InterviewSolution
Saved Bookmarks
InterviewSolution
This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.
| 1001. |
Solve : Symantec...."scanning message 1 of 1"? |
|
Answer» I have Norton Antivirus 2007. Yesterday for the first time ever, I noticed that the small Symantec box in the lower right of my screen gradually started FLAGGING with... scanning message 1 of 1 although I am not sending any messages. Suddenly my whole screen was INUNDATED with hundreds, perhaps thousands of em as they would disappear and reappear replenishing themselves. I couldn't get to the Symantec main window or anything else for that matter. The only way I could shut down was to unplug. When I booted back up I stayed at my desktop until the same thing occurred, and again I unplugged and restarted, only this time I went directly to Norton Antivirus Settings while I could still get there and turned off outgoing email scanning, and set the change for permanently. This seems to work fine for me although I know that something is wrong. What sort of problems am I asking for by running like this ? I ran several full scans and came out clean. There's no further indication of any sort of problem any where that I know of. |
|
| 1002. |
Solve : iedefender please help? |
|
Answer» I keep getting this pop saying my computer is INFECTED and blah, blah, blah, basically its an iedefender pop up, and its pissing me off. I think i deleted all files that have to do with it. i scanned my pc with norton and this pop up is still coming up. anysuggestions?Download HijackThis to your desktop. |
|
| 1003. |
Solve : rookie with virus problem? |
|
Answer» First I need to take care of this problem: |
|
| 1004. |
Solve : Unknown symbol on desktop? |
|
Answer» I discovered this symbol on my desktop. I can not remove it. It appeared about TWO weeks ago in the top left corner of my desk top. I can drag it to any part of the screen and it will stay there. however, when i shut down or restart it appears in the upper left corner again. I click on it it does not open or do anything. I have tried to deleate it, move to recycle ben nothing seems to effect it. I ran Trend Miicro virus Also, it may help, if you post a screenshot of the icon, itself, possibly magnified.Download HijackThis. Do a system scan and save a log file. Post your log file at the Computer Viruses and Spyware board. (I have finally FINISHED reading HijackThis TUTORIAL at AumHa. This time, I'll try to do my best when reading the log) Quote from: dairyman on November 07, 2007, 12:13:55 AM (I have finally finished reading HijackThis Tutorial at AumHa. This time, I'll try to do my best when reading the log) You are not qualified to analyze logs until you have gone through the PROPER training of a HijackThis course. Reading a tutorial is not enough. How many times does this need to be said? Quote from: CBMatt on November 11, 2007, 05:55:08 AM You are not qualified to analyze logs until you have gone through the proper training of a HijackThis course. Reading a tutorial is not enough. How many times does this need to be said? OK, I won't read any HJT log's yet. I am taking a course on how to read HJT logs. |
|
| 1005. |
Solve : Can someone look at my Hijack this log please? |
|
Answer» Yesterday I was just browsing various websites and then my computer seemed shut down automatically when I saw a popup message that said "Thank you for your upload" or something of the sort I don't remember I was very tired. Today I logged on my computer and my computer was acting weird. I was convinced that someone had hijacked my computer. I browsed various websites and downloaded Hijackthis and deleted (with help) various items.
Note: the above quote was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. * Now click the 'Done' button. * Click on the traffic light icon and OK the prompt. * You will be prompted to restart, click OK at the prompt and your PC should reboot, if not, reboot it yourself. * A log file from Avenger will be produced at C:\avenger.txt The Avenger will automatically do the following: * It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.) * On reboot, it will briefly open a black command window on your desktop, this is normal. * After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt * The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip. Please attach the C:\avenger.txt in your reply. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qqrajxig ******************* Script file located at: \??\C:\Program Files\uokymbqa.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Driver _wff unloaded successfully. File C:\WINDOWS\system32\drivers\_wff.sys deleted successfully. File C:\WINDOWS\system32\jjkmp.ini2 deleted successfully. File C:\WINDOWS\system32\jjkmp.bak2 deleted successfully. File C:\WINDOWS\system32\jjkmp.bak1 deleted successfully. Completed script processing. ******************* Finished! Terminate. :] Dankaaaaaa. Ohh and my anti-virus is turned on.... We are almost there! Please post one more HijackThis log. I will be working on a few more things that need attention, but they are easy.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:43:27 PM, on 11/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\analyze.exe\Analyze.exe.