InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 901. |
Solve : HiJack This Log Tool not helping? |
|
Answer» After using this tool twice now, there is one FILE that won't delete. What should I do? BTW, here is my scan: |
|
| 902. |
Solve : Riddled with Viruses.? |
|
Answer» Hi SD, however I definatly still have a trojan vundu in the system restore System Restore was cleared by uninstalling ComboFix. Quote from: SuperDave on December 20, 2009, 12:48:13 PM Im not really sure of the point of that, was it no it will not help to try to make my computer work again?We have suggested that you post in this forum to deal with the BSOD. We do malware removal here.Hi folks, I have restored my system to the original state and it seems well, however it was suggested to me that i post on here to find any information on how was the best way to go about checking if anything bad had stayed on here. |
|
| 903. |
Solve : please check my logs...blue screen problem !? |
|
Answer» I've had virus/computer SLOWNESS problems on and off for the last few months. Yesterday, upon scanning using MBAM, computer gets the blue screen with the "your computer has recovered from a serious error" message. This happens at the point of the scan where MBAM is scanning "zpeng25.dll" . Here is my SASW log. The next two to follow....Thanks !SUPERAntiSpyware Scan Log |
|
| 904. |
Solve : Big Maleware Prob - Green Desktop - fake msg ....? |
|
Answer» Hi! i got a big problem with my homepc with xp on it. I got a new acer pc with preinstalled mcafee on it and with windows firewall. i also got servicepack 3. |
|
| 905. |
Solve : ComboFix found 2 problems - OG prob: userinit login closed by DEP? |
|
Answer» Here is another more thorough description. http://vil.nai.com/vil/content/v_139473.htm |
|
| 906. |
Solve : userinit login closed by DEP? |
|
Answer» How does ONE get logged on to FIX this? Windows just goes to the USER screen. Once clicked on, it just goes from LOGGING on to logging off... Welcome to CH. |
|
| 907. |
Solve : Spybot Blocked? |
|
Answer» Quote from: diggerdave on February 11, 2009, 04:27:34 PM I haven't had zone alarm security suite running for at least 6 months. I am running the free zone alarm fire wall. Seems to be running well. OK, it must be seeing the security center as having the Security Suite installed. No problem. -- You are going to have to remove the CRACKS & Keygens before I can continue helping. Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As ADMINISTRATOR. * Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :files C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 PRO Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full PATCH And Keygen's -2- MAXIMODIS.zip.torrent C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Here's the log: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Adobe Acrobat 9 Pro Extended + Crack (PTB-ITA-ESP-NL) (iso).rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\ConvertXtoDVD-V3 DivX-V6 Nero-V8 WinRar-V3-Full Patch And Keygen's -2- MAXIMODIS.zip.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\keygen.exe.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9 Ver. C Iso + Cracks & Apps.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\Nero 9. Ultra NEW RELEASE Including+Keygen Valildation Crack.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\nero_8_keygen__serials_reg__activation.rar.torrent not found. File/Folder C:\DOCUME~1\David\Application Data\uTorrent\RegCure 1.5 with crack.rar.torrent not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_QcjCX8zRcMQq3Ps9d45X-journal scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\etilqs_u59Ra7VKA7IFF7KLQAw4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\David\LOCALS~1\Temp\~DF9103.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\gnserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_770.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\spnserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\spserv.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\ZLT06db8.TMP scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\OfflineCache\index.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\msin5iya.default\urlclassifier3.sqlite scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_154245 Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixLog attached [attachment deleted by admin]Everything looks OK. How is the computer running now?It's taking well over a minute at boot up to get from the post to the memory check.Has this just started happening? Yes. I believe it started after running OTMoveIt3.All that did was remove temporary files. Everything else said "Not found." Try Dial-a-fix. Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
How is it now?Dial-a-fix has been stuck on the same task for about an hour and a half.Can you see which one it is?Stopping CRYPTSVC...OK stop it and uncheck box 4, labeled SSL/HTTPS/Cryptography Now run it again please with the other boxes checked.I'm still getting the lengthy delay at boot up.A computer can be slow to start up after cleaning the cache which is what we did when running OTMoveIt. After a few more restarts see if it is still running slow. We should check for any more malware also as it could be that as well. Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
. Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. |
|
| 908. |
Solve : the middle of my rope? |
|
Answer» hello ladies and gentlemen |
|
| 909. |
Solve : NetWork Worm? |
|
Answer» Hi |
|
| 910. |
Solve : removing a virus? |
|
Answer» i don't know how to remove a virus without an anti-virus program... because i think that my computer has some viruses that my anti-virus can't find plsssss,,help meWelcome to CH. Download random's system INFORMATION tool (RSIT) by random/random from and save it to your Desktop.
