds. AdAware is the only one that really needs special configuration. The rest are pretty straight forward. Just make sure that you always choose the complete scan options and don’t forget to use the Immunize feature of SpyBot S&D. Reboot and see how your computer is running. If the problems persist post a HiJackThis log and I will examine it. If the problems are gone, you need to minimize your risk of reinfection. 1 Kick your brother’s ass 2 Get all the updates from http://www.windowsupdate.com/ 3 Use SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html 4 Use SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html 5 Secure IE with IE-SPYAD – https://netfiles.uiuc.edu/ehowes/www...ce.htm#IESPYAD 6 Kick your brother’s ass regularly 7 Keep all your definitions up to date 8 Scan regularly 9 Use online virus scanners occasionally: http://housecall.antivirus.com/ http://www.pandasoftware.com/activescan/
|
|
#8
09-16-2005, 04:53 PM
|
||||
|
||||
|
winfixer, you will meet your doom!!!
i have winfixer crapping all over my computer here at work. so i downloaded hijackthis and here is my logfile. teach me your ways, blazee, jedi master of computer virus ass kicking!!!
please and thank you  Logfile of HijackThis v1.99.1 Scan saved at 12:49:08 PM, on 9/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Messenger\msmsgs.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...ww.yahoo.c</a> om/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco...ww.yahoo.c</a> om R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anchoragepress.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\Help\Tours\logmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegar...GameLoader.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: logmain - C:\WINDOWS\Help\Tours\logmain.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netnumberlpd - Unknown owner - C:\WINDOWS\system32\EXE2BIN.EXE
__________________
Est autem fides credere quod nondum vides; cuius fidei merces est videre quod credis. Faith is to believe what you do not see; the reward of this faith is to see what you believe.
|
|
#9
09-16-2005, 09:26 PM
|
||||
|
||||
|
Re: winfixer, you will meet your doom!!!
Quote:
STEP 1 - Download Process Explorer by Systernals and extract it to your desktop. Do not run this now as we will use it later. - Download KillBox and extract it to your desktop. Do not run this now as we will use it later. STEP 2 - Open notepad. (Start > All Programs > Accessories > Notepad - Copy and Paste the following listed in Bold to the notepad exactly as it is shown: REGEDIT4 [-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1] [-HKEY_CLASSES_ROOT\MSEvents.MSEvents] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEve nts.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}] [-HKEY_CLASSES_ROOT\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B5527 4-0F9A-41E5-9067-A3539BD9E860}] [-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{39D2FC9B-041C-470E-AE72-F8C001247626}] [-HKEY_CLASSES_ROOT\CLSID\{39D2FC9B-041C-470E-AE72-F8C001247626}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6}] [-HKEY_CLASSES_ROOT\CLSID\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B8B55274-0F9A-41E5-9067-A3539BD9E860}] [-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{CBE0D59D-F985-4AC6-8826-FEE957065D42}] [-HKEY_CLASSES_ROOT\CLSID\{CBE0D59D-F985-4AC6-8826-FEE957065D42}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6}] [-HKEY_CLASSES_ROOT\CLSID\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{827DC836-DD9F-4A68-A602-5812EB50A834}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827DC83 6-DD9F-4A68-A602-5812EB50A834}] [-HKEY_CLASSES_ROOT\CLSID\{827DC836-DD9F-4A68-A602-5812EB50A834}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39D2FC9B-041C-470E-AE72-F8C001247626}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7FCAFB-9FDB-4F5E-BAC6-68BDEE61D6C6}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B8B55274-0F9A-41E5-9067-A3539BD9E860}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBE0D59D-F985-4AC6-8826-FEE957065D42}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7BF451AC-2010-4804-B256-DB2F0A8D9EB6}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{827DC836-DD9F-4A68-A602-5812EB50A834}] "Compatibility Flags"=dword:00000400 - Save it to the desktop as vundofix.reg and in the save as type box choose all files. - Close NotePad STEP 3 Reboot your computer into Safe Mode STEP 4 - Double-click on “procexp.exe” which is the Process Explorer that we downloaded earlier. - In the top section of the Process Explorer screen double-click on winlogon.exe to bring up the winlogon.exe properties screen. - Click on the Threads tab at the top. - Once you see this screen click on the file listed in bold below and click on the kill button. If you see any files listed that are the same name but end with .bak or .ini or are the name in reverse, you can kill those as well. Write down any variants that you discover exactly as they appear for later. logmain.dll - After you have killed all of the instances of the DLL under winlogon click on the OK button. - Now in the top section of the Process Explorer screen double-click on explorer.exe, select the Threads tab, and again click once on each instance of the file above. Once they are highlighted click on the Kill button like you did before. If you have disabled the BHO (O2) in some manner, you will not find this dll listed in this step and can move on. - When this is done, click on the OK button again. STEP 5 - Now run HijackThis again, close all windows, and press the Scan button. - Place a check next to each of the following entries: O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} -C:\WINDOWS\Help\Tours\logmain.dll O20 - Winlogon Notify: logmain - C:\WINDOWS\Help\Tours\logmain.dll If you don’t recognize this entry, it should be checked as well: O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -http://www.miniclip.com/zenpuzzlega...pGameLoader.dll - Once all the entries are checked, press the Fix button and then exit HijackThis. STEP 6 - Now double-click on the vundofix.reg file that you created earlier and allow it to merge the information. STEP 7 - Now run killbox and enter the following Bold text in to the box, select delete on reboot then press the red X button, say yes to the prompt but no to reboot now C:\WINDOWS\Help\Tours\logmain.dll - Then repeat by typing in the full name of any of the reverse named .bak or .ini or other files that you discovered in step 4. - After you have input the last file name then reboot. STEP 8 - Download Lavasoft\'s Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well. - Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware. - Reboot your PC - Open AdAware - First click on the Configuration button at the top of the window, it looks like a gear. You will now be presented with a new screen with various options to set. - Click on the General button on the left hand side. - Make sure the following items under the Safety category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Automatically save logfile Automatically quarantine objects prior to removal Safe Mode (always request confirmation) - Next click on the Advanced button on the left hand side. - Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Include additional object information Include negligible objects information Include environment information Include Alternate data stream details in log file - Next click on the Tweak button on the left hand side. - Then click on the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Include basic Ad-Aware settings in logfile Include additional Ad-Aware settings in logfile - Then click on the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Unload recognized processes & modules during scan Scan registry for all users instead of current user only - Then click on the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it. Always try to unload modules before deletion During removal, unload Explorer and IE if necessary Let Windows remove files in use at next reboot Delete quarantined objects after restoring - Once these settings have been completed, you should click on the Proceed button. This will bring you to the preparation screen. Make sure you change the scan mode, to Perform full system scan. Next scan your computer and fix anything that finds. - You may be prompted to set Ad-Aware to run on reboot, If so, click "OK". Exit Ad-Aware and restart your PC once again. STEP 9 - Download ewido security suite. http://www.ewido.net/en/download/ - Install ewido security suite - When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". - Launch ewido, there should be an icon on your desktop double-click it. - The program will now go to the main screen You will need to update ewido to the latest definition files. - On the left hand side of the main screen click Update - Then click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. http://www.ewido.net/en/download/updates/ Once the updates are installed do the following: - Boot to safe mode and open Ewido. - Click on scanner - Click on Complete System Scan and the scan will begin. - While the scan is in progress you will be prompted to clean files, click OK - When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. - Once the scan has completed, there will be a button located on the bottom of the screen named Save report - Click Save report. - Save the report .txt file to your desktop. Now close ewido security suite. STEP 10 - Reboot, Scan with HiJackThis and post a new log. Tell me how your computer is running.
|
|
#10
09-17-2005, 12:14 AM
|
||||
|
||||
|
i am currently running ewido on my computer (right now i'm using the other computer in the back office) and its taken 22 minutes so far and it's only about 77% done!!!! ahhhhhh.... ive already collected 1 hr and 15 mins of overtime trying to cure this thing and at this rate i'll be here for another 30 mins. i cant say i wasnt forewarned, though. i guess i'm at least towards the end of the procedure you posted. will update with a hijackthis log whenever it decides to come back to life and finish scanning!
