Tech Support Forum - View Single Post

**Angelfire777** · 06-12-2008, 06:56 PM

Hi,

Here are some programs that I recommend you uninstall from your system.

BitTorrent 5.0.9
eMule
LimeWire 4.16.7
WinMX
These programs are very likely the reason your system is infested with malware. Even when programs like these are not infected themselves, they will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove these programs from your system.

MediaBar 2.0 (iMesh)
http://research.sunbelt-software.com...&threatid=6994

LiveUpdate 3.0 (Symantec Corporation)
That one should be a leftover from a Norton installation.

Dogpile Toolbar (remove only)
http://www.symantec.com/security_res...554-99&tabid=1

RegCure 1.5.0.1
Registry Medic 5.0
Registry cleaners usually do more bad than good. I do not recommend such products in a compter. They won't help speed things up or fix things up.
Read this thread for more info: http://aumha.net/viewtopic.php?t=28099

torrents.to Toolbar
info here: http://www.castlecops.com/clsid-44070.html

*If you choose to remove those optionals, click start > control panel > add or remove programs > uninstall the optionals.

*Delete the following folders if you uninstalled their corresponding programs:

C:\Program Files\BitTorrent
C:\Program Files\LimeWire
C:\Program Files\eMule
C:\Program Files\DogpileToolbar
C:\Program Files\iMesh Applications
C:\Program Files\torrents.to
C:\Program Files\RegCure
C:\Program Files\Registry Medic
C:\Program Files\Symantec
C:\Program Files\WinMX
__________

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Scan only" > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O8 - Extra context menu item: &Search - ?p=ZK

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
__________

Please do an online scan with Kaspersky WebScanner

Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________

I would like you to scan a file for me.

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\drivers\kmxcfg.u2k6

Then click submit.

Do the same for these files:

C:\WINDOWS\system32\gpprefcl.dll
C:\WINDOWS\system32\044207A223.dll

Please post the results to your next reply.

If Jotti is too busy, you can go HERE and do the same as above.
__________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.

Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Then download Java Runtime Environment 6u6, and install it to your computer.

On your next reply, please include a

Fresh HijackThis log (not dss log)
kaspersky scan log
jotti scan results

06-12-2008, 06:56 PM	#8 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 4,580 OS: Vista	Re: Higlieder Trojan Hi, Here are some programs that I recommend you uninstall from your system. BitTorrent 5.0.9 eMule LimeWire 4.16.7 WinMX These programs are very likely the reason your system is infested with malware. Even when programs like these are not infected themselves, they will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove these programs from your system. MediaBar 2.0 (iMesh) http://research.sunbelt-software.com...&threatid=6994 LiveUpdate 3.0 (Symantec Corporation) That one should be a leftover from a Norton installation. Dogpile Toolbar (remove only) http://www.symantec.com/security_res...554-99&tabid=1 RegCure 1.5.0.1 Registry Medic 5.0 Registry cleaners usually do more bad than good. I do not recommend such products in a compter. They won't help speed things up or fix things up. Read this thread for more info: http://aumha.net/viewtopic.php?t=28099 torrents.to Toolbar info here: http://www.castlecops.com/clsid-44070.html If you choose to remove those optionals, click start > control panel > add or remove programs > uninstall the optionals. Delete the following folders if you uninstalled their corresponding programs: C:\Program Files\BitTorrent C:\Program Files\LimeWire C:\Program Files\eMule C:\Program Files\DogpileToolbar C:\Program Files\iMesh Applications C:\Program Files\torrents.to C:\Program Files\RegCure C:\Program Files\Registry Medic C:\Program Files\Symantec C:\Program Files\WinMX __________ Please click Here to download HijackThis to your desktop. Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install. It will be installed by default here: C:\Program Files\Trend Micro\HijackThis A shortcut to the application will also be placed on your Desktop. The program will open automatically after installation. You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder. Click on "Scan only" > Place a checkmark in the boxes beside these entries in bold. O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O8 - Extra context menu item: &Search - ?p=ZK Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis. __________ Please do an online scan with Kaspersky WebScanner Warning: If you had kaspersky online scanner installed before 10-5-2007, please uninstall it as kaspersky released a new version. Previous version had a serious flaw which could result in a buffer overflow. You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. __________ I would like you to scan a file for me. Please go HERE. Copy and paste the following file path in to the box. C:\WINDOWS\system32\drivers\kmxcfg.u2k6 Then click submit. Do the same for these files: C:\WINDOWS\system32\gpprefcl.dll C:\WINDOWS\system32\044207A223.dll Please post the results to your next reply. If Jotti is too busy, you can go HERE and do the same as above. __________ Your Java is out of date.... Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components. Click Start > Control Panel Click Add/Remove Programs Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove button. Repeat as many times as necessary to remove all versions of Java. Reboot your computer once all Java components are removed. Then download Java Runtime Environment 6u6, and install it to your computer. On your next reply, please include a Fresh HijackThis log (not dss log) kaspersky scan log jotti scan results __________________ UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.