[attachment deleted by admin]Your logs are clean. Why do you think there is a virus?how did you know that my logs are clean? could you teach me how to know if my logs are clean? what are the contents of both logs are all about? because my computer is running slow,,and when i going to open the command promt. my computer is shutting down!!!,,my friends said that maybe it has some virus!!About learning, refer here: here. And then about the "virus" from CMD, it's probably something minor...WHAT kind??? Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, RESET to 100%. |
|
| 911. |
Solve : PLEASE HELP I have been Hijacked? |
|
Answer» Delete these files/folders, as follows:
---------- Download Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this TOOL so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop.
Important: Restart the computer before continuing. ---------- Use the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Also let me know how the computer is running now.Thank you my computer is running better,But have one more problem Windows installer keeps opening every time i do something should i try to get a new version or something? Heres my log from ESET # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3857 (20090216) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=3e83c31cdf5f6f4ea0604f3a36eb9d7e # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-02-16 09:36:46 # local_time=2009-02-16 04:36:46 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=131046 # found=0 # scan_time=2631Download Deckard's Association File Tool (DAFT) and save it to your desktop.
Was anything found and fixed?I keep getting page not found when i try to download Deckard's Association File Tool Try Dial-a-fix. Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
Is the problem fixed?Thank you Every thing is good if i use mozilla,But when open any windows With IE installer pops up. I thank you so muchRe-register MsiExec
No visible change will take place. Try to install/uninstall again. If this method fails, you will need to reinstall the Microsoft Windows Installer (MSI) Windows Installer 3.1 Windows Installer 4.5LOL OK Well i figured out one thing Everytime i download anything from windows it wont install even windows update fails Should i go to a different forum and make a new post,so i dont have to bug you with this problemGo to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] ="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] ="{098f2470-bae0-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\exefile] ="Application" "EditFlags"=hex:38,07,00,00 "TileInfo"="prop:FileDescription;Company;FileVersion" "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size" [HKEY_CLASSES_ROOT\exefile\DefaultIcon] ="%1" [HKEY_CLASSES_ROOT\exefile\shell] [HKEY_CLASSES_ROOT\exefile\shell\open] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] ="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas\command] ="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shellex] [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler] ="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser] ="{09A63660-16F9-11d0-B1DF-004F56001CA7}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps] ="{86F19A00-42A0-1069-A2E9-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page] ="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKEY_CLASSES_ROOT\regfile] ="Registration Entries" "EditFlags"=dword:00100000 "BrowserFlags"=dword:00000008 [HKEY_CLASSES_ROOT\regfile\DefaultIcon] =hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\ 2c,00,31,00,00,00 [HKEY_CLASSES_ROOT\regfile\shell] ="open" [HKEY_CLASSES_ROOT\regfile\shell\edit] [HKEY_CLASSES_ROOT\regfile\shell\edit\command] =hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\ 00 [HKEY_CLASSES_ROOT\regfile\shell\open] ="MER&ge" [HKEY_CLASSES_ROOT\regfile\shell\open\command] ="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\regfile\shell\print] [HKEY_CLASSES_ROOT\regfile\shell\print\command] =hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\ 00,25,00,31,00,00,00 [HKEY_CLASSES_ROOT\.lnk] ="lnkfile" [HKEY_CLASSES_ROOT\.lnk\ShellEx] [HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214EE-0000-0000-C000-000000000046}] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\.lnk\ShellEx\{000214F9-0000-0000-C000-000000000046}] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\.lnk\ShellEx\{00021500-0000-0000-C000-000000000046}] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\.lnk\ShellNew] "Command"="rundll32.exe appwiz.cpl,NewLinkHere %1" [HKEY_CLASSES_ROOT\lnkfile] ="Shortcut" "EditFlags"=dword:00000001 "IsShortcut"="" "NeverShowExt"="" [HKEY_CLASSES_ROOT\lnkfile\CLSID] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\lnkfile\shellex] [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers] [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\Offline Files] ="{750fdf0e-2a26-11d1-a3ea-080036587f03}" [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}] [HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\lnkfile\shellex\PropertySheetHandlers\ShimLayer Property Page] ="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}] ="Shortcut" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32] ="shell32.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered] [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\PersistentHandler] ="{00021401-0000-0000-C000-000000000046}" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID] ="lnkfile" [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex] [HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-C000-000000000046}\shellex\MayChangeDefaultMenu] Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- Is it fixed now? |
|
| 912. |
Solve : Re: Spybot Blocked? |
|
Answer» You have Viewpoint installed.
