Jump to content

aliB

Honorary Members
  • Posts

    329
  • Joined

  • Last visited

Posts posted by aliB

  1. hi

    Congratulations your logs appear clean :thumbsup:

    Reset and Re-enable your System Restore

    The following will implement some cleanup procedures as well as reset System Restore points:

    • Click START then RUN
    • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Combofix_uninstall_image.jpg

    NEXT

    • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
    • Click on the CleanUp button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Recommendations

    See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

    • Keep Your windows up to date by regularly checking their website at:
      http://windowsupdate.microsoft.com/
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Click Here to learn how to keep a backup of your important files

      [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    Stay safe :wave:

  2. hi

    Step 1

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
      IE - HKU\S-1-5-21-3699800534-3267415249-1966578606-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
      O33 - MountPoints2\{a8f90f4e-ac67-11e1-9228-002185996bd1}\Shell - "" = AutoRun
      O33 - MountPoints2\{a8f90f4e-ac67-11e1-9228-002185996bd1}\Shell\AutoRun\command - "" = H:\setup.exe -a
      O33 - MountPoints2\{d6ae36f2-36eb-11e1-bd97-002185996bd1}\Shell - "" = AutoRun
      O33 - MountPoints2\{d6ae36f2-36eb-11e1-bd97-002185996bd1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
      [2012/02/16 15:52:50 | 000,002,048 | --S- | C] () -- C:\Users\John Beck\AppData\Local\444dfd5c\@

      :Files
      C:\Users\John Beck\AppData\Local\444dfd5c
      ipconfig /flushdns /c

      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    Step 2

    Download and Install Combofix

    Download ComboFix from one of the following locations:

    Link 1

    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.
    • Accept the disclaimer and allow to update if it asks
      NSIS_disclaimer_ENG.png
      NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

    Things I would like to see in your reply:

    • OTL log
    • Combofix.txt

  3. hi

    lets do some cleanup

    Reset and Re-enable your System Restore

    The following will implement some cleanup procedures as well as reset System Restore points:

    • Click START then RUN
    • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Combofix_uninstall_image.jpg

    NEXT

    • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
    • Click on the CleanUp button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Recommendations

    See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

    • Keep Your windows up to date by regularly checking their website at:
      http://windowsupdate.microsoft.com/
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Click Here to learn how to keep a backup of your important files

      [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    Stay safe :wave:

  4. hi :welcome:

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan

    RGKRScan.png

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.

    RGKRDelete.png

    • The report has been created on the desktop.

    • Next click on the ShortcutsFix
      RGKRShortcutsFix.png
    • The report has been created on the desktop.

    Please post: All RKreport.txt text files located on your desktop.

    THEN[/b[

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      OTL_Main_Tutorial.gif
    • Select All Users
    • Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      /md5stop
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
      CREATERESTOREPOINT
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Post both logs

  5. hi :welcome:

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan

    RGKRScan.png

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.

    RGKRDelete.png

    • The report has been created on the desktop.

    • Next click on the ShortcutsFix
      RGKRShortcutsFix.png
    • The report has been created on the desktop.

    Please post: All RKreport.txt text files located on your desktop.

    THEN[/b[

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      OTL_Main_Tutorial.gif
    • Select All Users
    • Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemdrive%\$Recycle.Bin|@;true;true;true
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      /md5stop
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
      CREATERESTOREPOINT
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Post both logs

  6. hi

    • Go to here
    • Click the download button under Kaspersky Security Scan
    • Download and run the file
    • It will start to download the Kaspersky Security Scan program data
    • Once downloaded the installer will begin
    • Click Next
    • Accept the License Agreement
    • Click Install
    • The program will now install
    • Click Finish
    • Kaspersky Security Scan will now start
      KSS.JPG
    • Click the Full Scan button
      KSS%20full%20scan.JPG
    • The scan will take about an hour or two depending on the amount of data on your hard drive
    • If the scan detects problems it will open a Problems found window
    • Click Details to generate a scan results report
      KSS%20infected.JPG
    • Once the scan is complete do the following:
      • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
        For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
      • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
      • Attach the HtmlReport zipped folder to your next post
        htmlreportzipxp.jpg
        htmlreportzip7.jpg
        htmlreportzipvista.jpg

      [*]You can now close Kaspersky Security Scan

  7. hi

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      [2011/11/30 09:15:52 | 000,069,120 | ---- | M] (SmartDraw.com) -- C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\sdcode.dll
      [6 C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\*.tmp files -> C:\Users\rmanickam.HERSEYMETERS\AppData\Local\Temp\*.tmp -> ]

      :Files
      ipconfig /flushdns /c

      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    NEXT

    Download AdwCleaner from here to your desktop

    Run AdwCleaner and select Delete

    AdwCleaner.GIF

    Once done it will ask to reboot, allow this

    On reboot a log will be produced please attach that

  8. hi

    Congratulations your logs appear clean :thumbsup:

    Reset and Re-enable your System Restore

    • Open OTL
    • Under the Custom Scans/Fixes box at the bottom, paste the following:
      :Commands
      [clearallrestorepoints]
      [createrestorepoint]


    • Click the Run Fix button at the top
    • It might ask you to reboot, if so click YES

    NEXT

    • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
    • Click on the CleanUp button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Recommendations

    See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

    • Keep Your windows up to date by regularly checking their website at:
      http://windowsupdate.microsoft.com/
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Click Here to learn how to keep a backup of your important files

      [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    Stay safe :wave:

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.