Solve : Help needed for security.hijack removal?

1.	Solve : Help needed for security.hijack removal?
Answer» I would say your computer is clean. If there are no other issues we can do some cleanup. To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the FIELD, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. ********************************************** To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. ****************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ********************************************* Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This MEANS that any malware on your computer is free to "PHONE home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ********************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! Ok, I have run the cleanup as per your last post and everything completed fine. My only problem is that SAS still continues to pick up the two registry exploits that were there when we started all of this. Is it a false positive? I have done my own parallel research and have found that ehshell.exe is CONNECTED to Windows Media Center and after examining the files both manually and with a "sfc /scannow" they seem fine. This has me so perplexed as to why SAS keeps reporting this as an exploit. Should I report a "false positive" to SAS? Not quite sure how I should proceed with this ongoing issue and any advice will be greatly appreciated. The computer is running fine but it was running fine when I began this process.Quote Should I report a "false positive" to SAS? Yes please. Here's what I found about that.Yep, I came across that article plus several others. Spent a while at Microsoft looking up the files themselves and came to the conclusion it has to be a false positive. I have submitted a report to SAS and according to them they have been researching this since March of this year. Anyway, thank you kindly for your time and keep up the good work!!You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

I would say your computer is clean. If there are no other issues we can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the FIELD, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
**********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This MEANS that any malware on your computer is free to "PHONE home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
************************************************
Go to Microsoft Windows Update and get all critical updates.
----------
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also STOP certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Ok, I have run the cleanup as per your last post and everything completed fine. My only problem is that SAS still continues to pick up the two registry exploits that were there when we started all of this. Is it a false positive? I have done my own parallel research and have found that ehshell.exe is CONNECTED to Windows Media Center and after examining the files both manually and with a "sfc /scannow" they seem fine. This has me so perplexed as to why SAS keeps reporting this as an exploit. Should I report a "false positive" to SAS? Not quite sure how I should proceed with this ongoing issue and any advice will be greatly appreciated. The computer is running fine but it was running fine when I began this process.Quote

Should I report a "false positive" to SAS?

Yes please. Here's what I found about that.Yep, I came across that article plus several others. Spent a while at Microsoft looking up the files themselves and came to the conclusion it has to be a false positive. I have submitted a report to SAS and according to them they have been researching this since March of this year. Anyway, thank you kindly for your time and keep up the good work!!You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Help needed for security.hijack removal?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment