Thread: Urgent Help!!!
View Single Post
Old 08-04-2008, 10:46 AM   #4 (permalink)
Angelfire777
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: Urgent Help!!!
Hi,

I don't see malware from your logs.. most of it are just leftovers..

I see you have P2P software ( Azureus Vuze, LimeWire 4.18.3 ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> add/remove programs

If you decided to uninstall them, also delete these Folders if they still exist:

C:\Program Files\Azureus
C:\Program Files\LimeWire
_________

While both Tea timer and SpyBot are closed
Right click here and click save link as
Save it as resetteatimer.bat to your desktop
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
  • Restart your computer.
Double click on resetteatimer.bat and wait for it to finish

Since it will not be needed again delete ResetTeaTimer.bat.

You may turn the Tea timer back on via SpyBots' tools> resident page when your computer is clean.

Note: If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
__________

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B86BB4AC-023E-02CD-45F5-71E29F7277E3} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -

Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.


*click start > run > copy and paste:

sc delete mdxgthkn

press enter.

sc delete Ethernet Service

press enter.


*Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^smss.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Srro]
Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
___________

Configure your machine to view hidden files:

Windows XP
  • Click Start.
  • Open My Computer..
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the "Hidden files and folders" heading select Show hidden files and folders.
  • Uncheck the Hide Protected Operating System Files Option.
  • Click Yes to confirm.
  • Click OK.

Delete these files if they exist:

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\smss.lnk
C:\WINDOWS\pss\smss.lnk

and this folder:

C:\PROGRAm files\SKS~1\ << the folder's name starts with sks
___________

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.


Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

On your next reply, please include a
  • Fresh HijackThis log.
  • kaspersky scan log
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline