JeanInMontana
-
Posts
3,859 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JeanInMontana
-
-
Well I don't see anything bad.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
Those two should be cleaned up with HJT.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature
-
OK we are going to take a new approach. Please download GMER to your desktop and extract the contents. Double click the file to start the auto quick scan. When done on the right side of the scan, click copy and then paste the log here.
-
I appreciate the replies received from everyone - thank you.
However ............
I still do not understand how/why I am directed to http://downloadprograms.biz/?rid=544620 when I type aumha.com into my browser!
It just doesn't feel right.
Any other comments, guys? TIA
Dave
There is something wrong there. Possibly a hack in the Aumha site, or your infected.
-
Hi Wrath0 and welcome to Malwarebytes. Please follow the direction here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.
-
Kay everything I list is free. Also I wouldn't throw your old PC away. It's a horrid thing to dump on the environment and still has many uses. It's really simple to clean the fan and if that is all that's wrong, use the PC for a printer server, or to back up files to, donate it to a worthy cause, some poor family or a battered woman's shelter, Big Brothers or Sisters, it's got lots of uses left.
-
Are you using IE and logged in as an Administrator? There is a tutorial on how to run the scan at the top of this forum.
C:\HJT\Administrator.exe <=== don't rename the program. Or put it in with another program. HJT in a folder all it's own on C. I missed that before. Please make these corrections and after the Panda scan run HJT again and post the log. If you can't get Panda, then just post the HJT log from the correct location please.
-
Hi Kay, McAfee is a resource hog and SpySweeper has taken a rather dark path, from their once great program.
I use Avira free and it's just a great AnitVirus program. Low on resources and always on the cutting edge of definitions.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price
-
Yes update and scan with MBAM again, post that log and a new HJT please.
-
You should just reformat. You have been rooted, it's not going away and there is no guarantee it ever will. HJT doesn't change drive letters. If Raid wants to keep at it that's up to him, I'm done.
-
You didn't follow any of the instructions but to post a HJT log. We need some scans too, Panda and MBAM please.
You can run scan only in HJT and put a check next to the line below and then click fix.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
-
Are you rebooting as it says is needed to remove? Please read and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Start your own topic in that forum and someone will be happy to help you.
-
O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe <======= turn off Tea Timer
O23 - Service: Microsoft DDE+ server (423b2bdf) - Unknown owner - H:\WINDOWS\system32\.423b2bdf\423b2bdf.exe (file missing) <===== delete with HJT
Suddenly your drive letter is back to normal. I don't know what your doing but its not winning points. Your either doctoring the log or you have swapped machines. Either way its all gonna come to a screeching halt real soon.
-
Update MBAM current version is 1.22 run the quick scan with it and then with HJT please.
-
OK are you rebooting right after the MBAM scan? It's targeting the files we have been after and some new ones also.
-
LOL well I'm sorry if I sounded crabby. I see too many of these logs and people don't realize they will tell me exactly what is on the system. How many accounts are on the PC? I'm going to split this topic if there is more than just two. We will have to clean each one.
h:\program files\avira\antivir personaledition classic\avcenter.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Why are the drive letters different?
Run HJT again with all programs closed, put a check next to these items and click fix.
O23 - Service: Microsoft DDE+ server (423b2bdf) - Unknown owner - H:\WINDOWS\system32\.423b2bdf\423b2bdf.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - H:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
Close the program, reboot to normal, update MBAM scan a quick scan, post that log and a new HJT please.
-
Hi BakTrak and welcome to Malwarebytes!! Glad we could help you out MBAM rules. However, it is still a very good idea to have someone have a look further to be sure your totally free. http://www.malwarebytes.org/forums/index.php?showtopic=2936 <======= Follow those instructions and let one of the helpers have a look.
-
SBS&D targets other things than MBAM does. There is not one single program that will ever be enough. Please let someone look at your logs to be sure your free of malware.
-
Keep updating MBAM too and scanning with that. It has a new version and might do the trick.
-
Let's try this one http://www.majorgeeks.com/download4899.html and I think you should update MBAM and show me a quick scan with that please and a new HJT log.
-
Those are not infections either. They are quarantine, temp files and the System Restore. That log is dated 7/18 & 19 3 .
JASONDESKTOP <==That is not a malware location. So either its in the recycle ben or you have a folder of malware on your desktop. If nothing has been found since the 19, and then it wasn't malware I'm sure your clean.
Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.
Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.
Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.
A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.
Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.
Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.
SpywareBlaster from Javacool Software
The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free
Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature
-
Hi Dakeyras ......... thanks for your insight!
The AumHa forums are to be found here:- http://aumha.net/
So ..... that covers 'org' and 'net'. What I'm after discovering is why using 'com' whisks one off to a place with a completely different 'feel' to it.
Has anyone here spent any time at any of the AumHa sites? Encountered anything unusal?
Your comments welcomed. TIA
Dave
PS (via Edit) If I type http://www.malwarebytes.org into my browser, I'm taken to the 'expected' site, saying
Welcome to Malwarebytes
Malwarebytes is a site dedicated to fighting malware. Malwarebytes has developed a variety of tools that can identify and remove malicious software from your computer. When your computer becomes infected, Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.
If I type in http://www.malwarebytes.net or http://www.malwarebytes.com I'm taken to the same site as when using 'org'.
I cannot help wondering why this doesn't happen in the case of AumHa. I expect there is a simple explanation, but I find unexpected things interesting!
Perhaps someone here will know the answer!
Dave
Typing anything Malwarebytes brings you here because Marcin bought all domain extensions for that very reason. It keeps anyone from using the same well known name for malicious intent. I will see to it this site is added to SiteHound, and hpHosts.
-
Hi Ultimate Predator and welcome to Malwarebytes. What exactly did you have in mind? A simple statement of what you run and like? Many use their signature for that.
There is a thread for what browser you prefer. Some discussion on AVG's new version also. We don't have a specific software recommendation thread. If you want to tell everyone what your using I suggest General Chat or your signature.
-
Scan Complete: Threats: 0
Those are not virus or malware. Two are saying there were no new virus definitions I don't know what the other is for sure, but it's not malware. Plus it shows 0 threats. I don't see anything to indicate infection. Do you have any symptoms?
-
Hi figeroaspanky and welcome to Malwarebytes. I suggest you have someone look at more logs to be sure your clean of the trojan. Following the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start your own topic in that forum.
antivirus 2009 . History!!!
in Malwarebytes for Windows
Posted
Hi skorpyo69 and welcome to Malwarebytes. Glad we were of assistance.