Tech Support Forum - View Single Post

forhockey · 10-13-2007, 10:23 PM

Hi and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Download combofix from here

**Save it directly to your desktop**

Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall

A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply.

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

DO NOT run SDFix yet. We will shortly

--------------------------------------------------------------

Enter Safe Mode

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8
Instead of Windows loading as normal, a menu should appear
Use the up arrow key to highlight Safe Mode and press Enter.
Login with your usual account
Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Run SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Paste the contents of the Report.txt back on the forum

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

--------------------------------------------------------------

Please reply back with the following logs:

C:\ComboFix.txt
C:\SDFix\report.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please

10-13-2007, 10:23 PM	#2 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: HijackThis Thread Hi and welcome to TSF. Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- Download combofix from here Save it directly to your desktop Go to -> Run -> paste in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply. Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to C:\SDFix DO NOT run SDFix yet. We will shortly -------------------------------------------------------------- Enter Safe Mode Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 Instead of Windows loading as normal, a menu should appear Use the up arrow key to highlight Safe Mode and press Enter. Login with your usual account Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. -------------------------------------------------------------- Run SDFix Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt Paste the contents of the Report.txt back on the forum -------------------------------------------------------------- Restart your computer in Normal Mode -------------------------------------------------------------- Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. -------------------------------------------------------------- Please reply back with the following logs: C:\ComboFix.txt C:\SDFix\report.txt C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt - Attached please __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum