Trogan

Volunteer Security Advisor
  • Content Count

    139
  • Joined

  • Last visited

Everything posted by Trogan

  1. Hi gheady, and welcome to the Lavasoft Support Forum! Please do the following... 1. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. IMPORTANT: Do NOT run any other options until you are asked to do so! 2. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 3. Please post the following... SmitfraudFix report Uninstall list
  2. Hi ScottO, Your computer is infected by a varian of the Sdbot Trojan. This can give intruders complete control of your computer, logging key strokes, stealing information, etc. You are strongly advised to do the following immediately!: Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. From a clean computer, change *all* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so. To help you make a more informed decision, please read the following articles: Danger: Remote Access Trojans. When should I re-format? How should I reinstall? How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud? Should you have any questions, please feel free to ask Please let me know your decision and we'll get started with clean up if that's what you choose.
  3. Hi BH McGee, I don't see your HijackThis log attached. If you could just post a new one in your next reply, that would be great.
  4. Hi Alayna! I'm sorry for not responding. For some reason, my emails were going into my junk mail. I hope I've sorted it, and thanks for bumping this thread and reminding me. Please do the following... 1. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. This program is for XP and Windows 2000 only! Double-click ATF Cleaner.exe to open it. Under Main select the following: Windows Temp Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. Exit on the Main menu to close the program. 2. Please download ComboFix to your Desktop. Double click on Combofix.exe & follow the prompts. When the scan has finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall 3. Please post the following... ComboFix log New HijackThis log
  5. Hi DJT, Please do the following... 1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following... J2SE Runtime Environment 5.0 [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version. 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O2 - BHO: (no name) - {337B0A61-2AF8-4727-812D-2DC0DF33ECFA} - C:\WINDOWS\system32\jkhfc.dll (file missing) O2 - BHO: (no name) - {730AF40C-D8CD-461E-BE3A-30B910EFAA3e} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ...(Unless you set these with a anti-spyware program like SpyBot's Immunize feature, or a System Administrator set them, have HiJackThis fix this.) O20 - Winlogon Notify: fccbcab - fccbcab.dll (file missing) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Please post a new HijackThis log, and let me know how the computer is.
  6. Hi DJT, Make sure Zone Alarm Anti-Virus is disabled. Only one Anti-Virus program should be running on any computer. Please do the following... 1. Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. 2. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 3. Please post the following... VundoFix log Uninstall list New HijackThis log
  7. Hi h4ndl3d! Sorry for the delay. Can you answer these questions please. 1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present: MediaGateway Need2Find Bar 2. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following... Javaâ„¢ SE Runtime Environment 6 Update 1 [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version. Post a new HijackThis log, and answer my original question.
  8. Hello! Yes, the log is clean. Do you have any other questions, or can we close this thread?
  9. Hi DJT, and welcome to Lavasoft Support Forum! :angry: You have ZoneAlarm Firewall, but no Anti-Virus program. Please download one from the list below - They are Free! AntiVir << I recommend this AVG Free Edition avast! 4 Home Edition Next, navigate to C:\Program Files\hijackthis Now, right-click HijackThis.exe (the dynamite icon) and select Rename. Give it a new name of Scanner.exe. Create a new log, and post it back here.
  10. Hi h4ndl3d, and welcome to Lavasoft Support Forum! :angry: That is certainly strange. Can you provide more details on what Norton detects? Name? File Location? I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post.
  11. Hey Alayna, Please do the following... 1. Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present: J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 2 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Please do an online scan with Panda ActiveScan - Once you are on the Panda site, click the Scan your PC button - A new window will open...click the Check Now button - Enter your Country - Enter your State/Province - Enter your e-mail address and click send - Select either Home User or Company - Click the big Scan Now button - If it wants to install an ActiveX component allow it - It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) - When download is complete, click on Local Disks to start the scan - When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the Panda scan report, along with a new HijackThis Log Also, does your Norton Anti-Virus still have a subscription?
  12. Yes, I know what you are talking about. Can you boot into Normal Mode now? If you can, run a scan there instead of Safe Mode.
  13. Good job! From now on, could you post all logs in your post rather than attaching them as it's easier for me to check them. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post.
  14. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode! Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. [*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. [*]Under How to scan? All checkboxes should be ticked. [*]Under Possibly unwanted software: All checkboxes should be ticked. [*]Under Reports: Select Do not automatically generate reports [*]Under What to scan? Select Scan every file. [*]Click on the Scan tab. [*]Click on Complete System Scan to start the scan process. [*]Let the program scan the machine. [*]When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) [*]When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log.
