Tech Support Forum - View Single Post

sUBs · 07-18-2005, 03:07 PM

Allright ...let's clear the System Volume Information folder in this round.

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

It appears that some are fresh infections. Have you installed those tools I recommended to you? If not done, I want you to do it now.

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard to catch and block spyware before it can execute.
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

I have attached another file with this post - regdel.txt
Download it & rename it "regdel.reg" (inclusive of the quotes)
Double-click on it & answer YES when prompted to merge into the Registry

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HiJackThis & Fix this entry :

O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D6144-A420-4CC0-97EC-9F10E668DB9D}: NameServer = 69.50.188.180 85.255.112.5

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run KillBox & paste the following locations into KillBox one at a time:

C:\WINDOWS\system32\mnooi.dll

Checkmark the following boxes :
- Delete on Reboot
- Unregister DLL (If available)
Click the RED X button
Answer YES when asked to confirm file deletion

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT

I would also like you to install another program - Spybot Search & Destroy. These programs will help prevent new infections.

After you have installed it, Click on the Search for Updates button. Install any updates that are available.
Go to the Mode menu and choose Advanced Mode.
Next click on Immunize to your left.
In the ensuing window, Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update.
Click on the 'Spybot-S&D' option on the top left to go back to the main screen.
Click on the Check for Problems button. Let it run the scan.
If it finds something, Select all those in RED and hit the Fix Selected Problems button.
Exit Spybot.

If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Now let's do something I dont particularly enjoy. I would like you do some deep scans on your machine.

Generate a Startup list by going to HiJackThis>Config> Misc Tools
Tick List also minor sections (full)
Click on the Generate StartupList log

========

Download SilentRunners.vbs - Right click & choose Save As... Save it as SilentRunners.vbs to Desktop.

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts
Double-click SilentRunners.vbs to run it. This will take a few minutes.
When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.

========

Download StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:

HiJackThis
Silent Runner
StartDreck
StartUpList

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

07-18-2005, 03:07 PM	#24 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,480 OS: N/A	Allright ...let's clear the System Volume Information folder in this round. click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK It appears that some are fresh infections. Have you installed those tools I recommended to you? If not done, I want you to do it now. SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. I have attached another file with this post - regdel.txt Download it & rename it "regdel.reg" (inclusive of the quotes) Double-click on it & answer YES when prompted to merge into the Registry = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run a scan with HiJackThis & Fix this entry : O17 - HKLM\System\CCS\Services\Tcpip\..\{D74D6144-A420-4CC0-97EC-9F10E668DB9D}: NameServer = 69.50.188.180 85.255.112.5 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run KillBox & paste the following locations into KillBox one at a time: C:\WINDOWS\system32\mnooi.dll Checkmark the following boxes : Delete on Reboot End Explorer Shell While Killing File Unregister DLL (If available) Click the RED X button Answer YES when asked to confirm file deletion = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT I would also like you to install another program - Spybot Search & Destroy. These programs will help prevent new infections. After you have installed it, Click on the Search for Updates button. Install any updates that are available. Go to the Mode menu and choose Advanced Mode. Next click on Immunize to your left. In the ensuing window, Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update. Click on the 'Spybot-S&D' option on the top left to go back to the main screen. Click on the Check for Problems button. Let it run the scan. If it finds something, Select all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Now let's do something I dont particularly enjoy. I would like you do some deep scans on your machine. Generate a Startup list by going to HiJackThis>Config> Misc Tools Tick List also minor sections (full) Click on the Generate StartupList log ======== Download SilentRunners.vbs - Right click & choose Save As... Save it as SilentRunners.vbs to Desktop. Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts Double-click SilentRunners.vbs to run it. This will take a few minutes. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply. ======== Download StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'mark all' Uncheck the following boxes only: System/Running Process -> List Modules System/Drivers -> NT Services System/Drivers -> NT Kernel- and FS-drivers Press 'OK' Press 'Save' and select the location to save the log file (default is the same folder as the application) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = In your next post, please include fresh logs from: HiJackThis Silent Runner StartDreck StartUpList Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?