---------- Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new Sun Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old VERSION(s) Download JavaRa
Additional Note: The Java Quick Starter (JQS.exe) adds a SERVICE to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer. ---------- Download OTCleanIt.exe and save it to your Desktop.
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O23 - Service: AOL Antivirus Update Service (aolavupd) - UNKNOWN owner - C:\Program Files\Common Files\AOL\1125946752\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe (file missing) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Open HijackThis, but instead of scanning, click on the Open the MISC tools section button at the bottom of the choices. Copy this red text -> aolavupd
Now exit HijackThis and reboot when it tells you it needs to. ---------- How is the computer running now? .The computer seems to running better. However, a few things: -- Anything regarding Viewpoint was not found in Add/remove programs -- I ran an Antivir scan last night, and three infections were found: -- Rootkit.gen -- Crypt.XPack.Gen -- A0351077.dll contained a recognition pattern of the (harmful) BDS/TD -- I usually quarantine the infections. Is that the right thing to do? -- Can you recommend a very user friendly firewall? I am doing this (well, you are lol) for a friend's parents, and they arent too computer savvy. Again, thank you for taking the time to help. --I am going to attempt to run Spybot and SAS, just to make sure everything is okay and they can operate again.Download ViewpointKiller.zip
---------- Disable/Enable the System Restore Utility to flush old infected restore points 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- These are all free. Remember only install ONE firewall 1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one) 2) Online Armor 3) Sunbelt/Kerio 4) Agnitum 5) PC Tools Firewall Plus ---------- Use the ESET Online Antivirus Scanner This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.I did the "Check to see if you have Viewpoint installed" and Viewpoint Manager was the only one present. After selecting "Kill Viewpoint Manager", a log file appeared. I have pasted it below. However, it still says that Viewpoint Manager is installed. What Msconfig instructions do you SPEAK of? I do not see them. Thank you. I have not proceeded with the other steps you provided me. ViewpointKiller Version 1.30 (beta) The removal process was started on Tue Feb 17 12:03:15 2009 Preparing to remove Viewpoint Manager... ViewpointKiller was not able to close "viewmgr.exe"! Searching for all known Viewpoint Manager registry values and keys... Found and removed: Software\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager Finished searching for and removing all known Viewpoint Manager registry values and keys. Searching for all known Viewpoint Manager files and folders... Could not delete: C:\Program Files\Viewpoint\Viewpoint Manager Could not delete: C:\Program Files\Viewpoint Finished searching for and removing all known Viewpoint Manager files and folders.Looks like it worked. Viewpoint isn't malware just a nuisance. It's installed with AOL/AIM but serves no real purpose.I downloaded and am running Online Armor. After installing, I restarted the computer, and AntiVir Guard is no longer present in the system tray. Also, I attempted to run the ESET scan, but it gets hung up on C:\dell\MEDIAEXE\ONDRVMED.zip Edit: I take that back. The scan has progressed past that file.You might try reinstalling AntiVir. I have not seen any issues with the two working together but who knows. Software updates sometimes don't go as planned from day to day.# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3865 (20090218) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=5ac917da29dd34439cbfdffc6d6c56ed # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-02-17 08:38:31 # local_time=2009-02-17 03:38:31 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=323027 # found=4 # scan_time=8254 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5702A24C-178F-4661-97D1-644845A9CBB7} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{71781886-D1CC-45EB-BC62-87BC19A8EE6E} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C3A44FE1-4BA1-46B3-9021-943039993BB9} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000 C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F5619D5D-C2F7-4E2D-ABEF-4050D012CB7D} Win32/Qhost trojan (unable to clean - deleted) 00000000000000000000000000000000
. The above procedure will:
---------- How is the computer running now?Am I allowed to run this while my protection is active?Yes, it's just removing ComboFix and resetting a few things to their default settings, as they should be. |
|
| 913. |
Solve : Mouse automatic getures and clicking? |
|
Answer» My mouse just started moving and clicking on its own today, it extremely annoying, i've run MULTIPLE virus, spyware, and malware checks with no LUCK. any SUGGESTIONS would be greatly appreciatedQuick QUESTION, is this a laptop? |
|
| 914. |
Solve : CD drive opens and closes automatically.....? |
|
Answer» I know a VBS script that does it on a loop, and it made my computer sound like a hurricane and crashed it!Done. I thought that you could only run c code and get it to do that stuff.Prepare a boot able floppy.
Trojan.Virtumonde - http://www.threatexpert.com/report.aspx?uid=01feba93-ac5e-4014-b820-dc737f5d1e0a We need to remove the malware first but honestly the CD tray sounds like a dist problem to me. Some argue it can't carry a current but I think it's been proven it can. globalpal_ooty - I suggest uninstalling the Paretlogic Driver Cure. (Unless it's a paid version). This company isn't trusted. Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE - O4 - HKCU\..\Run: [mpx] c:\WINDOWS\system32\mpx.exe Important: Close all open windows except for HijackThis and then click Fix checked. Once completed, exit HijackThis. ---------- Go to Start > Run and type notepad.exe then click OK Copy and paste the below into Notepad and save as fixme.reg to Your Desktop Code: [Select]REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run] "Alcmtr"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "mpx"=- Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry. Make sure that you tell me if you RECEIVE a success message about adding the above to the registry. If you do not get a success message, it did not work. Delete the fixme.reg from the Desktop. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of SECURITY programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFix |
|
| 915. |
Solve : Hidden virus?? |
|
Answer» Im dam sure i have another infection. But nothings picking it up |
|
| 916. |
Solve : HELP!!! I have a virus..? |
|
Answer» I am running windows XP. I cannot USE any of my programs. If I click on an icon I get a "Path does not exist" error msg. I cannot download anything because when I click on the icon to INSTALL then I get the same error. Can I get into my computer files somehow and REMOVE it that way? I have Macafee but it DIDNT catch it. now I cannot run that either. I am at my wits end. The only thing I can use is my windows IE. I HATE IE so this is driving me NUTS. I tried to open my add/ramove programs but that wont open either. Someone PLEASE help me. |
|
| 917. |
Solve : Have I been hijacked?? |
|
Answer» Hi, |
|
| 918. |
Solve : Is your DNS sending you bad stuff?? |
|
Answer» This is a real security issue. It is not, per se, a virus, but it is one way a virus can GET into your system. I have tried to say before and everybody would say that it can not happen if you have a good firewall and a good anti-virus and if you are carefull. Not So! Look at this: Dan Kaminsky, who for years was AMBIVALENT about securing DNS, has become an ardent supporter of DNS SecurityI would put this in the News section, but then the people who NEED to know about it would never read it, It is about making your PC secure. Anti-virus and firewalls are not enough. The DENS you are using is another backdoor into your system, The anti-virus does not even try to verify the quality of your DNS. Related th that, Up to now people have thought that the SSL was all that it takes to stop a HACKER from getting into your system. Not with the high power servers that lie offshore. There are thousand of servers that are out of jurisdiction and they can do what they want with SSL certificates. Even with odds of one in a million, that is all that it takes when you have thousands of servers doing millions of spoofs in a short span of time. What I am trying to say is this. It is not getting BETTER. The worst is not all behind us. I know many of you do not believe that, you think the new anti-virus software can do anything. Not so! Don't t telo me this is an old issue. It is a current issue until you are protected.d What have you done about this? Have you talked to your ISP? |
|
| 919. |
Solve : phorm? |
|
Answer» Hi,i heard last year that, virgin, sky,and, talk talk broadbond http://www.bleepingcomputer.com/startups/RPS.exe-15389.htmlThanks a lot for your qiuck reply!!!!! evilfantasy. i think ill be back later coz i keep getting a browser hijack host files i use spyware blaster to fix them,it says i1 file unprotected so i RUN host file gaurd fixed 5 minutes later its back? cheers.p.......... |
|
| 920. |
Solve : Cannot remove this virus which started with Win32:JunkPoly [Cryp]? |
|
