Tech Support Forum - View Single Post

**chemist** · 06-19-2008, 10:08 AM

Hello kiranaus.

Please go to: VirusTotal

On the page you'll find a Browse button.
Next to the Browse button you'll see a box to enter text.
Please copy/paste the following bolded text into the box:

C:\WINDOWS\CYK51.tmp
Then click the Send File button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

------------------------------------------------------

Open Notepad and copy/paste the following text in the codebox below, into Notepad:

Code:

@echo off
for %%g in (
"C:\WINDOWS\CYK51.tmp"
"C:\WINDOWS\CYK125.tmp"
) do zip Files_for_submission %%g
del %0

Save this as submit.bat Choose to "Save type as - All Files" and save it to your desktop. Close the file.
It should look like this:

Double-click on submit.bat to run it. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved.

Please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 and include this link in the message->>http://www.techsupportforum.com/security-center/hijackthis-log-help/257721-possible-malware-issue.html

------------------------------------------------------

Try fixing those entries in HijackThis just as before:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Please remember to close all other windows, including browsers then click Fix checked.

Click Scan and then Save log and post the HijackThis log in your next reply.

------------------------------------------------------

Please post the following in your next reply:

VirusTotal results
new HijackThis log

06-19-2008, 10:08 AM	#23 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,567 OS: XP SP3	Re: Possible Malware Issue Hello kiranaus. Please go to: VirusTotal On the page you'll find a Browse button. Next to the Browse button you'll see a box to enter text. Please copy/paste the following bolded text into the box: C:\WINDOWS\CYK51.tmp Then click the Send File button just below. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. ------------------------------------------------------ Open Notepad and copy/paste the following text in the codebox below, into Notepad: Code: @echo off for %%g in ( "C:\WINDOWS\CYK51.tmp" "C:\WINDOWS\CYK125.tmp" ) do zip Files_for_submission %%g del %0 Save this as submit.bat Choose to "Save type as - All Files" and save it to your desktop. Close the file. It should look like this: Double-click on submit.bat to run it. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved. Please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 and include this link in the message->>http://www.techsupportforum.com/security-center/hijackthis-log-help/257721-possible-malware-issue.html ------------------------------------------------------ Try fixing those entries in HijackThis just as before: Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone Please remember to close all other windows, including browsers then click Fix checked. Click Scan and then Save log and post the HijackThis log in your next reply. ------------------------------------------------------ Please post the following in your next reply: VirusTotal results new HijackThis log __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE