JeanInMontana

Me too. Only my file name was what I had named the file.

I'm sure it will have to come out in a new version. Marcin and I just worked it out via Window Live Messenger, and he fixed my faulty version. So now he can do a new version with it fixed.

Updated to DB 125 6466 finger prints, scanned 13328 objects in 3:15. The 730/ignore list error is fixed. Context menu choice works great, gather info works, file assassin works. I can't find a flaw. Good job!!

Yes I agree about F/P. Removing them can cause problems.

It was requested, if I remember right and a common feature for many AV/Anitmalware programs.

Hi there, and welcome to Malwarebtes. I'm curious as to why you think you have a virus, what confirmed it etc? Also are you running an anti virus program? If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. [*]You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder C:\ HJT . [*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Click on Fix Checked when finished and exit HijackThis. Post back a fresh HijackThis log and we will take another look. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

The only installers I have are from the 4th and 6th. Will it work to just update from them?

Well, VT shows nothing for that file. You did not remove the old Java. Go to Add/Remove programs and uninstall it, then go to C:/program files and delete the folder. Run HJT again and put a check next to these: O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe O4 - HKLM\..\Run: [{96-69-93-35-ZN}] C:\Documents and Settings\Administrator\Local Settings\Temp\thinksnet.exe CHD003 Get this program and run it http://www.ccleaner.com. Also update and see if you can get a scan now with the other programs, Kaspersky, AVG etc. We might have gotten rid of what was stopping them.

Just ran the quick scan and the usual Antivir updates were found. There were four, I tried to add to the ignore list and got error everytime, I had to click "OK" twice to close the box, and nothing went to the ignore list. Screen shot attached.

My firewall does the same thing with any program there is a version change. It's supposed to, because it has a program monitor function when a program changes versions even allowed programs are seen as new. It can be annoying but at the same time I know it's working. I'd rather know it is going to stop anything trying to change my AV or any program than let it be overtaken by malware.

It probably took out the culprit. If you feel your infection free we can call this a victory for Dave! If not, I need to see that CF log and a new HJT log. Only you know how your PC runs. Although after removing these infections you probably need to do some basic maintenance, disk error check and defrag in that order. You are also running a version of the Adobe Reader that is outdated and a security risk. You should update to version 8. We also need to clear all System Restore points, as they will also be infected and if you need one you will reinfect your self. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All reccommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

I think that site is safe, but your running an exploitable version of Java and that is probably where you were hacked and it's very likely nothing showed up for a long time. You need to fix that Java. Also what sort of firewall are you using? You need to get something on those laptops, too and make sure the Java is up to date and all Windows updates. I don't mean to sound harpy, but it is an ugly world in cyberspace and you have to be on the offensive, once your in defense your in trouble. Someone has your number too, so you need to be extra diligent. Post that log when you get home and we will see if there are any signs.

You should get this machine offline and disconnect from your network. You can use one of the laptops to communicate etc. If it's offline it can't call "home".

Post a new HJT log. It may show again after all the scans, look for the process cmd.32 in task manager and kill it. Look for that file in C:\windows\system32. But be sure it is a bad file your deleting. You can scan all suspect files here http://www.virustotal.com/ I'm curious as to why you know the date you got it? This might help track it down also. Your IP address is blacklisted in several places, which could partly be due to Comcast being on many blacklists or because your machine is being used for spam and other illegal activities. Let's look at a new HJT log.

I have consulted with a MS MVP and I agree with his advice that in your case it may be best that you reformat. Whatever has got you is just not going away with conventional methods and there is no guarantee we can find it and totally rid you of it. The nature of this infection is not to be taken lightly. I have never had to give up in over three years of helping people get clean, but it is more responsible to do a reformat than risk a hacker has control of your machine and in your case, a home network. Let me know what you want to do. Also keep in mind the laptops, do not connect with them and this machine. It might be too late...we would have to look at each one to make a call on that.

Good morning. That may be the best bad news we could get. From all research I have done that is evidence of a backdoor IRC bot. We need to kill the process and delete the associated files. I need to see a new HJT log please. You should be aware this has given a hacker access to your PC and perhaps your network, also access to sensitive data, passwords, banking information etc. Contact any institutions of that nature immediately and inform them. Get that Java updated ASAP. What is the firewall your using? If it is the one with SP2 that is not sufficient, you need to get something that you can monitor and stop outbound traffic. Zone Alarm, and several others are free.

Good morning Dave. The combo fix log should be on C:\ anything FunWeb is bad, get rid of it. Someone, Zoe in this case, must have installed a game or screensaver from them?? That is most likely the source of your trouble. Let me know if you can't find the log and what symptoms you still have.

Hi Alycie and welcome to Malwarebytes. I know how angry these things can make a person. But please don't post into HiJack This log threads. I doubt you got rid of your problem reinstalling Firefox either. If you would like assistance please follow these instructions and post in the HiJack This forum. Start your own topic. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to immunize with this one also. AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

I'm consulting someone with more knowledge.

Holy cow! I think you must have checked the show all option in Gmer. So what is going on now? Still getting popups? Talk to me.

Holy cow! I think you must have checked the show all option in Gmer. So what is going on now? Still getting popups?

So your still getting the popup? Let's run this http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox.

Hi there, please get these programs, update and run a complete scan removing all items found. You already have AVG but I would like to see the log please. Spybot Search & Destroy AVG AntiSpyware Then go here and run a scan PandaActive Scan Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! I will analyze the logs and give you further instructions. Please do not take action other than instructed. You must update the Java and Adobe, these are major security risks right now and you can be reinfected at anytime because of them. Did you choose this homepage? R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/ it gets mixed reviews remove with HJT if you didn't choose it and choose a new homepage.

Yes the other machines could very well be infected also, and you did the right thing to keep them shut down for now. We can clean them offline once you get this one clean. So we need to find why your still getting popups. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 Do you know what that is or is it something you set? O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)<==== Remove that with HJT and find the program associated and uninstall it, delete all program files. Please download this: http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall ComboFix will create a folder called QooBox in C: (C:\QooBox). It will contain any folders that were quarantined. When you are done you can delete this folder - QooBox. Let's also check for root kits. Pray there are none. http://www.gmer.net/gmer.zip You can scan the system for rootkits using GMER. Run gmer.exe, select Rootkit tab and click the "Scan" button. Warning ! Please, do not select the "Show all" checkbox during the scan. All information about running process will be save to the log file (e.g. C:\WINDOWS\gmer.log ). Please post that log.

I don't know where you uploaded the file to, if it is the malware submission on this site that's fine, but I don't have access. The way this whole process works is you follow instructions as they are given. Taking action on your own can be disaster if you don't know what your doing and it makes it impossible for me to keep track of what has been done. Snips of logs is not sufficient to make any decisions on the next step to take. Actually this is my finale advice due to what has happened here, I won't be giving anymore advice. If you had a root kit, you may still have one and you need to change all passwords, and contact any institutions that you have exchanged sensitive data with. The only sure way to know your free of a root kit is to wipe the drive, and especially in this case sense only you know what has been done and you aren't sure of that. If you think your infection free and your not going to reformat you must reset System Restore and create a clean restore point. My advise would be a reformat at this point. To set a new restore point, go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here Should you wish to receive more assistance please start a new topic and someone else can assist you.