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 2432 bytes I have to go to work now, so I won't be able to reply as quickly as I have been but thank you! and yay! No problem, there will be some closing steps when you return. Thanks for the patience!!!!!Go to Start > Run and copy and paste next command in the field: ComboFix /u Make sure there's a space between Combofix and / Then hit Enter. This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again. ======= Stuff to delete: The Avenger C:\avenger.txt VundoFix C:\vundofix.txt ======= Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update Updating Java: * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. * Check for any item with Java Runtime Environment (JRE or J2SE) in the name. Java version is 1.4.2.3 <--Uninstall Java version is 1.5.0.3 <--Uninstall * Click the Remove or Change/Remove button. * Repeat as many times as necessary to remove each of the Java versions. * Reboot your computer once all Java components are removed. * Download the latest version of Java Runtime Environment (JRE) 6 * Click the Free Java Download button. * Click the Download Now button. * When the Software Installation dialog box opens. Click on the Install Now button. * Follow the prompts to complete installation. ======= You can keep ATF-Cleaner for a good scrubbing when needed, but it is a powerful cleaner so be sure you know what you are deleting. A good, safe daily drive and registry cleaner is CCleaner. Download CCleaner * Once CCleaner is open use the default options. * Click Analyze and it will show a log of what will be removed. * Next click Run Cleaner to remove everything. * Then on the upper left of CCleaner select the Registry tab. * Click Scan For Issues. * Then click Fix selected issues. * It will prompt you to make a backup. For the first run I would suggest doing so. * Exit the program and you are done. ======= I woulds also suggest having a look at this article by TONY Klein So how did I get infected in the first place? There are some great tips for improved security for everyone. Let us know if anything else pops up. Safe surfing..... |
|
| 1007. |
Solve : trojan can't be deleted, cleaned or quarantined?? |
|
Answer» Let me see...Much better, but we still have one bad guy: TALEX TROJAN I tried to delete it anywaysNEVER, EVER do anything, what you were not told to do, ESPECIALLY in Registry!!! Now... I said, navigate to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run You do this, in exact same way, as in Windows Explorer. In this case, you click on a "+" sign next to HKEY_CURRENT_USER. Then, you'll see SOFTWARE folder. Click on a "+" sign next to it. Now, you'll see Microsoft folder. Click on a "+" sign next to it. ...and so on, until you reach Run folder. Make sure, it's highlighted (if it's not, just left click on it - ONCE). Now look in right pane to see an entry, you're suppose to delete: RegScan %Windir%\Regscan.exe PLEASE, DON'T delete anything else. If entry is not there, write down what entries ARE there, and post back.hah wow i'm bad at this. anyways, i deleted the regscan entry, it wasn't in windows explorer, so i did the hjt scan and here it is: Logfile of Trend MICRO HijackThis v2.0.2 Scan saved at 8:56:44 PM, on 11/10/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\rundll.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Lexie\Desktop\HiJackThis.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\AOL\1126479238\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1126479238\ee\AOLServiceHost.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\System32\wuauclt.exeR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [Propel ACCELERATOR] "C:\Program Files\EarthLink TotalAccess\Accelerator\PropelAC.exe" O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126479238\ee\AOLHostManager.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O19 - User stylesheet: C:\Documents and Settings\Lexie\My Documents\blockneopetsads.css (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: rundll.exe - UNKNOWN owner - C:\WINDOWS\rundll.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 9814 bytes Quote i'm bad at this. anywaysYou'll be perfectly fine, if you follow instructions. Quote i deleted the regscan entryNice...you got the sucker! Quote it wasn't in windows explorerVery good!! Now, I'll take a look at your HJT log.Congratulations!!! Your HJT log is perfectly clean We killed together quiet a few suckers. Now, it's time for you to install Windows Service Pack 2, stay away from troubles, and report, that your computer is working fine. Good luck Go to add/remove programs and uninstall Java jre1.5.0_10 Then visit www.java.com to download the latest version jre1.6.0_3 Outdated Java is an entry point for malware. I woulds also suggest having a look at this article by Tony Klein So how did I get infected in the first place? Thanks broni, thank you so much. haha i can't imagine it was easy on your part. where do i install windows service pack 2? evilfantasy, should i uninstall everything having to do with java, or just jre.5.0_10? and thanks for your help. Updates can be downloaded at www.windowsupdate.microsoft.com First though, since you don't have SP2 I would strongly advise to run an online virus scan to be 100% sure there are no virus on the computer. If there is this can cause big problems. Use the ESET online scan http://www.eset.com/onlinescan/index.php If anything is found post the log from the scan found in C:\Program Files\EsetOnlineScanner\log.txt After getting the windows updates get the Java and delete everything but jre1.6.0_3 (Java (JRE) 6 update 3) Quote haha i can't imagine it was easy on your partAs long, as you follow instructions, not your imagination (LOL), especially with registry, I'll be fine |
|
| 1008. |
Solve : differences? |
|
Answer» know the differenceI realize, you're new here, and you're welcome aboard, but FORGET about those polls, for now...hehehe A program or PIECE of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. http://www.webopedia.com/TERM/T/Trojan_horse.html Quote A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious TYPES of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.In layman terms, Trojan doesn't destroy ANYTHING. It's like a bad guy, who has a key to your house, and keep your house door open for other bad guys, who want to destroy your house, or steal something from it.Basically...viruses are vampires, and trojans are the unsuspecting blondes that invite them in.LOL....nicely said... |
|
| 1009. |
Solve : So many issues and I don't know where to start...? |
|
Answer» Okay I have a Compaq Presario that will be 4 years old in January. I'm running WIndows XP with 756 MB RAM and an 80 GB hard drive. Everything was fine until yesterday. When I login to Ebay I get the following message |
|
| 1010. |
Solve : yahoo messenger problem..any help???? |
|
Answer» i can't see the MESSAGES from my friends.any idea?Did you try to click "Yes"? Quote from: Broni on October 11, 2007, 11:23:10 AM Did you try to click "Yes"? yes i did.but nothing happensDo you have the latest version of YIM? There were some security issues in EARLIER versions... Quote from: Broni on October 12, 2007, 10:38:03 AM Do you have the latest version of YIM? There were some security issues in earlier versions... I'm not sure if am using this latest issue.but if you have can you upload it sir??tiaLatest version (8.1) is here: http://messenger.yahoo.com/webmessengerpromo.phpHi,I think Im using this latest version.i've already tried to install older version,but this warning stuff keep on dispalying. ..I found something here: http://awbholdings.com/techwatch/?p=188: Quote Based on testing done in Windows XP SP2 with the latest version of Yahoo! Messenger (8.1.0.421) using the said DLL component, programs or Web sites using the CLSID related to the said DLL can download files from the Internet. Users can be lead to malicious/non-malicious sites that will first PROMPT for an ActiveX warning. When users allow the said ActiveX component to EXECUTE, FT60.DLL downloads files specified by the program or Web site. I'd advice you to download HijackThis from here: http://www.majorgeeks.com/download5554.html, and post its log at "Computer VIRUSES and Spyware". |
|
| 1011. |
Solve : Cannot run Trend's Online Virus Scan? |
|
Answer» O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" The HJT when ran shows all lines checkmarked everyone.It shouldn't be, but it's an easy fix. Click on "Config..." button, and remove checkmark next to "Mark everything found for fixing after scan". Quote Microsoft.WindowsSecurityCenter_disable dI explained this entry in my previous post. |
|
| 1012. |
Solve : Virus Yet again? |
|
Answer» Oh no. AFEW MINUTES ago the BSOD popped up again, randomly. I wasnt downloading anything... or doing anthyng. It just popped up..You could be having a hardware failure SOMEWHERE or some software conflict. The next time it happens Google the error NUMBER to SEE if you can find what it's related to.Alrighty... |
|
| 1013. |
Solve : stoned empire monkey.b? |
|
Answer» dell DIMENSION 4600 |
|
| 1014. |
Solve : Spyware & Viruses... Hijack log help please ;-)? |
|
Answer» EEK, Lost my place. If you need to see I can create an attachment. it exceeds the 20000 characters.I don't think I need to see the rest. Everything found was not a problem. Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates SITES on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to RUN on your computer. Also stop certain COOKIES from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.Thank you Evilfantasy. Computer is running great now. No problems at all today. I see the recommended tools that you included with your last post. I was going to ask you about the Malwarebytes, and or the Superspyware program to be used (Not at the same time) with Kaspersky 2009. I want to make it as simple as possible for the owner of this computer in the hopes that its kept up to date to avoid future infections.They can both be used along with Kaspersky. |
|
| 1015. |
Solve : Trouble, can someone read my HJT log?? |
|
Answer» Quote Sure you can take a closer look. I'm not sure what you MEAN by that.I can tell you, which programs you need as startups, and which not. Quote So basically you just look for anything that looks suspicious or that you don't recognize, then check it out? I guess after a while of doing that you become familiar with a lot of the basic problems.EXACTLY! It's mostly practice. Quote from: Broni on October 14, 2007, 12:30:55 PM QuoteOh ok. No THANKS, I already know. lol.Sure you can take a closer look. I'm not sure what you mean by that.I can tell you, which programs you need as startups, and which not. Thanks for all your help Broni. See ya AROUND...Sure THING |
|
| 1016. |
Solve : Kaspersky Anti Virus?? |
|
Answer» Currently I have been at my mate’s house vigorously tearing through his computer and adding programs to deal with different situations. (Currently I have installed SpyBot search and destroy, Windows Washer and Zone Alarm firewall.) When it came to anti virus my mate refused me to touch it. He stuck with his UNCLE's decision of Kaspersky anti virus, which I have never heard of. This and the fact that his computer is riddled with problems that is most likely caused by Virus’ makes me suspicious. Is it reliable and trustworthy? Does it have anything on AVG. Quite frankly I don't think it's doing its job and should be replaced immediately with AVG free. |
|
| 1017. |
Solve : yt8a.exe virus?? |
|
Answer» Hello everyone! Sorry for not following the guide at first as suggested. I have done so now, and my computer "feels" normal again (at least to the untrained eyes of a novice like myself)! It is running at full speed, the computer fan has stopped, and the browser no longer quits automatically when I come to this thread! Well, here are more details: 6. Hijack this wouldn't work for some reason. Then I saw you guys said to change the file name to sniper and then it worked again. Cool! Can someone explain why changing the file name worked? Anyway, attached is the new log. This is done by some infections. When they see that hijackthis.exe is running, they will either hide or CAUSE it to crash. It's a very popular tool when it comes to malware removal, so they know to look out for it. But when it's NAMED to something else such as sniper.exe, the infection doesn't know what it is, so it doesn't do anything. Does that make sense? In any case, your computer is looking quite a bit better, but there are still some things we need to take care of. The first thing I'm going to have you do is download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls. |
|
| 1018. |
Solve : Can't double click on drive letter? |
|
Answer» Hello All of you. |
|
| 1019. |
Solve : i got a virus? |
|
Answer» according to one of my other threads Broni said i had a virus. I RAN the scans and followed the steps. Here are my logs.
