Jump to content

dan12

Members
  • Posts

    119
  • Joined

  • Last visited

Everything posted by dan12

  1. That's fine,your good to go... Well done and thanks for staying with it you did really well. Congratulations you are clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each. However you can have several Antimalware programs Create a new System Restore Point This is a good time to clear your existing system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Here are some free programs I recommend that could help you improve your computer's security. Spybot Search and Destroy 1.6.2 Download it from here. Just choose a mirror and off you go. Find here the tutorial on how to use Spybot properly here Find here changes from older version 1.4 here Install Spyware Guard Download it from here Find here the tutorial on how to use Spyware Guard here Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Install WinPatrol Download it from here Here you can find information about how WinPatrol works here Install FireTrust SiteHound You can find information and download it from here Install MVPS Hosts File from here The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com Please check out Tony Klein's article here Read some information here how to prevent Malware. Stand Up and Be Counted! Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions. >> Here << you can see how you can help us. Happy safe surfing! Dan
  2. The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Click Start >> Run and then copy/paste the following into the box and hit Enter: "%userprofile%\Desktop\GooredFix.exe" /uninstall If any of your security programs query a new Registry/AutoStart value being added please allow the changes. You can delete >> javara C:\Program Files\esetonlinescanner << also this folder let me know when carried out.
  3. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
  4. Almost there Yes, you can remove C:\Program Files\esetonlinescanner << This folder Can I just see a final HJT log please. dan
  5. Congratulations you are clean! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure: You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each. However you can have several Antimalware programs Create a new System Restore Point This is a good time to clear your existing system restore points and establish a new clean restore point: Go to Start > All Programs > Accessories > System Tools > System Restore Select Create a restore point, and Ok it. Next, go to Start > Run and type in cleanmgr Select the More options tab Choose the option to clean up system restore and OK it. This will remove all restore points except the new one you just created. Here are some free programs I recommend that could help you improve your computer's security. Spybot Search and Destroy 1.6.2 Download it from here. Just choose a mirror and off you go. Find here the tutorial on how to use Spybot properly here Find here changes from older version 1.4 here Install Spyware Guard Download it from here Find here the tutorial on how to use Spyware Guard here Install SpyWare Blaster Download it from here Find here the tutorial on how to use Spyware Blaster here Install WinPatrol Download it from here Here you can find information about how WinPatrol works here Install FireTrust SiteHound You can find information and download it from here Install MVPS Hosts File from here The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc. Secunia Software Inspector F-secure Health Check Visit Microsoft often to get the latest updates for your computer. http://www.update.microsoft.com Please check out Tony Klein's article here Read some information here how to prevent Malware. Stand Up and Be Counted! Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions. >> Here << you can see how you can help us. Happy safe surfing! Dan
  6. Clearing Java Cache There's some malware in your Java cache so lets clear it. Press StartGo to Control Panel Click Java Under Temporary Internet Files click Settings... Now click Delete files... Select both options and click OK The temporary files will now be deleted. When done click OK twice and close Control Panel CLEAN UP Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately. You can delete RootRepeal Can you uncheck BOOTLOG as I had you do earlier in msconfig and click ok The following will implement some cleanup procedures as well as reset System Restore points: Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /u Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it by yourself. let me know when done. dan
  7. Your only a youngster, grand kids will give you respect now You can delete the following... SystemLook RootRepeal Click Start >> Run and then copy/paste the following into the box and hit Enter: "%userprofile%\Desktop\GooredFix.exe" /uninstall If any of your security programs query a new Registry/AutoStart value being added please allow the changes. Please uncheck bootlog which I had you check earlier. I'd like to see an online scan.. Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu. Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX. Check (tick) this box: YES, I accept the Terms of Use. Click on the Start button next to it. When prompted to run ActiveX. click Yes. You will be asked to install an ActiveX. Click Install. Once installed, the scanner will be initialized. After the scanner is initialized, click Start. Uncheck (untick) Remove found threats box. Check (tick) Scan unwanted applications. Click on Scan. It will start scanning. Please be patient. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply. post the report dan
  8. Are things still ok with the pc before we clear up? Malwarebytes had dealt with the file but then it showed itself again. What was happening was it remained in memory, so I needed to get at it before windows loaded. Hope that helps a little.
  9. welcome to malwarebytes forum My name is Dan, and I will be helping you to remove any infection(s) that you may have. Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections. Please observe these rules while we work: Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE. If you can do these things, everything should go smoothly. Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given. Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed. It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Installed Programs Please could you give me a list of the programs that are installed. Start HijackThis Click on the Misc Tools button Click on the Open Uninstall Manager button. You will see a list with the programs installed in your computer. Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post. Your version of HJT is out dated did you get it from the link I provided? I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can. Thanks dan
  10. Download and Run HijackThis Download HJTInstall.exe to your Desktop. * Doubleclick HJTInstall.exe to install it. * By default it will install to C:\Program Files\Trend Micro\HijackThis . * Click on Install. * It will create a HijackThis icon on the desktop. * Once installed, it will launch Hijackthis. * Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. * Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. please post new HJT log
  11. Will await the malwarebytes report can you also do me an online scan.... Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Post malwarebytes report and kaspersky report. Thanks
  12. I'm pleased will catch you tomorrow as late here and need some sleep. I will explain tomorrow
  13. I then want you to update malwarebytes Malwarebytes Anti-Malware 1.34 Database version: 1749 << needs updating Todays definitions are 1898 Then run me a full scan this should take care of that file. post a report when done
  14. here is information on norton's file here can you try this at jotti's to see if it makes a difference.
  15. Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top. Choose 'delete a file on reboot' In the field, copy and paste next: Click open. Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok Your system should reboot now.
  16. Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Jotti Please visit Jotti Copy/paste the the following file path into the window C:\WINDOWS\system32\..\mjcgf.hmh Click Submit/Send File Please post back, to let me know the results. If Jotti is too busy please try Virustotal
  17. That's fine, at least we were after the same file Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as All Files and name it FixServices.bat. Please save it on your desktop. Double click FixServices.bat. A window will open and close. This is normal. Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present) O23 - Service: PJCAQYIGUL - Unknown owner - (file missing) C:\DOCUME~1\KIM\LOCALS~1\Temp\PJCAQYIGUL.exe WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit And just to make sure, as you have said it's been quarantined: Download and Run OTMoveIt3 Download OTMoveIt3 by Old Timer and save it to your Desktop. Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Copy the lines in the codebox below. :files C:\DOCUME~1\KIM\LOCALS~1\Temp\PJCAQYIGUL.exec:\windows\system32\..\abfsxvo.lna:reg[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"aux2"=- Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 Post otmoveit3 report and a fresh HJT log
  18. Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Jotti Please visit Jotti Copy/paste the the following file path into the window c:\windows\system32\..\abfsxvo.lna Click Submit/Send File Please post back, to let me know the results. If Jotti is too busy please try Virustotal post the results please.
  19. Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :regHKLM\software\microsoft\windows nt\currentversion\drivers32 key /s Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.