Answer» Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM Quote from: h4cker on February 18, 2009, 11:23:27 PMUnderstandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS. Yes, 1TB of data. Quote from: BC_Programmer on February 19, 2009, 02:00:03 AM Quote from: h4cker on February 18, 2009, 11:23:27 PMUnderstandable. I have an external drive connected to my PC. What is your suggestion to care of the situation? As I'm sure it has spread to the external, so when I reformat - it may just re-infect the newly installed OS. IE- programs. (Note zips/rars probably don't count) because if so I would avoid even navigating near them until you are able to reinstall. BC_Programmer I have programs (executables and some of which run directly from the drive), music, iso's and the like. So to answer your question, yes I do. Thanks.In any case I'd go withthe method of reinstallation and then SCAN/clean the drive. Until the Virus is able to load into memory it cannot infect further, so the trick is keeping it from doing that- which is actually as simple as not running any EXE files from the external drive (or, DLLs). But as evilfantasy said the virus is polymorphic, so even in the scope of infecting a single HD it could mutate enough to not be caught by the virus scanner... which will declare it clean, and that program MIGHT be run in the future- back to square 1. the ISO files... and in fact anything that isn't a PE format file should be safe from it (PE=Portable Executable). If I were you, I would myself: Reformat, Reinstall Delete all EXE,DLL, OCX, and SCR files present on the external drive. every last one, regardless of what it was. Then- reinstall those apps whose EXE and DLL files are now missing- all of them that were on the drive, really. This is still far from a total guarantee that the external won't re-infect the new OS, But deleting the Data itself I imagine isn't even a option. Quote from: BC_Programmer on February 19, 2009, 03:36:01 AM But deleting the Data itself I imagine isn't even a option. Not an option at ALL, lol. There is over 7 years of data collected on that drive; THOUSANDS of files. I would literally CRY( ) if that data disappeared. Which then you would ask, "So you have a backup right?" Then I answer, "No, because I'm dumb." I'm running Dr.Web LiveCD to hopefully have it clean some of the files and will TRY ANOTHER Live! CD with multiple scan engines on it to scan and clean the external. I can post back and let everyone know how it went.You do have the external HD disconnected now, right? Quote from: kpac on February 19, 2009, 03:59:28 AM You do have the external HD disconnected now, right? No, it's connected. I'm running the Dr. Web LiveCD http://www.freedrweb.com/livecd/ to remove possible traces of the virus without booting. I'm using my Ubuntu server right now to type all this. Is it possible that the virus can corrupt the BIOS? Does anyone know how long the Dr. Web LiveCD scan takes to complete? Thanks.Not sure how long the scan takes. It will vary from one PC to another. It's unlikely that your BIOS is infected. Good luck! |
|
| 921. |
Solve : My computer is so dirty I have to wear Gloves...Help Cleaning Please? |
|
Answer» They are just too close TOGETHER...Half of me believes you and THREE quarters of me doesn't.... Quote from: kpac on February 18, 2009, 03:19:16 PM Half of me believes you and three quarters of me doesn't.... Wanna hear a funny story? I accidentally clicked modify instead of quote almost immediately after Steve made us moderators.... And even funnier it was one of his posts. LOL Well not to happy about the computer killer virus. I have lots of data I want to recover from this computer this is my plan: I have a 1TB USB drive to use as data dump, also installed a second serial drive in the infected computer ( Not hooked up yet) On my last system restore I was able to remove the hard drive from infected computer and copy the data files to a lifeboat computer.(This file contained the virus and reinfected my computer. Lifeboat computer was unaffected.) I copied this data file to the USB drive. Did a system restore to infested computer. INSTALLING programs now. Plan to copy the big data block on new hard drive and ACCESS when NECESSARY. Slowly bring over data files,and try to avoid this virus again.hopefully it works out for you |
|
| 922. |
Solve : HELP!! Media player constantly starting on it's own while web browsing!!!? |
|
Answer» My MEDIA player has suddenly started on it's own constantly while I am browsing the internet! It doesn't matter whether I am using FIREFOX or IE. I changed all my defaults from Windows Media Player to Realplayer..but that didn't help. Now, instead of Windows Media Player POPPING up constantly, Real Player starts up constantly. What is going on???!!! |
|
| 923. |
Solve : virus? windows explorer doesn't work!? |
|
Answer» ugh! i accidentally downloaded something BAD today. |
|
| 924. |
Solve : Laptop needs a good cleaning? |
|
Answer» Howaya! |
|
| 925. |
Solve : No start menu or icons still, Completed list have logs? |
|