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis, run CCleaner and restart the computer. ---------- Run this online scan. This scanner requires Internet Explorer Use the ESET Nod32 Online Scanner 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. ADD the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. How is everything now?everything is back to normall thanks. I will be posting more logs soon because im helping out a friend and i scanned their computerIf you don't continue posting the requested logs we certainly won't be very willing to help with other issues. We volunteer our time but it is still work.ok and now that i have time. finally heres my last log file [Saving space - attachment deleted by admin]Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - SECURE your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1020. |
Solve : Blocking me from my own computer...? |
|
Answer» So I'm guessing I have a virus, trojan, whatever. Anyways, when i noticed some programs were being installed with out me installing them, I thought I'd do a system restore, but when I try to go to control panel, it says you've been blocked from this area. It's hard to understand since I'm the only person on this computer, meaning I'm the administrator with all control. So then I decided to do a virus scan, and I left it be for a while. When I came back, the scan was STOPPED at scanning 205 files so I though it was just slow; 10 minutes later, it's still there. So I decided I'd go to the website of that company, and it says the page won't load. All of the other websites I tried were, but not that. So I tried going to another virus scan website, Norton, and it wasn't loading either. So obviously something is up. The system is blocking me from myself, and I can't go on some SITES when they're not blocked and are working on other COMPUTERS. Is there a way I can overrun this problem by getting to system restore? Or atleast solving this at all? Thanks in advance... by the way, I have windows XP and started just out of random when my home page was changed, but I can't remember the last time I was on the web.Did you access this site from the very same computer, or you have another one? |
|
| 1021. |
Solve : About System Restore and Viruses? |
|
Answer» Does system restore help remove viruses ? Thanks for your time! I am doing a project about VIRUS and stuff. Any does ANYONE KNOW the future of virus ? Quote Does system restore help remove viruses ?No.Aww thanks, :S Quote from: tommy gusack on November 15, 2007, 09:10:00 PM Any does anyone know the future of virus ?New ones will be WRITTEN. stop mocking me The new ones will be worse than the old ones. Quote Does system restore help remove viruses ?What's more, if you had an infection, and it was cleaned up, you need to turn System Restore off, to delete all old Restore Points (which surely contain infected files), then turn System Restore BACK on. |
|
| 1022. |
Solve : I know. I'm an idiot. Help me anyway?? |
|
Answer» Well, here's the deal. I downloaded a PDF of the Anarchist's cookbook 2000. I have no violent intentions, i just wanted to know what's being MADE available to our garden variety psychos. |
|
| 1023. |
Solve : Big Problem!!!!!? |
|
Answer» Quote from: Broni on October 15, 2007, 12:19:27 PM QuoteNo you are not kidding , im sure you must be tired.You have no idea how tired im now.You think, I'm NOT tired?.....LOL....just kidding. Quote from: Broni on October 15, 2007, 12:19:27 PM QuoteI did that , no files there.though it says that Trojan DOWNLOADER is trying to execute somthing , i deny it.OPEN a-squared, look under Quarantine, and see, if there are any entries there. If so, get RID of them. Quote from: Broni on October 15, 2007, 12:19:27 PM QuoteMe too., since i havent recieved any trojans since i downloaded a-square , i think my comp is ok for now.Trojan remover shows my computer is CLEAN now.I hope, it'll stay that way. Quote from: Broni on October 15, 2007, 12:19:27 PM Good luck Thanks a lot for your help , first TIME ever my Virus problem has been almost solved, thanks a lot really , Im amazed you never gave up on my biiiiiig problem , thanks soooooooooooooooooooooo much.Hey, you are welcome My pleasure |
|
| 1024. |
Solve : Slow computer drivin me maaaadddd >:(? |
|
Answer» This last month my laptop started to get slower. It takes longer to start up. Also even when im not using it i can hear the hard disk working. I just ran HIJACK this and saved a log. Here it is : Also even when im not using it i can hear the hard disk working.Shut it down. Laptops get hot enough as it is. Heat can cause problems.You have a lot of startups, though. It MAY be another reason for your laptop slowing down. Let me see, which ones are necessary...*** With HijackThis, you should fix the FOLLOWING: - O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE (This Spyware is an event monitor. Realtek is using this program to obtain information about their customers.) *** In msconfig, you can safely "uncheck": - O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (unless, you really use it on daily basis) - O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (Touchpad configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel) - O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (unless, you use it often) (Toshiba Virtual Sound on a notebook. Can also be launched from Start -> Programs -> Toshiba -> Utilities) - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe ( CTFMon is involved with the language/alternative input services in Office XP. If you use it, leave it alone) - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (if you use MSN Messenger a whole day in, and out, leave it) What are your laptop specs, anyway?First of all thanks a lot for your interest Evilfantasy, i did a defragment and a disk cleanup. I dnt know exactly what the other 2 are... Can you explain a BIT please. Broni my laptop has a 2.2GHz Dual Core CPU, 1GB of ram and i am running windows XP PRo. I Dont think it should be this slow... Bdw, is F-Secure a reliable anti virus ?we here always use avg anti virus for virus protection and s&d as a spy ware protection, but i much more prefer using avira anti virus. http://free.grisoft.com/doc/5390/us/frt/0 http://www.safer-networking.org/ http://www.avira.com/en/download/index.html i agree with broni, reducing startup files making the pc much more faster, but remember to keep you antivirus and anti spy ware turn on.An anti spyware scan in every week (atleast) are good, using stinger or super anti spyware in safe mode. http://vil.nai.com/vil/stinger/ http://www.superantispyware.com/ Yes F-Secure is an excellent antivirus. Go to Start > Run type CHKDSK and cklick OK That will scan your disk for any errors and correct any that may be found. CCleaner http://www.ccleaner.com/download is a good, safe drive and registry cleaner. |
