|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
please help get rid of trojan virus. hijack this inside
Logfile of HijackThis v1.99.1
Scan saved at 1:46:53 PM, on 5/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ptkwi.exe C:\WINDOWS\system32\ptkwi.exe C:\WINDOWS\system32\ykssju.exe C:\WINDOWS\system32\ptkwi.exe C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\defender21.exe C:\WINDOWS\SYSC00.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Admin\Desktop\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ptkwi.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,apqbtbl. exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [defender] C:\\defender21.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard21.exe O4 - HKLM\..\Run: [newname] C:\\newname21.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [w4c09dcb.dll] RUNDLL32.EXE w4c09dcb.dll,I2 000e910f04c09dcb O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [xcwkit] C:\WINDOWS\system32\ykssju.exe reg_run O4 - HKCU\..\Run: [uyelk] C:\WINDOWS\system32\ykssju.exe reg_run O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: qrftp.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: http://www.lyricshosting.com O15 - Trusted Zone: http://cache.ysbweb.com O15 - Trusted Zone: http://www.ysbweb.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...30302D2D2D.exe O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\dslayx.dll (file missing) O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\meobjs.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50aG9ueSBOZ3V5ZW4\command.exe (file missing) |
#2
|
|||
|
|||
Hi
You have a few problems that need to be addressed.Lets fix these two first. Please download Look2Me-Destroyer.exe to your desktop and close all windows before continuing. Doubleclick Look2Me-Destroyer.exe to run it and put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK. When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Restart your computer and please post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/new...b/MSWINSCK.OCX ============================== You will need to remove NEW.NET.This is best done via Add/Remove.In some cases removing it can cause problems connecting to the net, so download WinsockFix now and keep it handy. If there is no entry, download and run the New.net uninstaller from here http://www.newdotnet.com/removal.html. Reboot afterwards. Download WinsockFix and unzip it. Then double-click on it to run it should you have problems. |
#3
|
|||
|
|||
heres the Look2Me txt
Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 5/19/2006 8:52:41 PM Infected! C:\WINDOWS\system32\dslayx.dll Infected! C:\WINDOWS\system32\meobjs.dll Infected! C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003818.dll Infected! C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003819.dll Attempting to delete infected files... Attempting to delete: C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003818.dll C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003818.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003819.dll C:\System Volume Information\_restore{62042D0D-10B6-4AF9-99A5-B9A57D020A24}\RP7\A0003819.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{E459C8BA-7D5C-43D6-A9E7-CDFC9C8F721C}" HKCR\Clsid\{E459C8BA-7D5C-43D6-A9E7-CDFC9C8F721C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{D15AB9A5-4F3C-4582-AFD9-9318320C5D57}" HKCR\Clsid\{D15AB9A5-4F3C-4582-AFD9-9318320C5D57} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded and heres the new HiJack Logfile of HijackThis v1.99.1 Scan saved at 9:36:44 PM, on 5/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\defender21.exe C:\WINDOWS\SYSC00.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Admin\Desktop\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [defender] C:\\defender21.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard21.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [w4c09dcb.dll] RUNDLL32.EXE w4c09dcb.dll,I2 000e910f04c09dcb O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [xcwkit] C:\WINDOWS\system32\ykssju.exe reg_run O4 - HKCU\..\Run: [uyelk] C:\WINDOWS\system32\ykssju.exe reg_run O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.lyricshosting.com O15 - Trusted Zone: http://cache.ysbweb.com O15 - Trusted Zone: http://www.ysbweb.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...30302D2D2D.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50aG9ueSBOZ3V5ZW4\command.exe (file missing) |
#4
|
|||
|
|||
Go to Start > Run and type
cmd and OK. Type the below commands and hit "Enter" after each line sc stop cmdService sc delete cmdService Type Exit to close. ================================ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com O4 - HKLM\..\Run: [defender] C:\\defender21.exe O4 - HKLM\..\Run: [keyboard] C:\\keyboard21.exe O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe O4 - HKLM\..\Run: [w4c09dcb.dll] RUNDLL32.EXE w4c09dcb.dll,I2 000e910f04c09dcb O4 - HKLM\..\Run: [xcwkit] C:\WINDOWS\system32\ykssju.exe reg_run O4 - HKCU\..\Run: [uyelk] C:\WINDOWS\system32\ykssju.exe reg_run O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing) O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50aG9ueSBOZ3V5ZW4\command.exe (file missing) Open Windows Explorer and delete the following highlighted file/s C:\WINDOWS\system32\ykssju.exe C:\WINDOWS\SYSC00.exe C:\keyboard21.exe C:\defender21.exe C:\WINDOWS\system32\w4c09dcb.dll Post a new HJT log when done. |
#5
|
|||
|
|||
when i did the hijack this to fix everything i couldnt find
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW50aG9ueSBOZ3V5ZW4\command.exe (file missing) so i did it without it checking it and when i went to windows explorere to delete everything. its said that C:\defender21.exe C:\WINDOWS\system32\w4c09dcb.dll was not deleteable and access denied. and C:\WINDOWS\system32\ykssju.exe wasnt there to delete. but heres my new hjt log after i could do everything i could Logfile of HijackThis v1.99.1 Scan saved at 2:28:03 AM, on 5/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\defender21.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Admin\Desktop\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.lyricshosting.com O15 - Trusted Zone: http://cache.ysbweb.com O15 - Trusted Zone: http://www.ysbweb.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...30302D2D2D.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) |
#6
|
|||
|
|||
Just this last one to do.....
