Tech Support Forum - View Single Post

tinag · 04-23-2005, 08:11 AM

Hi again.

Yes, I think we have made progress. Your HJT log is cleaner and it looks like a hidden bad guy has come out into the open. Let's take another swipe.

Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it.

I'm going to have you download and run a couple of Trojan scanners now. We could wait for the next round to see if they're necessary, but I know you've been frustrated with this machine for a long time, and I think this will speed up the process a little.

Download TDS-3, and learn how to use it here. Make sure to update it after installing it -- get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Then choose System Testing on the menu and choose Full System Scan. When that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, they will be listed in the bottom window. Please copy and paste that here also if it applies.

Download Mwav virus checker -- use link 3.
Before running this tool, please empty any Quarantine folder in your antivirus programs, and if you use Spybot, purge all recovery items in the program.
1. Save the tool to a folder.
2. Reboot into Safe Mode: restart it and then repeatedly tap the F8 key until the menu appears, then select Safe Mode.
3. Double-click the Mwav.exe file. This is a standalone tool and NOT just a virus checker, so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. NOTE: If you see a prompt that a virus was found and you need to purchase the product to remove the malware, just close the prompt and let the tool continue scanning. We are not going to use this to remove anything, only to ID the bad files.
5. When it is completed, it will display anything found in the lower pane.
6. In the Virus Log Information Pane, left-click and highlight all the information in the Lower pane. Then use CTRL and C on your keyboard to copy everything found in the lower pane, open a new Notepad file, and paste it in. Then save the Notepad file.
7. Copy the saved information into your next post.

Open HijackThis. Click Config > Misc. Tools > Open process manager. If it still exists -- and it might not -- select the following item and click Kill process:

C:\WINDOWS\system32\conime.exe

Open Hijack This and click Scan. If it still exists -- and it might not -- check the following entry:

R3 - Default URLSearchHook is missing

Please close all other windows, including browsers, then click Fix checked.

If it still exists, delete this file: C:\WINDOWS\system32\conime.exe

Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes.

Reboot into normal mode.

In your next post, please include:
a fresh HijackThis log,
the details on the TTI_V6_LE program if you haven't already provided them,
and the logs from Mwav and TDS-3.

04-23-2005, 08:11 AM	#8 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Hi again. Yes, I think we have made progress. Your HJT log is cleaner and it looks like a hidden bad guy has come out into the open. Let's take another swipe. Before proceeding, please print this page or copy it to Notepad to help you carry out the instructions. If you have questions about any instruction, please ask before performing it. I'm going to have you download and run a couple of Trojan scanners now. We could wait for the next round to see if they're necessary, but I know you've been frustrated with this machine for a long time, and I think this will speed up the process a little. Download TDS-3, and learn how to use it here. Make sure to update it after installing it -- get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Then choose System Testing on the menu and choose Full System Scan. When that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, they will be listed in the bottom window. Please copy and paste that here also if it applies. Download Mwav virus checker -- use link 3. Before running this tool, please empty any Quarantine folder in your antivirus programs, and if you use Spybot, purge all recovery items in the program. 1. Save the tool to a folder. 2. Reboot into Safe Mode: restart it and then repeatedly tap the F8 key until the menu appears, then select Safe Mode. 3. Double-click the Mwav.exe file. This is a standalone tool and NOT just a virus checker, so it won't install anything. 4. Select all local drives, scan all files, and press SCAN. NOTE: If you see a prompt that a virus was found and you need to purchase the product to remove the malware, just close the prompt and let the tool continue scanning. We are not going to use this to remove anything, only to ID the bad files. 5. When it is completed, it will display anything found in the lower pane. 6. In the Virus Log Information Pane, left-click and highlight all the information in the Lower pane. Then use CTRL and C on your keyboard to copy everything found in the lower pane, open a new Notepad file, and paste it in. Then save the Notepad file. 7. Copy the saved information into your next post. Open HijackThis. Click Config > Misc. Tools > Open process manager. If it still exists -- and it might not -- select the following item and click Kill process: C:\WINDOWS\system32\conime.exe Open Hijack This and click Scan. If it still exists -- and it might not -- check the following entry: R3 - Default URLSearchHook is missing *Please close all other windows, including browsers, then click Fix checked.* If it still exists, delete this file: C:\WINDOWS\system32\conime.exe Run CleanUp! and click the CleanUp! button. When it asks whether you want to log off, click Yes. Reboot into normal mode. In your next post, please include: a fresh HijackThis log, the details on the TTI_V6_LE program if you haven't already provided them, and the logs from Mwav and TDS-3. __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!