|
| 1025. |
Solve : Can I give my CC# to this site to search for my father?? |
|
Answer» http://www.people118.com/ Or is there a more secure site anyone can recomend for this PURPOSE? Thanks, MikeYou're trying to look for someone? What do you mean by Secure?I ran a search for myself at no charge. Are they asking you to pay for a background check? Quote from: Carbon Dudeoxide on October 27, 2008, 02:09:35 AM You're trying to look for someone? Yes, my father who none of the family has heard from in ~20 YEARS. This site shows that it has information about him but it charges $49.95 for complete information. But when I get to the page to enter my credit card # ect, I don't see the icon for a secure CONNECTION that I usually see when buying online VIA credit card. Quote from: Aegis on October 27, 2008, 02:14:56 AM I ran a search for myself at no charge. Are they asking you to pay for a background check?What site did you use. Thanks for the help, both of you! EDIT = correct quote mistakeBTW, I don't have my fathers SS number. All my papers from those days got burned in a house fire. I did run a check and got several addresses, but no dates, phone numbers, other contact info. Quote But when I get to the page to enter my credit card # ect, I don't see the icon for a secure connection that I usually see when buying online via credit card. Might be best to hold off for just a bit. There are other sites which offer the same services.I din't give them my secure information. Thanks! Anyone know a secure way for me to do this search?I've never USED this site beyond the free services, but this looks a bit better to me. http://www.intelius.com/people-search.htmlI saw that one and it claims to have more information, for more $, but I don't know if spending more $ with them will get me any more info than I already have. I guess I'll find out when I get another paycheck. Oh well. It's been 20 years, I guess I can wait another 2 weeks lol. Thanks again! MikeIn the meantime, try as many free sites as you can: white pages, on line directories, etc. -- you might just stumble into some information. |
|
| 1026. |
Solve : mljjh.dll? |
|
Answer» hello mljjh.dll do i need that file?? and if not how do i delete it or at LEAST get the virus out.. Thank you SmackieDownload, and run free "a-squared" from here: http://www.emsisoft.com/en/software/free/ It's a very good program, and I actually keep it as a startup, so it MONITORS my computer in real time. Be also prepared to post your HijackThis log here.I know this virus because it's a stubborn virus...Also I will copy another log file where they used Spybot and A-Sqaured to remove the virus.. http://forums.spybot.info/showthread.php?s=b07cdd2fd9541fd4aa2cd5e8db565225&t=7547Hi, To the best of my knowledge you have what's known as the Vundo virus and it's recommended you use the Vundo FIX to remove it and if that fails then DOWNLOAD and run VirtumundoBegone... |
|
| 1027. |
Solve : Any LOP Traces to remove?? |
|
Answer» Hey I'v been experiencing some weird things happening when i play some of my games online. I've experienced it before and have gotten rid of it with the help of you guys. Is there anything to remove from my log? |
|
| 1028. |
Solve : Mental Meltdown... Please Help...? |
|
Answer» When I tried to run CHKDSK /f it came up with a message which read... |
|
| 1029. |
Solve : Computer Wont Start in Normal mode, only Safe Mode. Spyware infection. Help plz!? |
|
Answer» everythings running just fine, HOWEVER i am still getting re-directed. i check on the other computers on my network, they also get re-directed (when i type in www.google.com). either this problem is isp related or somthings on my network?
After rebooting (restart) back into normal boot mode. Make sure you have all web browsers closed.
Click OK. This will open a command prompt. Type or copy and paste the following line in the command window: ipconfig /flushdns Hit Enter. Exit the command window. Restart your computer. Please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.404-not found error on both those links...Very strange. They worked earlier today... Do the second part of the instructions beginning with Go into Control Panel > Network Connections.i already had it set to "obtain DNS automatically" i did the ipconfig /flushdns. Restarted google.com still redirects to google.co.jp attached is the hijackthis log florian [Saving space - ATTACHMENT deleted by admin]Download HostsXpert
Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection. ---------- If that does not work. Delete all the google entries in your hosts file. For win xp, the file is under c:\windows\system32\drivers\etc Open the hosts file with notepad and remove all the google entries. Then in Notepad go to File > SaveThe program worked (it ran to completion) however i dont think it did anything cause its still being redirected.You will need to edit the Hosts file manually.i went to the host file and found no google entries.... [EDIT] theres only one ip listed and its my local host.When you get redirected is there an option that says Google in English? Click that if so and it should reset itself. Or go into your Google toolbar options (if you use the toolbar) and make sure it is set to English. It could also be related to which country setting you have: Open: Control Panel/Regional and Language Options or Run: Start / Run intl.cpl Double check the settings.its all writen in japanes, but i just clicked on all the links and one of them turned it to english, it still says "go to google japan" which it never did befor but my computers running fine so im guessing its not anything virus related? i also checked regional settings there set to Canada. [EDIT] I just cleared my cookies and it resets it to JAPANESE google. [/EDIT]I am really not sure what's going on. It's likely not virus related. Try posting in the Windows forum. Someone there might have seen this problem before and know how to fix it.ok ill try that, thank you very much for all the help on getting rid of my computer problems. man do i love this forum! Florian |
