InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Please help! HijackThis log? |
|
Answer» attached File:: * Save this as CFScript on the desktop. * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang Next post please attach combofix.txt log New HijackThis logas requested [saving disk space - old attachment deleted by admin]Well combofix didn't delete all that I wanted it to. Enable Viewing Of Hidden System Files & Folders 1. Right Click Start. 2. Select Control Panel. 3. Select the Tools menu and click Folder Options. 4. Select the View Tab. 5. Under the Hidden files and folders HEADING select Show hidden files and folders. 6. Uncheck the Hide extensions for known file types option. 7. Uncheck the Hide protected operating system files (recommended) option. 8. Click Apply. 9. Click OK. === Open HijackThis and select "Do a system scan only" Place a check MARK next to: O4 - HKLM\..\Run: [b0b952d1] rundll32.exe "C:\WINDOWS\system32\losygkkw.dll",b O8 - Extra context menu item: &Search - ?p=ZUxdm082YYUS Next click "Fix CHECKED" On the desktop right click "My Computer" and "Open" Locate and delete the following file/folder (in bold): C:\WINDOWS\system32\losygkkw.dll (if there) I am going to look into the combofix entries and will post back when I know more. We are almost there. Also how is the computer now?My Computer seems fine. No more automatic resets to "accept all cookies", no more automatic redirects to an unknown webpage, no more annoying popups, and now I know why I kept getting the "error" at startup stating that the file C:\WINDOWS\system32\losygkkw.dll could not be found. It was deleted at some point as a virus file. You didn't ask for a logfile last post, so I will await your next for further instructions. Thanks for your continued assistance. I'm awaiting a second opinion on the combofix log. Probably won't until later but I will post back and let you know. Glad things are working better. OK we are rolling again. Delete these files/folders, as follows: * Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE): Quote File:: * Save this as CFScript on the desktop. * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang Next post please add: combofix log New HijackThis log as requested, please see the attached [saving disk space - old attachment deleted by admin] That did it. The logs look fine now. Delete Find AWF and all of its logs. Delete any vundo programs used. Go to Start > Run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and / Then hit Enter. This will uninstall Combofix, delete its related folders and files, reset your clock SETTINGS, hide file extensions, hide the system/hidden files and resets System Restore again To LEARN more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Are you having any problems now? If anything else comes back let us know. Great job! Thanks for all your help! If anything else comes up I know where to post.No problem. Safe surfing....... |
|