Answer» WOW.....You guys have my upmost respect...this stuff is time consuming and frustrating! I have finally completed the Try this first list.... The only thing I was not able to rename the HijackThis file....I also tried to find the logs that I saved to the desktop and they are no longer there??? I am seriously lost what do I do now?? Below are the events that have occured over the past 36 hours. |
|
| 926. |
Solve : Virus Alert in toolbar? |
|
Answer» This is the only PROBLEM I have LEFT on my laptop. I followed your guidelines just as you laid them out, I am left with the virus alert! NOTIFICATION next to my clock. Thank you for the help, my computer is getting back to normal. |
|
| 927. |
Solve : Directx Diagnostics is being forced on me.? |
|
Answer» 1. Yes- if you GET no prompt that means all was well and it did it's thing |
|
| 928. |
Solve : apparently i have a trojan? |
|
Answer» really the only thing you need to backup WOULD be your documents, and if they are important to you, game saves. Anything else can be reinstalled from the install discs. |
|
| 929. |
Solve : Computer infected; believe it's malware; won't let me run AdAware or Malwarebyte? |
|
Answer» I'm a new user to this site and need to see if anyone can give me some tips. About two days, I noticed my browser has been hijacked. When I search the normal Yahoo search bar, it takes me to a page that LOOKS like it's should be right, but some of the links take me to various places I don't want to go. My system is also locking up, it won't allow me to go back to a prior restore POINT, and no one can seem to help. I have BSAFE online filtering with what I believe is McAfee. I ran the scan and it's not picking anything up. I also installed windows live care, and it didn't find anything either (so I removed it). |
|
| 930. |
Solve : Storage devices and viruses? |
|
Answer» I had a back up of some files on my memory stick.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.You can also scan your flash drive for virus with Kaspersky. Plug in the USB drive prior to performing the steps below. Please keep ALL other programs closed during the scan Run an online scan with the Kaspersky Online Scanner
. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.Thank you EF!!!!! This is awesome help and advice and I'll do it carefully. I really appreciate you help. Fingers crossed.... evil is an expert take his advice , i was just giving you advice not what to do , harry |
|
| 931. |
Solve : ...I don't know.? |
|
Answer» that's what I THOUGHT... |
|
| 932. |
Solve : her is my log? |
|
Answer» i hope this time ive posted |
|
| 933. |
Solve : Problems here are my logs? |
|
Answer» Please find attached my logs i have been having problems now for 3 days. i have FOLLOWED the anti malware guide. |
|
| 934. |
Solve : Can I delete?? |
|
Answer» Hey friends, I was just wondering If I could delete the first 5 processes of this hijack this logg, and how do I get rid of the yellow exclamation things. I RAN LSP Fix, And It came up clean. Also I keep having a problem with mcafee site adviser. The green check marks keep disappearing after a few days, I have tried to uninstall and reinstall but no luck. Logfile of Trend MICRO HijackThis v2.0.2 I was just wondering If I could delete the first 5 processes of this hijack this logg Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe Those? They are needed by the system! Why are you asking?Well, when I run hijackthis and copy and paste it to the hijackthis log TOOL I get these yellow triangle things with a exclamation point inside of them. |
|
| 935. |
Solve : deleted? |
| Answer» DELETED | |
| 936. |
Solve : Exploit.JPG What is it?? |
|
Answer» I had my brother put AVG on his COMPUTER and I had him run a scan with all the settings for scan everything set. It didn't find anything. Then when opening some picture viewer SOFTWARE which shows the jpg's in THUMBNAIL mode avg comes up with a Virus threat detected Exploit.JPG. It's only a couple of pictures out of the total that they have. They ripped these pictures from a CD that one of their friend's put together on their computer. Is it possible that AVG does not see it unless it is accssed by the viewer? Is it piggybacking on the jpg and does not see it until it runs? What is it and how do you get rid of it? Get rid of the pictures. I want to save the pictures.When you say trivial change to the jpg you mean open it in editor like paint for example and make a change for example like putting a dot in the corner of the picture? Is that what you mean by Trivial change? Open the folder with the pictures. Place mouse pointer over the icon or thumbnail. Right click, then open with and select an image program that does not have the problem. Microsoft paint should work. put just a tiny speck on a corner of the image. then save it. The image should now be 'clean' and you can open it in the buggy image viewer. If this does NOY work, plese come back here. |