|
| 1030. |
Solve : Video stalls my browser permanently Hijack this log? |
|
Answer» Thank you very much for all of your help. That was actually kind of fun. I have NOTICED that you are shepherding quite a few lost sheep here. Is it justthat you enjoy helping or do you make a career of this?Nah....just a hobby...fell in LOVE with computers long TIME ago So do I still have an unknown virus that I NEED to figure out? Because youtube still crashes my browser and I can not turn on Automatic Updates.No, your trojan is gone, and this had to be done to start with. |
|
| 1031. |
Solve : and some more.... sorry? |
|
Answer» O4 - HKLM\..\Run: [LXCJCATS] RUNDLL32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,[email protected] |
|
| 1032. |
Solve : my antiquated Windows ME needs virus protection? |
|
Answer» HI, my first post here. We still have an old computer down in the basement which runs like a charm but I noticed last night, there is no virus protection. I've searched online and LOOKED at various products and for system requirements, they are not listing Windows ME. (I did read the memo that as of 7/11/06, microsoft no longer supports ME.) Does the description of new virus software have to say it will support ME or will it automatically support it?. Do you have any suggestions? We have a 1 year old computer upstairs, so I am with this century, somewhat. We use Symantec and like it. Should I take a hammer to the ME's hard DRIVE and call it a day? Can you believe I used it faithfully for 6 years and it still runs?Welcome on board Quote Can you believe I used it faithfully for 6 years and it still runs?If you take care of it, it'll run for 6 more years. I got 8 years old with Win 2K on it, and after heavy use, it still runs like a champ Quote We use Symantec and like it.I assume, you use Norton on your new computer, because you don't want to run TWO antivirus programs on the same computer??? Free AVG antivirus is compatible with all Windows since Win98, so it'll work with your ME: http://free.grisoft.com/ Quote from: Broni on October 15, 2007, 11:38:12 AM Welcome on board Hi and thanks for your fast reply. Symantec is on my new computer upstairs. The windows ME downstairs has no protection. My question is, will virus protection software run on it (ME) if the system requirements do not specify that it supports windows ME? If yes, I might BUY another copy of Symantec (norton) for downstairs. * Some older operating systems such as Microsoft Windows ME, Microsoft Windows NT and Microsoft Windows 98 will only be supported until August 2008 as a minimum.green_thumb: You asked "...will virus protection software run on it (ME) if the system requirements do not specify that it supports windows ME?". The answer is no. Find an anti-virus program that stills lists Win ME as one of the supported operating systems. It's at LEAST a six year old system (using 2001 technology?), so its probably not the bigest badest fastest system around. On top of that, WinMe and the other Win9x operating systems are limited by "system resources (user and GDI)" not memory. The system designers only allowed a fixed amount of buffer space to support windows displays and dialog boxes. If these dip too low, as they will if you're running too many programs concurrently, your system will hang. The WinNT line (WinNT, Win2000, WinXP) and Vista do not have this limitation. You want an anti-virus program that is light on system resources and designed to be compatible with Win9x/WinME. If the system is for your personal home non-commercial use the following "free" versions will work well on your system: o AVG Free Edition 7.5 Build 488a1157 o Avast! Home Edition 4.7.1043 o ClamWin Free Antivirus 0.91.2 (file scanner only, but free for all uses) The first one "AVG Anti-Virus Free Edition" was also recommended by Broni and is a popular choice for older Windows operating systems. You can find links to all three and many others in the Anti-Virus section of the "MajorGeeks" download web site: http://www.majorgeeks.com/downloads29.html You didn't say what kind of system you have; how you wish to use it (personal or commercial); or whether it will be connected to the internet either directly or indirectly. If you're going to access the internet from that system you should add some protection against adware, malware, spyware, trojans, and any other bad boys you can think of. This protection should also include a firewall. I prefer separate programs for anti-virus, anti-malware, and firewall protection. I subscribe to the theory that no one software company is going to be the best in all three categories; so I prefer separate programs for each category rather than an integrated security suite. But you only asked about anti-virus... |
|
| 1033. |
Solve : Autoplay Autoplay HiJack This? |
|
Answer» Ok...Done all that except when I tried to uninstall Internet Expedition a message box appeared. |
|
| 1034. |
Solve : removal of virusscanner. it sounds weird, but help wanted anyway? |
Answer»
Let me know if you have any questions. ---------- 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) PUT a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on BUSINESS practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. ALSO stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. |
|
| 1035. |
Solve : Task Manger won't run, Home Page Hi-jacked by Microsoft?!!!? |
|
Answer» No it still won' allow me Try changing it to none...re-boot a few times then try to change it towhich one you want. |
|
| 1036. |
Solve : Win32: Lmir - PG {RTK}? |
|
Answer» Sorted!!! |
|
| 1037. |
Solve : To many programs running at start-up?? |
|
Answer» Which of the programs in my HJT log can disable from starting automatically?
