JeanInMontana
Honorary Members-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by JeanInMontana
-
You need to turn off the TeaTimer in SBS&D, it will prevent removal of some of the malware. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Now please scan a quick scan with MBAM again and post that log, and a new HJT log.
-
In addition to following the instructions here instructions here then post a log here . What email support were you trying to use?
-
Where did you download it from? We don't have nag screens and removal is free. Please post a log.
-
Virtumonde can't get rid of lisufotu.dll
JeanInMontana replied to Ooteschoogen's topic in Resolved Malware Removal Logs
Your running HJT from temp files. You must install it to C:\Program Files as you were initially instructed to do. Please do this, update MBAM run a quick scan, post that log and a new HJT log. -
OK, I might not get back to you until morning, I need to do other stuff.
-
Trying to Remove Trojans: Logs here
JeanInMontana replied to PeregrineKodiak's topic in Resolved Malware Removal Logs
It's so ironic a program supposed to remove and prevent malware is worse to remove than some malware. To remove the junk left by Symantec/Norton go here find the version you have installed and get the tool to remove. The Norton Removal Tool uninstalls all Norton 2009/2008/2007/2006/2005/2004/2003 products, Norton 360 and Norton SystemWorks 12.0 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed. -
Hi Josh and welcome to Malwarebytes. Please always run scans in normal boot unless asked to do otherwise. Update MBAM, run a quick scan post that log and a new HJT log.
-
OK, no you don't need two hosts files. Don't try to access sites SBS&D is blocking! I removed that link it's a malicious site and that's why it's immunizing you against it. What does immunization do as in your flu shot, your measles shot etc? It prevents. That's the same with these tools. Secondly, understand the hosts file. It is a site blocking tool, so is the immunize feature in SBS&D, so when anything asks to allow a change from SBS&D, allow. In OnlineArmor, green is not bad. LOL it is confusing, I had to open mine and test it. The green stuff is the hosts file, OA protects it from change and this is why it flagged SBS&D for you to allow or not allow. Does that make sense? It's not as hard as it might sound, you need to pay attention to what is asking to change the host, if it's a trusted program, allow it. Which is another feature of OA, the program guard, you can configure it to allow some programs to have more freedom than others. The OnlineArmor forums are great at customer service too, if you ever have specific issues. Have you ran an MBAM scan? Is it clean?
-
Hi there rsvette12, and welcome to Malwarebytes. Make sure your running as an administrator on the machine. Allow email from Malwarebytes.org and set your preferences in the User Control Panel to email notifications for replies to your topics. This ensures you make prompt replies back and we get you cleaned in the fastest way possible. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Open SB S&D Make sure you are in Advanced Mode. Click on the Mode link at the top of the program and then Advanced Mode. Click on the Tools section and then Resident. You will see two items. 1. Resident "SD helper" (Internet Explorer bad download blocker.) active 2. Resident "Tea Timer" (Protection of over-all system settings.) active. Uncheck number 2.. Leave number 1 checked always. You can enable Tea Timer again if you wish once all special fixes have been done. Please run a quick scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. Please run and post the scans in this order. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.
-
No one has got to the file yet, so I don't know if we should remove it. I put a bug in a researcher's ear and soon as I know something, I'll let you know.
-
Did you run HJT after MBAM? This is crucial and please always post both at once. Please update MBAM and run a quick scan, post that log and a new HJT log too.
-
MBAM updates sometimes 10 or more times a day. Please follow all instructions, I need the HJT log. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment
-
Virtumonde can't get rid of lisufotu.dll
JeanInMontana replied to Ooteschoogen's topic in Resolved Malware Removal Logs
Hi and welcome to Malwarebytes. Spybot Search & Destroy is not malware, is that what you mean by SBS&D? Update MBAM and run a quick scan again post that log and then, please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment -
Yeah, looks like we are getting there. Please find this file C:\WINDOWS\system32\userinit.exe,iyywfnl.exe, and attach it in a zipped folder here in a new topic you start, link back to your thread in the HJT forum please. I need that analyzed before we go on.
-
Trying to Remove Trojans: Logs here
JeanInMontana replied to PeregrineKodiak's topic in Resolved Malware Removal Logs
Looking pretty good. Please run HJT in scan only put a check next to the items below and click fix. O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O20 - AppInit_DLLs: karna.dat O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing) Reboot, update MBAM and run a quick scan. Post that log and a new HJT log please. -
If I was you I would tell your boyfriend to buy his own machine to infect. No C:\Documents and Settings\Person\Desktop\WebfettiSetup2.3.50.21.ZKfox000.exe ^ <=======delete that file No C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll ^ <======= I would get rid of that too. I don't understand why it's not showing in the HJT log. Update MBAM and scan again, post that log and a new HJT please.
-
You double posted and I suggest you post in the PC Help forum, as this is not an MBAM issue but someone might be able to help you there.
-
wireless internet connection failure due to firewall
JeanInMontana replied to elaine's topic in General Windows PC Help
Neither MBAM or SAS are firewalls. What is telling you it's a firewall issue? Allow the connection in AVG settings. -
OK, please run HJT in scan only and put a check next to the following, and click fix. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {04A8A82F-95A3-4E1E-9AA4-3319C24DF4E2} - C:\WINDOWS\system32\cbtwnjrc.dll (file missing) O2 - BHO: (no name) - {05E6F45E-0E39-4428-A643-AB44BCD4ABC8} - C:\WINDOWS\system32\khfdEVol.dll (file missing) O2 - BHO: (no name) - {501AE01B-E4D6-425C-8C90-B0C47BCC187D} - C:\WINDOWS\system32\adpti.dll (file missing) O2 - BHO: (no name) - {C3A93E06-442E-4667-A036-B561C1803BF4} - C:\WINDOWS\system32\nnnmlICS.dll (file missing) O20 - Winlogon Notify: jkkJabYr - jkkJabYr.dll (file missing) O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing) O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) Reboot to normal mode. Update MBAM, yes Update MBAM, really update MBAM run a quick scan, post that log and a new HJT please.
-
Hi hartless and welcome to Malwarebytes. Please update MBAM and run a quick scan, post that log and a log from this program. Please get HiJack This! install it to C:\Program Files Close all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attachment