JeanInMontana

Well now they are making it sound like if you get a bit torrent client you can get the download.

How did they get the program?

Did you update Java after you posted the HJT log? Because what shows in the log is not the current version. You should not use tools like ComboFix without the supervision of someone that knows how to read the logs. The reason we use these tools is to show the malware that hides on the system. You may not have your system set to show hidden files and folders either. But it is common for malware to hide on the system. You were supposed to post the Panda log. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here . Since this issue appears to be resolved I will close this thread. Should you need further assistance please start a new topic. The instructions in this thread are specifically for this system. Applying them to your system can be utter ruination. Start your own topic and receive help specific to your system.

These guys are spamming Digg with a blog and tons of links on the blog going to RegCure and XSoftSpy. http://spywarecrash.blogspot.com/2007/08/h...r-computer.html

Review submitted http://www.softpedia.com/progViewOpinions/1-423,.html I would have named names behind the program but didn't want to do that without permission.

Way to "expose" this little secret Sho-Dan. Marcin why did we not get the memo?? I'm going to write a review.

MRU is Malware Removal University another site altogether. http://forum.malwareremoval.com/index.php

Hi there spiderpc, and welcome to Malwarebytes. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan There is a tutorial on how to run the scan and save a log at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

There is a Digg spammer posting links to an ErrorProtector blog with links to download it and the whole family of rogues. I have a Digg comment spammer thread at my site and we all post the profile link of the spammers so all their posts can be buried easily. Temerc took it one step further last night and reported the blog to Google. http://bloggerstatusforreal.blogspot.com/2...evil-blogs.html I reported it to SiteHound and it's been reported to SiteAdvisor too.

Hi Teddyboy, Go through the tutorial for running a Panda scan at the top of this forum. It sounds like your having a permission problem to me. I had the same thing happen when I did a scan for the tutorial. I had to readjust my settings in IE. You can run HJT again and put a check next to these items below. They aren't malware just clean up. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\docs\Wrapper.exe (file missing) I don't see anything in your log but that doesn't mean you don't have something not seen by HJT. Do you have any symptoms that indicate malware other than the rogue telling you? Popups, browser redirects, slow performance, unknown programs wanting to connect to the Net. Please get the HiJack This program I asked you to get. Read my initial instructions again, you are not following them. There is no point in scanning and not removing items found. Post a log from the correct HJT program after your Panda log please.

Welcome to Malwarebytes Fozzie!!

My work is done then.

http://xkcd.com/303/#

Due to lack of response this thread will be closed. If you decide to continue with your cleanup please start a new thread. The advice in this thread is specific to this machine. Using any instructions from here on your machine can cause complete ruination. Start your own thread and get help for your system.

Since this issue is resolved to the best of anyone's ability, I will close the thread. If you require further assistance please start a new topic. The advice in this thread is specific to this machine. Using any instructions from here on your machine can cause complete ruination. Start your own thread and get help for your system.

Since the issues in this topic appear to be resolved I will close the thread. If you need further assistance just PM me and I will re-open the thread. The advice in this thread is specific to this machine. Using any instructions from here on your machine can cause complete ruination. Start your own thread and get help for your system.

Since there has been no reply to this thread in 4 days I will close it. If you decide you want to continue with the fixes for your system, send me a PM and I will re-open the thread.

Because these issues are resolved the topic will be closed. The advice in this thread is specific to this machine. Using any instructions from here on your machine can cause complete ruination. Start your own thread and get help for your system.

Step 10 This is a log with only tracking cookies, no real virus or trojans. Click on the Edit menu and choose Select all. This will highlight the page. Right click on it with your mouse and choose copy. Now in your reply in your HiJack This thread right click and choose Paste and Submit. Voilla your Panda Active Scan log has been posted for analysis. This is the option you will see if you choose Disinfection Advice on the green button on the bottom of the windows. You are given the option to pay for everything to be removed. Panda will not remove tracking cookies, but it will remove virus and trojans. There is no need to pay to remove any of these, they can be removed with free programs. I just want you to see what happens if you click that button and to explain it in case there is any confusion about paying. You DO NOT need to pay. It is of course your choice. This tutorial is taken from MontanaMenagerie.org and can only be re-used with my permission.