Anything not listed in StartUp Lite needs to be determined by you if it needs to run at startup or not. MSCONFIG is primarily meant to be used for troubleshooting only. A good startup manager is http://www.majorgeeks.com/StartUp_d4436.html Run it, right click anything you don't want running at startup and choose Remove.jugalboro , thanks, but I am familiar with msconfig, I just have a problem figuring out - 1, which programs the abbreviations used on some of the entries are referring to, and -2, if those particular programs are actually needed or not for my SYSTEM to run as usual without me having to figure out how to open what I need if it's not running. Thanks for your help!!! Quote from: evilfantasy on October 26, 2008, 11:36:29 PM StartupLiteThanks once again evilfantasy!!! That works great. It disabled several programs on start-up that I didn't even realize were running, and non of them is needed for what I normally used. You have once again proven to be an excellent help for me and I very much appreciate it. Hat's of to you and CHF. :) BTW: I still use Malwarebytes full version and am very satisfied. Thanks for recommending it to me. ;) As far as the start-up manager program: http://www.majorgeeks.com/StartUp_d4436.html it's just about as confusing to me as msconfig, but it's good to have for dissabling what I do know I don't want running. Thanks for the link! |
|
| 1038. |
Solve : Firewall Leak Test? |
|
Answer» Vista here, Vista firewall enabled + router The Windows XP built-in firewall: As I said, I'm on Vista, but it looks like I have same problem. In this case, I'll seriously consider shutting down Vista's firewall, and installing Comodo. What do you guys think? There are more test at that site, so I'm going back there to do more tests. Quote from: Broni on October 14, 2007, 01:37:56 PM In this case, I'll seriously consider shutting down Vista's firewall, and installing Comodo.I think that's a great idea! So you weren't prompted by the Vista Firewall that Leaktest was attempting to access the internet?Well, it looks like Vista firewall: Quote does not attempt to manage or restrict outbound connections at allSame as XP.The new Vista firewall was suppose to restrict outbound traffic, apparently it doesn't. Good question. Let me check. I'm still only 1 month "old" with Vista, so I keep discovering new things.I think, I'm getting ready for Comodo... As I can read here: http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/ Quote Also like Windows XP, Windows Vista by default allows all outbound traffic and to do something about it: Quote The big difference between Windows XP and Windows Vista is the new Advanced Security interface and full GROUP Policy support for configuration and rules Since in my Home Premium I don't have an access to Group Policy, I'm ready to say "bye, bye" to Vista's firewall. Oh, well good ole M$. I'm just in a process of testing Vista's firewall, and posting results at my web page... If anyone interested, feel FREE to check it out: HEREOK... After running bunch of tests (link above), I was REALLY disappointed with Vista firewall performance. So, I did some research, visiting several firewall rating sites, and more, or less, on average, situation looks like this: Among free firwalls, basically, I have two CHOICES: Comodo (not compatible with Vista, yet...I signed up to be informed, when they are ready), and "PC Tools Firewall Plus" (compatible with Vista). So, right now, I'm gonna shut Vista firewall down, install PC Tools Firewall, and wait for Comodo. I'm done.Try jetico...ready for Vista. Scored in the top 3 in the last firewall leaktest i read which included free and paid programs.Hey, thanks...On some other page, I've read, that they are not ready yet for Vista, but I'll check. I temporary installed "PC Tools Firewalls", waiting for Comodo. Better, then crappy Windows firewall. I mean PC Tools. I'll go to Jetico to check it out.Unfortunatelly, only paid version is compatible with Vista: plus, free version is way behind paid oneI've dashed a message off to them...i've been recommending them for awhile now. Don't know if this will produce any rapid results though... |
|
| 1039. |
Solve : Rundll Error - HiJackThis Included? |
| Answer» RIGHT clik each icon in the tray AREA and SELECT Exit.Blah, STILL nothing. | |
| 1040. |
Solve : certficate? |
|
Answer» I have a laptop,purchased in Aug.07.The last two days I am having problems getting into my security sites. |
|
| 1041. |
Solve : desktop background/icon picture and other problems from unkown virus or somethin? |
|
Answer» Hello people
---------- Spyware Doctor's OnGuard protective functionality may interfere with certain HijackThis fixes we need to make. Please follow these instructions to disable it. To deactivate Spyware Doctor's OnGuard Tools
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus protection when ComboFix is complete. |
|
| 1042. |
Solve : Help! Mal/DownLdr-O? |
|
Answer» I currently have a Dell computer running on XP. I don't know much about computers at all so your help would be awesome! My antivirus is webroot spy SWEEPER and about 2 days ago I ran a sweep and this came up: Mal/DownLdr-O and the sweep listed it as behavioral? So I tried to quarantine it but the quarantine failed. This is the session log: My antivirus is webroot spy sweeperWebroot offers several products, and if you just have "Spy Sweeper", it's not an antivirus PROGRAM. It's antispyware program. Webroot offers also "Webroot AntiVirus with AntiSpyware & Firewall", and then you do have antivirus program, and a firewall (available also separately). Which one do you have, or rephrasing, do you have a real antivirus protection? |
|
| 1043. |
Solve : The Sims Makin' Magic debugger detected? |
|
Answer» um...im completely computer illiterate. when i try to start my GAME a message pops up saying a debugger detected remove it. how should i do it?Welcome ABOARD |
|
| 1044. |
Solve : tr/crypt.xpack.gen trojan and worm/autorun.blw worm? |
|
Answer» here are the 3 logs
---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator
Note that your system will run slower for a reboot or two after having used this tool so don't panic. Important: Restart the computer before continuing. ---------- Final steps. Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.hey thanks for all the thing you advice, pls help me again.. i have 10 to 20 more computers that are infected of this Trojan and 1 more laptop infected of this two virus... thanks again and more power ill post later or maybe the next day the logs from the laptop that i mentioned... Quote i have 10 to 20 more computers that are infected of this Trojan and 1 more laptop infected of this two virus This web site and the helpers are here to assist home users with common PC problems and we are in no way ready to replace an IT department which is who you need to maintain all of those computers. to everyone, hmmm... i want to ask SOMETHING... is there any way of manual deleting of this tr/crypt.xpack.gen? like using command prompt or dos command.. if you know some thing... pls teach me how.. and pls i want an effective solution... thanks Do a Format and clean install on all 20 machines...Post back with the results.is ther any other way, formating may cause file missing or corupt. even i backup files |