|
| 937. |
Solve : "Windows cannot find csrss.exe......? |
|
Answer» Earlier today Threatfire has detected a highly malicious PROCESS related to csrss.exe and I chose to terminate the process. |
|
| 938. |
Solve : computer is dead I think or at least broken. Need guidance plz!? |
|
Answer» I was on the net downloading something I probably shouldn't have obviously or I would not be in this situation. I had a pop-up on my task bar SAYING I had a virus and needed to download and scan. I did not click on it in case it was more problems. My internet would not CLOSE and my computer was totally frozen. So I had to hold the power button and do a hard shut down. When I restarted my computer it went through the normal sequence of events that it would normally. I came to the log in screen and entered my password and my computer continued to do it's thing. My DESKTOP picture appeared as it always does but that is where everything gets strange. My task bar does not appear nor does any of my icons. All that is showing is my desktop picture. I tried all buttons and mouse clicks to no avail, nothing is happening. I tried alt, ctrl, delete hoping to view my task manager and it doesn't work and gives me a message about my admin disabled the task manager. So I did a hard shut down again and tried booting in safe mode. It did boot in safe mode but still the same results. A black screen with no task bar or icons with safe mode in each corner. So that is where I am at and I need some help from all of you that are much more knowledgeable than me about this and I thank you in advance for any and all suggestions that might come my way as I need to get up and running so I can continue to have a job.defineatly seems like your infected, can you click on anything in the START menu?No nothing at all. I can see my mouse cursor but there is nothing to click on. I even tried the WINDOWS start button on my keyboard and still no luck.can you try booting off your install disk and doing a repair? |
|
| 939. |
Solve : I'm infected? |
|
Answer» Hi, |
|
| 940. |
Solve : System Check Up?? |
|
Answer» I was hoping to GET some help with a check up on my SYSTEM, I have had a few problems in the past.. and it seems that a few bugs might be coming up. I was wondering if anyone would be willing to help me run some checks for viruses, spyware, faulty programs, anything of that sort. |
|
| 941. |
Solve : Virus I believe?? |
|
Answer» Well i just rebuilt my system so ive downloaded my BACK up files from carbonite and down loaded lots of programs all at the same time the last thing i did was put trend micro pro on for protection my wife opened a email that i thought had a virus somthing called virus 360 (not associated with norton) removed it and thats when things started to happen. I also down loaded some dvd codec around that time aswellUpdate Malwarebytes' Anti-Malware and run a Full scan
Database version: 1799 Windows 5.1.2600 Service Pack 3 2/24/2009 3:41:22 PM mbam-log-2009-02-24 (15-41-22).txt Scan type: Full Scan (C:\|) Objects scanned: 110328 Time elapsed: 9 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry KEYS Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I also removed dvd codecs thinking of removeing trend micro as well any advise on that? I realy appreciate your time THANKSYOU can try removing Trend Micro to see if the COMPUTER acts right. I'm not seeing any files related to malware. |
|
| 942. |
Solve : Fast-Spreading Phishing Scam Hits Gmail Users? |
|
Answer» Read this: http://bits.blogs.nytimes.com/2009/02/24/viddyho-phishing-scam-hits-gmail/?hp
|
|
| 943. |
Solve : i made some logs! (malware & hijackthis)? |
|
Answer» Hi. Attached are my logs from HijackThis and MALWAREBYTES. SUPERANTISPYWARE found nothing to log. |
|
| 944. |
Solve : Help with deleting infections? |
|
Answer» It MIGHT find some cookies but I'm pretty sure it won't find anything dangerous. I only use Spybot for the Immunize feature, nothing more. MalwareBytes and SUPERAntiSpyware are the best for scanning/removing malware.It found a double click and right media which are both "1 entries in browsing". Looks clean! Thank you so much, but before this fix section is finished, can you explain immunize a little more. I read the report and don't completely understand it. Basically what does it actually do, and when should I implement it?It works silently. Once you click the Immunize button it ads KNOWN malicious web sites to your Hosts file which protects your browser from malware. It works with Internet Explorer and Firefox.
