JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
OK, sorry for the delay in reply, I took a day off and then had work. Be sure you have enabled the view hidden files option.
Please set your system to show
all files; Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Now please find these files and Please upload the files to and post the results in your next reply. We will make sure it is malware this way.
C:\Documents and Settings\All Users\Application Data\onefopun\wtqzgfkh.exe <==== Any idea what this is? It gets 0 hits on Google, that is very rare.
C:\Program Files\yqwhhpc\uicomen.dll <========== And this.
C:\WINDOWS\system32\khynidaj.exe
C:\WINDOWS\system32\palorila.exe
C:\WINDOWS\system32\tkzcjoro.exe
C:\WINDOWS\system32\kfutsxgr.exe
C:\WINDOWS\system32\ididolar.exe
C:\WINDOWS\system32\formvspo.exe
C:\WINDOWS\system32\pazwzoxa.exe
C:\WINDOWS\system32\oluxkdcv.exe
C:\WINDOWS\system32\ihytgjqv.exe
C:\WINDOWS\system32\rabyxufs.exe
Please upload these files to here . This will ensure they get tested and if malware get added to the data base for future removals.
Uninstall the DAP download accelerator it's adware and there are others that are not.
Now run HJT again in scan only and put a check next to the following and then click fix.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm <======= You have two instances in your log mark both.
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Reboot
Update your Adobe reader it's a known unsafe version.
It's crucial you get those files listed scanned and uploaded to determine for sure they are malware. I'm fairly certain they are.
Update MBAM and run a quick scan. Post that log and a new HJT log.
-
Your logs look clean. How are you running?
-
Hello vmobley and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 .
-
Please post in English what is being said.
-
Avira and MBAM play well together. Can you give more details? Has malware been found? Are you on a site that MBAM might be blocking stuff when this happens?
-
Dump AOHell. Why pay for two ISP's? AOL is a monster at control of all users, you have a bunch of crap on your PC that they put there and I knew if I had you remove it they would put it back or not let you connect until it was put back.
-
If you stopped getting help at the other forum then why are you telling me they think some file I have yet to see is a rootkit? If you don't like what your hearing, then maybe you should just move on. Because I won't work on a machine that is getting help at another forum. Period end of story. You disagree with everything I have told you so far, so I doubt your going to find anything here to your satisfaction. AVG is a horrid program that nearly stops IE from functioning now. It made the boot up so slow on a machine I am very familiar with and once I removed it, we have no problems. You might want to take a read through this forum and see just how many people find my attitude has saved them. Your attitude is one of someone who feels they are owed something. Your not.
-
Glad we could help.
Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.
The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.
-
OK, but no one can help you unless you give some more details. I moved this to PC Help, since it's nothing to do with RR. When did the problem start specifically? What are the system specs? Have you got antivirus and malware protection? Have you used any antivirus or malware scanners? If so what were the results? Did you install new programs?
-
RR and MBAM are similar in the rogue apps removed, however MBAM has a much wider reaching database and will soon be something no one else has. RR doesn't address Vundo. MBAM does it's best to keep up with the ever evolving mutant strains of Vundo. No one product can keep you safe and no product will ever be fool proof. The best protection is a layered protection, and common sense. Below is the standard layers I use and recommend, all are free except the protection service in MBAM. WinPatrol does have a pro version that is well worth the one time price too. I do use the paid version of SiteHound also..but that is just because I do so much site investigation stuff, I want those tools.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Good malware/spy/adware scanners are MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP or Vista is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.
-
Is there some reason you think RogueRemover is at fault? Are you using Rogue Remover? More details please.
-
1. Yes there is something wrong with getting help on two forums. And I told you what that was. Good chance of system damage and the helper has no idea what is being done at the other forum. Also believe it or not, your not the only person around needing help. Your taking the time of at least 2 people.
2. I did not take a snooty attitude. I told you how it's gonna be make your choice.
-
What are you saying? That this site is bad and a rogue perhaps? If so it is not a false positive it is rogue.
-
Tea Timer in SBS&D must be shut off until we are done. That is clearly stated in the preHJT post instructions. Turn it off, update MBAM, run a quick scan, post that log and a new HJT log please.
-
Your not following instructions. Post logs in the reply, not as an attachment and I asked for a new HJT log after you did the removal.
-
Well you pick one forum and stick with it, because I am not going to spend time trying to help when I have no idea what is being done at another forum. Systems get ruined that way.
-
The child porn is gone too? And how did you clean it? Is your PC still infected? Because you didn't have that clean either.
-
Customer service is a high priority here if you should ever need it.
-
217.171.129.69 and 195.93.21.7 are the IP's for the two posts here.
-
You better have got me something really nice.
-
Yup I do not like you, not after the banana split.
-
I think I might hate you. LOL
-
Welcome Home!! No one has been killed yet.
-
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
Friends PC
in Resolved Malware Removal Logs
Posted
Please upload this file C:\Program Files\RcvSystem\httpdchk.dll to here . This will ensure it gets added to the data base for future removals.
Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">
SDFix.exe and save it to your desktop.
Double click SDFix.exe and choose Install to extract it to its
own folder on the Desktop. Please then reboot your computer in Safe
Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should
appear;
* Select the first option, to run Windows in Safe Mode, then press
Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to
start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services or Registry Entries found then prompt
you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal
process then display Finished, press any key to end the script and
load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and
also save into the SDFix folder as Report.txt.
* Finally copy and paste the contents of the results file
Report.txt with a new HijackThis log
Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.