__________________
Est autem fides credere quod nondum vides; cuius fidei merces est videre quod credis. Faith is to believe what you do not see; the reward of this faith is to see what you believe.
|
|
#11
09-17-2005, 12:24 AM
|
||||
|
||||
|
Re: need pop-up help!!!
brilliant. it's done. check this out, blazee. and thank you sooooo much for your help! as of right now my computer is in fine condition. when i'm back here at work tomorrow i will make sure its status remains as such.
Logfile of HijackThis v1.99.1 Scan saved at 8:23:06 PM, on 9/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Citrix\GoToMyPC\g2svc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Citrix\GoToMyPC\g2comm.exe C:\Program Files\Citrix\GoToMyPC\g2pre.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Citrix\GoToMyPC\g2tray.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...ww.yahoo.c</a> om/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco...ww.yahoo.c</a> om R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.anchoragepress.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Netnumberlpd - Unknown owner - C:\WINDOWS\system32\EXE2BIN.EXE
__________________
Est autem fides credere quod nondum vides; cuius fidei merces est videre quod credis. Faith is to believe what you do not see; the reward of this faith is to see what you believe.
|
|
#12
09-17-2005, 05:38 AM
|
||||
|
||||
|
Re: need pop-up help!!!
im sorry, i just realized i totally jacked this thread!!!
__________________
Est autem fides credere quod nondum vides; cuius fidei merces est videre quod credis. Faith is to believe what you do not see; the reward of this faith is to see what you believe.
|
|
#13
09-17-2005, 09:16 AM
|
||||
|
||||
|
Re: need pop-up help!!!
Your log looks clean.
 Did AdAware and Ewido find anything? WinFixer is included in many 'free programs' or modified versions of free programs downloaded from untrusted sites or file sharing networks. There have been reports that some installations of Limewire and a modified but unauthorised release of Internet Explorer 7 Beta have had WinFixer inserted. As a general rule, during the installation of free software, take a moment or two to see if they mention other bundled programs. Most quality free programs do not have a budget to advertise, so beware of ads that offer something for free. Normally they include some kind of adware/spyware. Because it is often installed with other programs (some of which may appear to be legit, making it hard to identify the culprit) there is a chance that you may become infected again. If you have anymore problems, let me know To lower your risk for new infections, please refer to my other post about which cleaners to use and what prevention steps to take. After a day or two, if your system is good you will need to clear all the old "System Restore" points, because using one of the old restore points will also restore the infection. To clear your restore points: - Right click "MY Computer" - Select "Properties" - Click the "System Restore" tab - Check the "Turn off System Restore on all drives" box - Click apply - Uncheck the "Turn off System Restore on all drives" box - Click apply - Click OK
|
|
#14
09-17-2005, 05:48 PM
|
||||
|
||||
|
Re: need pop-up help!!!
ewido found about 200 bad files.
ad-aware found 866 but only removed about 493. i decided to stop using IE and start using firefox because ive heard so many good things about it and also because every time i tried to send an email with Hotmail i would get a message in the status bar saying "Error on page." im not the kind of person to download random programs, especially at work, so i dont think that whatever is/was wrong was part of a bundle. anyway, if i do download a program from the internet that is questionable in any way i make sure (to the best of my ability) that it does not come with any bundled adware or other stuff. firefox seems to be working just fine though. no popups, no winfixer!! if anything changes i will keep ya posted. thanks again 
__________________
Est autem fides credere quod nondum vides; cuius fidei merces est videre quod credis. Faith is to believe what you do not see; the reward of this faith is to see what you believe.
|
|
#15
09-17-2005, 08:06 PM
|
||||
|
||||
|
Re: need pop-up help!!!
You're welcome. You did a great job. You must be pretty knowledgeable with computers, it isn't very common for someone to get it right the first time.
With AdAware and Ewido finding that many things, it shows that you definitely need to step up your security a little. Firefox is a good choice. I use it myself. Make sure that you check out the available extensions for firefox. They've got some awesome ones. AdBlock is great, I surf AF with no ads, plus it's faster because you don't have to wait for the ads to load. I've also heard good things about Opera, but I haven't tried it yet. If you need anymore help, just let me know. And don't forget to clear your restore points.
|
|
|
POST REPLY TO THIS THREAD |
 |
|
|