  15. Hi Alayna, welcome to Lavasoft Support Forum! Please do the following... You have HijackThis in the Temp folder, which is not a good place. Follow the instructions below: Click here to download HJTsetup.exe. Save it to your Desktop! Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. Copy and paste the log here DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. 2. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt in your next reply. 3. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. IMPORTANT: Do NOT run any other options until you are asked to do so! 4. Please post the following... SDFix report SmitfraudFix report New HijackThis log
  16. Hi Hazey, You have not reinstalled AVG Anti-Virus, like I said to do. It was in your first log, but you have removed it for one reason or another. Unless you reinstall AVG Anti-Virus, I will refuse to help you with your problems. Reinstall AVG Anti-Virus and post a new HijackThis log.
  17. Hi Daria, Please do the following... 1. Open Notepad and copy/paste the text in the Quote Box below into it: Save this as ComboFix-Do.txt to your Desktop Referring to the picture above, drag ComboFix-Do.txt into ComboFix.exe ComboFix will scan and produce a new log. Post that in your next reply. 2. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode! Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. [*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. [*]Under How to scan? All checkboxes should be ticked. [*]Under Possibly unwanted software: All checkboxes should be ticked. [*]Under Reports: Select Do not automatically generate reports [*]Under What to scan? Select Scan every file. [*]Click on the Scan tab. [*]Click on Complete System Scan to start the scan process. [*]Let the program scan the machine. [*]When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) [*]When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode and post a new HijackThis log, along with the AVG Anti-Spyware log and ComboFix log.
  18. Hi hazey, Why have you removed AVG Anti-Virus? Please reinstall it immediately as your system is unprotected. You haven't installed a Firewall, so I assume you are using Windiows Firewall. Please let me know. Please do the following... 1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version... Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications." Click the "Download" button to the right. Check the box that says: "Accept License Agreement." The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove the following... J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 9 [*]Reboot your computer once all Java components are removed. [*]Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version. 2. Open HijackThis - Click the Do a system scan only button - Check the following entries (below) O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [Xyviowy] "C:\Program Files\??sks\w?auboot.exe" - Close ALL open windows (especially Internet Explorer!) - Click Fix Checked Close HiajckThis 3. Download this file to your Desktop - combofix.exe Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall 4. Please post the following... Answer about Firewall ComboFix log New HijackThis
  19. Hi RU4reel, Keep AVG Anti-Spyware; it is an excellent program. The trial is for 30 days, after which the program is still functional and worthwhile. You will lose the Automatic updates and Resident shield, however you can manually update before running a scan. It is fine to keep both Ad-Aware and AVG Anti-Spyware. Yes, you can use HijackThis to remove unnecessary start-up programs as they can be started manually. And as mentioned, it will increase boot up time. You can safely remove the following... O4 - HKLM\..\Run: [CloneDVDElbyDelay] "E:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe Ant other questions? If not, can I archive this thread?
  20. Hi gort, and welcome to Lavasoft Support Forums! Please do the following... 1. I'd like two files scanned: Go to VirusTotal Copy and paste the following file path into the Search Box at the top of the page: C:\WINDOWS\system32\odbc.exe [*]Click on the Send button [*]Save a copy of the results and post them in your next reply. Do the same for the following... C:\WINDOWS\system32\dxwizard.exe 2. Next, uninstall your version of AVG Anti-Spyware fromm Add/Remove programs in Control Panel. We will redownload a new copy. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode! Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. [*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. [*]Under How to scan? All checkboxes should be ticked. [*]Under Possibly unwanted software: All checkboxes should be ticked. [*]Under Reports: Select Do not automatically generate reports [*]Under What to scan? Select Scan every file. [*]Click on the Scan tab. [*]Click on Complete System Scan to start the scan process. [*]Let the program scan the machine. [*]When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) [*]When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes . Reboot back into Normal Mode, and post a new HijackThis log, along with the AVG anti-spyware log and scan results.
  21. Hi hazey, and welcome to Lavasoft Support Forums! Please do the following... 1. I don't see any indication of a Firewall in your HijackThis log. This may be because: (1.) You are using Windows Firewall or a hardware Firewall. (2.) You are using a Firewall of an unknown vendor. (3.) You are using a Firewall, but it is disabled for unknown reasons (4.) You don't use any firewall at all. In the case you don't have a Firewall, please download one from the list below - They are Free! Comodo << I recommend this Zone Alarm Sunbelt Kerio PF Outpost Firewall 2. I need to see another log from HijackThis. Run Hijackthis. Click on Open the Misc Tools section. Next click on Open uninstall manager. Press the Save list button. Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 3. Please post the following... Uninstall list New HijackThis log
  22. We're almost done! Last set of instructions... Your Java is outdated. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Download the latest version of Java™ SE Runtime Environment 6u1. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version. Apart from that, the logs are clean. If there are no more problems, can we mark this resolved? Here are some tips for a clean and secure computer. For XP users. It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following: Click Start | Help and Support | Undo changes to your computer with System Restore. Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close. Close the Help and Support Center box. Click Start | Run and type Cleanmgr Select (C: ) then click OK. Click the More Options tab. Click Clean Up in the System Restore Section. This will remove all previous restore points except the newly created one. Make your Internet Explorer more secure From within Internet Explorer click on the Tools menu and then click on Options. Click on the Security tab Click the Internet icon so it becomes highlighted. Click on Default Level and click OK Click on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialise and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies. When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. [*]Next press the Apply button and then the OK to exit the Internet Properties page. Keep your Sun Java up to date The most current version of Sun Java is: Java Runtime Environment Version 6.0 http://java.sun.com/javase/downloads/index.jsp Scroll down to where it says "Java Runtime Environment (JRE) 6". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version. And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system. Free programs that may help you in keeping the PC clean SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download SpywareBlaster here A tutorial can be found here SpywareGuard It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection. You can download SpywareGuard here A tutorial can be found here IE-SPYAD IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites. You can download IE-SPYAD here A tutorial can be found here Hosts File A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. A tutorial can be found here MVPS Hosts File You can download the MVPS Hosts File here Furthermore the website contains useful tips and links to other resources and utilities. Bluetack's Hosts File and Hosts Manager Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc... Download Bluetack's Hosts file here Download Bluetack's HostsManager here Free Spyware Detection and Removal Programs Ad-Aware It scans for known spyware on your computer. These scans should be run at least once every two weeks. You can download Ad-Aware here A tutorial can be found here Spybot - Search & Destroy It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer. You can download Spybot - S&D here A tutorial can be found here Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here WinPatrol WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files. Detect & Neutralize Spyware. Detect & Neutralize ADware. Detect & Neutralize Viral infections. Detect & Neutralize Unwanted IE Add-Ons. Detect & Restore File Type Changes. Automatically Filter Unwanted Cookies. Avoid Start Page Hijacking. Detect changes to HOSTS & critical system files. Kill Multiple Tasks that replicate each other, in a single step! Stop programs that repeatedly add themselves to your Startup List! Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like. You can download WinPatrol here WinPatrol FAQ SiteHound by Firetrust Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus. SiteHound will alert you when you enter a site which is known to contain: Fraudulent claims or scams Offensive material Security vulnerabilities Spyware or Adware Spam related material or other content deemed to be unsafe Specifically, SiteHound blocks these categories: o Adult o Spyware o Spam Advertising o Phishing o Possible scam or fraud o Misleading or False Advertising o Pharming o Rogue or Suspect Product o Adware o Malware or Virus System Requirements: Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP Product Info & Download: SiteHound Toolbar Use an AntiVirus Software It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs. Computer Safety On line - Anti-Virus http://forum.malwareremoval.com/viewtopic.php?p=53#53 Update your Anti Virus Software It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Use a Firewall I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below. Computer Safety On line - Software Firewalls http://forum.malwareremoval.com/viewtopic.php?p=56#56 A tutorial on Understanding and Using Firewalls can be found here Happy Surfing!
  23. Hi RU4reel, Please do the following... 1. Open Notepad! Copy and paste everything from the Quote box below into Notepad Save this as ComboFix-Do.txt to your Desktop. Refering to the picture below, drag and drop ComboFix-Do.txt into ComboFix.exe. ComboFix will scan again and produce a new log. Post that in your next reply. 2. You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode! Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder. http://www.ewido.net/en/download/ Install AVG Anti-Spyware by double clicking the installer. Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked. On the main screen under Your Computer's security. Click on Change state next to Resident shield. It should now change to inactive. Click on Change state next to Automatic updates. It should now change to inactive. Next to Last Update, click on Update now. (You will need an active internet connection to perform this) Wait until you see the Update succesfull message. [*]Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. If you are having problems with the updater, you can use this link to manually update ewido. AVG Anti-Spyware manual updates. Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. Once in Safe Mode: Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan. Click on Scanner on the toolbar. Click on the Settings tab. Under How to act? Click on Recommended Action and choose Quarantine from the popup menu. [*]Under How to scan? All checkboxes should be ticked. [*]Under Possibly unwanted software: All checkboxes should be ticked. [*]Under Reports: Select Do not automatically generate reports [*]Under What to scan? Select Scan every file. [*]Click on the Scan tab. [*]Click on Complete System Scan to start the scan process. [*]Let the program scan the machine. [*]When the scan has finished, follow the instructions below. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) [*]When done, click the Save Scan Report button. (4) Click the Save Report as button. Save the report to your Desktop. [*]Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes . Reboot back into Normal Mode, and post a new HJT log, along with the AVG anti-spyware log and ComboFix log.