Download the trial version of Ewido Security Suite When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu". Launch Ewido Security Suite (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido. http://www.ewido.net/en/download/updates/. Do not run a scan yet. When you have done this, boot into Safe Mode (restart your PC and keep tapping F8 while it restarts). Run Ewido Security Suite now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido Security Suite.Please post its log here. |
#7
|
|||
|
|||
---------------------------------------------------------
ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:47:11 AM, 5/20/2006 + Report-Checksum: 7202CC13 + Scan result: HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup HKU\S-1-5-21-1123561945-706699826-725345543-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1123561945-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Pol icies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1123561945-706699826-725345543-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-1123561945-706699826-725345543-1003\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup HKU\S-1-5-21-1123561945-706699826-725345543-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup C:\defender21.exe -> Hijacker.VB.ly : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@e-2dj6wfmiqmajwdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ehg-foxmovies.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ehg-vmixmediainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@web2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup C:\Documents and Settings\Admin\Local Settings\Temp\da93.tmp -> Adware.SurfSide : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\webHancer\whAgent_update.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\RECYCLER\S-1-5-21-1123561945-706699826-725345543-1003\Dc114.zip/crack.exe -> Trojan.LowZones.cw : Cleaned with backup C:\RECYCLER\S-1-5-21-1123561945-706699826-725345543-1003\Dc116.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\RECYCLER\S-1-5-21-1123561945-706699826-725345543-1003\Dc117.EXE -> Adware.NewDotNet : Cleaned with backup C:\RECYCLER\S-1-5-21-1123561945-706699826-725345543-1003\Dc123.exe -> Trojan.VB.tg : Cleaned with backup C:\RECYCLER\S-1-5-21-1123561945-706699826-725345543-1003\Dc124.exe -> Downloader.VB.ada : Cleaned with backup C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\w4c09dcb.dll -> Downloader.Agent.ahv : Cleaned with backup ::Report End |
#8
|
|||
|
|||
I need a new HJT log...
|
#9
|
|||
|
|||
Logfile of HijackThis v1.99.1
Scan saved at 5:53:44 PM, on 5/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Mixer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Admin\Desktop\New Folder\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit .exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.lyricshosting.com O15 - Trusted Zone: http://cache.ysbweb.com O15 - Trusted Zone: http://www.ysbweb.com O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...30302D2D2D.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe |
#10
|
|||
|
|||
Yep thats fine.....just remove this last one and your good to go.
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure.. If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile: Run Disk Cleanup Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure the following are checked: -- Downloaded Program Files -- Temporary Internet Files -- Recycle Bin -- Temporary Files Click "OK" and Disk Cleanup will delete those files for you. Now that you are clean its now is a good time to flush out your restored files. To flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.) Go to Start>Run and type msconfig Press enter. When msconfig opens, click the Launch System Restore Button. On the next page, click the System Restore Settings Link on the left. Check the box labeled Turn Off System Restore. Reboot. Go back in and turn System Restore ON. A new Restore Point will be created. How Do I Protect My Computer Against Future Malware Now I'm Clean. NOTE:You may have already taken some of these steps. Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system Know What You're Installing Check the source. To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection. Use Custom Install. If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware). Modify Security Settings (Internet Explorer 6) To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so: Open Internet Explorer. Go to Tools > Internet Options…. On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected). Under Security level for this zone, click Default Level. Set the slider to High. Note: You may have to lower the security level to view certain Web sites. Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium. Click Apply, then OK to save the changes. Some Recommended Protection Programs Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan! Some available programs are: Ad-Aware SpyBot Search & Destroy Now that you are clean, to help protect your system I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing. SpywareGuard to catch and block spyware . IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. WinPatrol to monitor any changes that programs make to the registry. If you do not have a firewall, here is a free one for personal use: ZoneAlarm http://www.zonelabs.com/store/conten..._freedownloads http://www.zonelabs.com/store/conten...g=en&lid=ho_za Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm Here is a helpful article: "So how did I get infected in the first place?" http://computercops.biz/postlite7736-.html Let us know if we have not resolved your problem. Otherwise, you are good to go. |
#11
|
|||
|
|||
thanks a lot. you have been a real big help. and everything seems fine now
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Trojan Virus....Hijack This Log... | Kislanya | Malware Removal | 13 | March 30th, 2007 08:46 PM |
Malware? Virus? Trojan? (HJT, ewido logs inside) | AlphaShadow | Malware Removal | 4 | June 8th, 2006 02:59 AM |
Need help with virus, hijack inside | kakakakey | Malware Removal | 1 | May 12th, 2006 10:53 PM |
Hijack This Log- Virus/Trojan? | badatcomputers | Malware Removal | 5 | April 9th, 2006 01:15 AM |
PLEASE HELP. mllmj.dll has trojan virus (Hijack This log inside) | mel1978 | Malware Removal | 31 | September 25th, 2005 01:47 PM |
All times are GMT +1. The time now is 11:45 PM.