---------- Go to Microsoft Windows Update and get all CRITICAL updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable SHOPPING sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX CONTROLS are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Ok I'll have to check it out, thanks for everything . Btw for the immunize feature should I keep it on at all times or what? And if I on;y go to safe websites anymore and don't torrent or download games, would I need any of this?You never know when you might stumble on to a bad web site. You don't turn on or off the Immunize feature. It just customizes your Hosts file. It doesn't run. Be sure to Immunize whenever you update Spybot.Ok, thank you for everything. I hope other people are as lucky as me to have you fixing there computer. Once again, thanks.Your welcome. Safe surfing... |
|
| 945. |
Solve : virus/cookies in Hidden folder? |
|
Answer» I scanned my harddrive and some tracking cookies and virus were found in folder like C:\appdata\roaming\microsoft\windows\cookies
For scanning and removing unwanted cookies you can use SUPERAntiSpyware Free Edition. Download and install SUPERAntiSpyware Free for Home Users
Make sure everything found has a check next to it and PRESS Next Then click Finish It is possible that the SUPERAntiSpyware asks to reboot the PC in order to delete some files. |
|
| 946. |
Solve : log in/log off loop? |
|
Answer» I got some virus surfing the net. I brief rundown of my problem. I have windows XP media center w/SP3. At first when I logged on I could not see my icons or task bar, just my desktop with nothing else. I tried alt-ctrl-delete and my task manager was disabled. I got that part fixed and ran Ad-ware through the task manager and it found a few viruses that I cleaned up and my task bar and icons came back. It asked me to reboot so I did. It must have deleted or changed something in my log in/off loop because when I logged back in it LOGS me off in the matter of seconds. I tried with the admin ACCOUNT and in safe mode with nothing working. Next I got on my dad's computer and searched some websites and I came ACROSS some suggestions to boot from my xp cd-enter recovery-go to my c:\windows\system32-copy userinit.exe wsaupdater.exe-(it said one file copied)-exit-reboot your computer and you should be able to log in-then got to phase II and regedit. |
|
| 947. |
Solve : C:\Windows\sysvxd.exe problem? |
|
Answer» Last week I had a problem in that a program CALLED PC Police downloaded itself to my computer. It WOULD not let me get to the internet and I did not have a spyware program on my computer. I bought WEBROOT Spy Sweeper which deleted the PC Police program. |
|
| 948. |
Solve : mcafee error? |
|
Answer» mcafee FRAMEWORK SERVICE is missing in the services.mscMore INFO please. |
|
| 949. |
Solve : Need help with trojans or a virus plz? |
|
Answer» Hello, you have a very informative site. I have discovered that I have a couple trojans on my computer and need help to remove them. I went thru everything on your 'Read this before requesting malware' page and I have all of the logs that you request. |
|
| 950. |
Solve : Rootkit removal please help I feel like tearing my hair out? |
|
Answer» Done that and it found no rootkits I didn't think it would.
Friday, February 20, 2009 23:28:25 - 01:04:35 Computer name: MR-F7ADB6866673 Scanning type: Scan system for malware, rootkits Target: C:\ F:\ Result: 3 malware found TrackingCookie.2o7 (spyware) * System TrackingCookie.Doubleclick (spyware) * System TrackingCookie.Webtrends (spyware) * System Statistics Scanned: * Files: 29726 * System: 2849 * Not scanned: 7 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 3 * Submitted: 0 Files not scanned: * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Options Scanning engines: * F-Secure USS: 3.0.0 * F-Secure Hydra: 3.6.8511, 2009-02-20 * F-Secure AVP: 7.0.171, 2009-02-20 * F-Secure Pegasus: 1.20.0, 1970-00-01 * F-Secure Blacklight: 0.0.0 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics All that was found is cookies. Quote TrackingCookie.2o7 (spyware) I never did put much faith in the AVG Antirootkit scanner. I think it's safe to say I was right..The AVG is still finding "C:\WINDOWS\System32\Drivers\azrbl4oh.SYS";"Hidden driver";"Object is hidden" If I still get BSOD do you think I should format the drive? I knew it was a problem with the drivers and I blamed the printer at first. One of the 1st blue screens said it was a driver problem and SOMETHING to do with the kernel stack. I have uninstalled just about everything and the problem persists so it can't be any legitimate driversThere aren't many unknown rootkits out there and whatever AVG is hitting on I think is not a rootkit but a system file it sees as malicious. A false positive. Although I could be totally wrong so you might want to ask in the AVG Anti-Rootkit forum why it's doing this.Ok many thanks for all your help. You've been brilliant. Thank you
. The above procedure will:
---------- 1. Double click OTMoveIt3.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt3 ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. --------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Its still ll messed up. Another anti virus keeps coming up with sptd.exe as a problem and also OSA09.sys. Anyway looks like I am going to have to format after all. I have a problem though I would like to backup my drivers but as this is seemingly where the problem lies I will not be able to do this. Will I be able to find the drivers easily enough after formatting? Quote Another anti virus keeps coming up with sptd.exe as a problem What is another antivirus? Do you have virtual drives or daemon tools installed?Yes and unfortunately I cannot delete it because I deleted all those files before. So its kind of stuck on the systemIt's not malware, it's a Daemon Tools file. Download FindFile by Atribune 1. Extract the contents to your Desktop 2. Double click on FileFind.exe to open the program. 3. In the File: box enter sptd.exe 4. Click on the Search button. 5. Wait. If any files are found, a list of file locations will APPEAR in the List of Files: box. 6. Click on the Export button. 7. This will open a Notepad file named Export.txt. Copy and paste it to your next post please. There will also be a copy of the Export.txt saved in C:\Export.txt Also repeat the above steps for OSA09.sys |
|