|
Answer» ok i have windows xp sp2 and i followed all the steps and i've attached my logs...all the popups have finally stopped.
if someone could help me and make sure everything that needed to removed was, i'd appreciate it. Thanks.
[recovering space - attachment deleted by admin]Good job so far, but there is still some work to do.
Open Hijackthis and SELECT Do a system scan only.
Place a check mark next to the following entries: (if there)
- O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
- O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
- O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
- O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
- O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
- O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
- O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
- O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
- O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
- O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
- O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
- O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
- O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
Download Combofix by sUBs from one of the below links.
(Try all three if necessary) Important! Combofix.exe MUST be saved to and ran from the Desktop.- Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
- Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
- Click this link to see a list of security programs that should be disabled and how to disable them.
- If yours is not listed and you don't know how to disable it, please ask.
- Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
- Double click combofix.exe & follow the prompts.
- Choose Yes to accept the Disclaimers.
- When finished, it will produce a log for you.
- Post that log in your next reply.
Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall- If Combofix runs into difficulty and terminates PREMATURELY, the connection can be manually restored by restarting your computer.
- Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly.
----------
Next post add
Combofix logthanks and sorry it took so long but i had to go to sleep then to work
I have attached the combofix log below.
[recovering space - attachment deleted by admin]Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
Code: [Select]KillAll::
Folder::
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\system32\vntiho06
C:\WINDOWS\system32\hI2
C:\WINDOWS\system32\at1
C:\WINDOWS\system32\1064a
C:\temp\vtmp2
File::
C:\WINDOWS\system32\spywarewarning2.mht
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\vntiho06\vntiho061083.exe
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse BUTTON while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to freezeok here is that log:
[recovering space - attachment deleted by admin]Next:
Go to Start > Control Panel > Internet Options
In the General tab, Temporary Internet Files, click:Delete Files
When prompted, check:Delete all offline content
You can also check: Delete Cookies (You will have to re-enter passwords at websites that require them.)
Click OK
Then, go to Start > Run and enter: cleanmgr
Select the drive to clean: C:\
Check the following boxes and then press OK to remove:- Temporary Files
- Temporary Internet Files
- RecycleBin
Agree to the prompt to perform the action...
Next:
Download ATF Cleaner by Atribune and save it to your Desktop
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of: - Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Java Cache
The rest are optional - if you want to remove everything, check Select All
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use the Firefox or OPERA browsers, you can use this program as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
How is everything now?okay, everything seems to be working fine now
thanks a bunch! i appreciate your help Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.
- Click START then RUN
- Now type Combofix /U in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
.
.
The above procedure will:- Delete:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
- Go to Start > Programs > Accessories > System Tools and click System Restore
- Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
- The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Next go to Start > Run and type Cleanmgr
- Click OK
- Click the More Options Tab.
- Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
.
Use the Secunia Software Inspector to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.
Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
|