You must have administrative rights on the PC to install the active x program, and use Internet Explorer to access the web site. http://www.pandasecurity.com/homeusers/solutions/activescan/ You may have to adjust security settings in IE, add the site to Trusted Sites, allow ActiveX downloads and installs. If you had to make adjustments to the browser settings, close the browser and reopen to ensure they take effect. Then navigate to the website again. You may need to turn off your AntiVirus program and firewall, also any active protection programs you may be running. Step 1 Click the blue button that says Scan Your PC Now. Step 2 Choose your Country, State or Province, Enter a valid email address. Choose Home user or Company. Click the green button that says Free Online Scan. Step 3 This is the beginning of the Active Scan and where you must allow the Active X install. This is also where you will have problems if you don't have Administrative Privalidges or the security settings set in IE to allow Active X installs and downloads. What I discovered was when I made any changes in IE I had to close and reopen the browser for them to take affect. I had one hell of a time getting past this point. Step 4 Here you must choose what to scan. It is always safe to choose My Computer. Do this. Step 5 Panda will update to the latest definitions. Step 6 Panda will begin to scan your PC for malware. Get a snack, continue to surf, what ever this can take a while. Just don't close the browser window! This is a shot of what it looks like when something is found, it's just for your information as to what you may see. Let the scan continue. This is a detection in one area only. Step 7 The scan is finished. Now this is where you choose See Report. The green button in the top right corner. Step 8 This shows the window after you have chosen See Report. You see the items that have been found in the box. Below the box are two green buttons Save the Report and Scan Again. Click on Save the Report. Step 9 The Windows Explorer box will pop up when you choose Save the Report, and you must choose where to save the report to. It will already be titled Active Scan, choose Desktop to save to. Step 10 continued in the next post. I hope it makes someone's day a bit easier. This is taken from MontanaMenagerie.org and may be re-used with my permission only.

http://www.adobe.com/products/acrobat/readstep2.html My original advice stands. The best professional advice I can give you is to reformat. I cannot guarantee you are free of the rootkit etc. I did all I could. You are eventually going to have something happen that requires a reformat. It's a given. You should backup your data now and reformat. I'm not good at doing backups either and have had to reformat several times for one reason or another and every time I lost stuff I really wanted to keep. I have a machine sitting right now that is most likely infected, I'm hoping MBAM gets to the point I can run it and clean the machine. Because I don't want to reformat!! I can't keep it booted long enough to backup anything. Don't make my mistake.

Your welcome. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here. Yesterday was Patch Tuesday for Microsoft, be sure to get the updates. There were several critical updates for security. Since this issue seems to be resolved, I will close this thread. Should you feel we need to reopen this just send me a PM. The advice in this thread is for this system only. Applying the fixes to another system regardless of how similar the symptoms are can result in ruination.

Hi there, R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 Is that a setting you created? If not remove it using HJT. Delete the following using HJT : R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) None of those are necessarily malware just clean up. The Panda scan shows something strange in email. Hacktool:Exploit/iFrame Not disinfected E:\temp\Moira's Email Backup\Mail\Inbox[~0005432.~] Hacktool:Exploit/iFrame Not disinfected E:\temp\Moira's Email Backup\Mail\Trash[~0000014.~] Hacktool:Exploit/iFrame Not disinfected E:\temp\Moira's My Documents Backup\email backup\Mail\Inbox[~0005432.~] Hacktool:Exploit/iFrame Not disinfected E:\temp\Moira's My Documents Backup\email backup\Mail\Trash[~0000014.~] The rest are from some of the tools we have used. You should delete those, Combo Fix, Vundo, etc. Have you run CCleaner yet? You still need to fix Adobe. Yesterday was Patch Tuesday from Microsoft and there were several critical security updates. Do your Windows Updates. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Hi, the key word here is seems you think your all OK but you haven't finished the process. I can only determine that by seeing the logs from the programs listed. W32/Hasnot-A is a worm and companion virus for the Windows platform. W32/Hasnot-A will hide files and folders, appending the original file or folder name to a copy of itself. Once installed W32/Hasnot-A spreads through network shares and removable storage devices, including USB keys. W32/Hasnot-A copies itself to the root folder of the drive as Skynet.exe and adds an autorun.inf file.That is the description of what you think you had. There is no way to know if you have eliminated it without doing other scans. As you see it hides itself. In fact there is no way to know if you actually ever had it. A rogue detected it yet couldn't seem to remove all of it. This is the ploy used by rogues to goad users to buy the programs. I hope you had RogueRemover scan for rogues as well as cookies. The problem with using rogue products is you never know if you actually had anything wrong or if real things you do have are removed. They simply don't work. The problems you can expect are being constantly infected with things that you don't know about. Rogues are often bundled with malware so they can appear to remove them. You really should finish the initial process and scans, post the logs and let me look at what they show. Be sure to remove any malware found and to update the programs. Panda will update itself. I just did a tutorial for the Panda scan here: http://montanamenagerie.org/forum/viewtopic.php?t=272 . To be clear, three logs should be posted AVG, Panda and a new HJT. You don't need to quote my posts you can just use the reply button.

Panda can't tell that the "good" things in CF are not from malware. Since the technology can be used either way, Panda is just doing it's job. You can delete the Combo Fix file, most programs are going to flag it as bad.