|
| 1045. |
Solve : blaster worm?? |
|
Answer» O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE This is Realtek tool, which most people consider as a spyware (collects data). On the other hand, there are some reports, that some people were having problem with Realtek's on-board sound chip performance. I'd remove it. If something wrong with sound, we'll know where to look.Sorry late replying. I am using realtek media player and wanadoo is my ISP so do i still need to delete the following entries or will it cause these programs not to run properly? O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm Have run spybot and pc is clean according to that. I have had several blue screens since last post and they are giving me different error messages each time. I have now had: DRIVER IRQL NOT LESS OR EQUAL MEMORY-MANAGEMENT WIN32K.SYS BAD POOL HEADER Also all of my bookmarks/favourites have disappeared for some reason. Event VIEWER showing tons of different error messages. I have run windows memory diagnostic tool and it shows no errors. Can someone tell me how to find and post my bug check files please? I have searched for my debug.log file but all i can find is a notepad which is empty! Leave those two entries alone. Your problem looks more like hardware, or bad driver problem. I'd advice you to make a fresh post under "Hardware", so we can start fresh. Before you do so, try couple more things: - remove your RAM, and clean CONNECTORS with eraser (MAKE SURE, YOU GROUND YOURSELF, FIRST) - Can you boot to Safe MODE?Yes, can get into safe mode and it doesnt blue screen then but i get error messages telling me that random programs need to close. For some reason there was 3 browsers on pc when i had it. Have been using firefox but it stopped working yesterday (all my favourites disappeared and then the icon wasn't clickable.) So I uninstalled firefox and I have been using opera since then and amazingly, pc hasnt bluescreened once! Is there a KNOWN issue with firefox? Or the fact there was 3 browsers on pc? Will let you know if it happens again but so far so good! Just tried browsing with explorer and GOT a nasty bluescreen within 30minutes. Back using opera again . Normally, you can have as many browsers, as you wish. They shouldn't interfere with each other. Did you try that memory stick(s) cleaning? It would be worth to totally uninstall Firefox. Instructions here: http://kb.mozillazine.org/Uninstalling_Firefox Then, install a fresh copy. |
|
| 1046. |
Solve : MSN messenger virus removal help? |
|
Answer» hi i need HELP in removing a virus or something that i got from accpting a file that said something like"remeber when i had hair like this" but i cant remeber exactly, and also the message said "my friend took this funny picture of me" it was a zip file and it had the word photoshop in the name and when i clicked it i couldnt move my mouse and the my contact boxes were opening and closing one by one very fast and i had no control over anything...i took the battery out and put it back in and then i uninstalled msn messenger, after i installed it again everything was FINE and after 30mins the samething happened...now i have msn uninstalled and that file deleted..... |
|
| 1047. |
Solve : deskpan.dll is missing and do I really need it since my xp Pro works? |
|
Answer» I ran Sysinternals Autoruns and in the RESULT was deskpan.dll was missing and since it was missing I unchecked it. I did a Google search but the answer to my, I admit, small plight was inconclusive. I discovered that it is a Microsoft file, what it did, but not if it was really needed. Part of Microsoft Windows Operating System Must be some bull, because, if you go to MS dlls site, it's not listed there as Micro$oft file: http://support.microsoft.com/dllhelp/?dlltype=file&l=55&alpha=deskpan.dll&S=1&x=18&y=10Patio, I am senile. Of COURSE that is the way to do it. But I am not GETTING any error messages; I didn't see any errors in Application or System event viewers. Apparently I dont need it. My primary computer runs superbly. My Mac has hung up more this year. |
|
| 1048. |
Solve : Virus Infection: Exploit.Java.Gimsh.b? |
|
Answer» Thanks for taking over, evilfantasy. I didn't get a chance to provide AMPLE warning of my leave. Things have been hectic (again!), so he was probably in better HANDS with you anyway. |
|
| 1049. |
Solve : TROJAN HORSE FOUND BY AVG? |
|
Answer» hello
Your HJT file is on a temporary place on your computer. The program makes backups which could easily be lost if HJT isn't somewhere more permanent. Go to the file ... C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QVQJDR8X\HijackThis[1].exe ....and drag & drop it directly on to your main hard drive. All those 018 entires are form Logitech Desktop Messenger. It clogs up the machine. Best advice is to remove / uninstall that program and fix all this 018 entries with HJT thus ... Turn off Windows Defender and Spybot's TeaTimer application as they could hinder HJT's fixing process. Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to this entry IF it's STILL present .... O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) AND all those 018 entries IF still present. Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window. When this is all done re-activate Defender and Spybot's resident TeaTimer protection. Post a fresh HJT log with an update on how the computer is behaving now. OJOddjob, Should i do the HJT scan wtih the new version, from the link you provided, post the log for you to see in case any thing has been missed or continue with the old one which is lying in the temp folder? thanks The Saint.Follow oddjob's steps after moving/re-downloading HijackThis to a permanent location (such as C:\Program Files\HJT). The temp folder is a temporary location. If HijackThis stays in there, it will eventually get deleted and so will its backups, which are important to have. So, put the program in a permanent location and then run it from there. You may then safely follow his instructions. |
|
| 1050. |
Solve : CA Security Says clean but pc keeps freezing..? |
|
Answer» I TOTALLY agree with patio, so I'd RATHER not proceed here any further.Nevermind. I fixed it myself. |
|