Tech Support Forum - View Single Post

tetonbob · 08-22-2005, 08:29 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and Microsoft AntiSpyware. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxplkmelreeenjig.com/WB0...xtnBdknx.htm l
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.bwafahkuehnsgpjfrvlg.com...DE/sdJXDpEM.php
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://jelkrnrjrtn.info/WB0RtGMhrpLHu72boEtJ7ujUJaE/as7MDE/sdJXDpEM.jsp");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.j s)
O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1\Fork Loud.exe
O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\TitleRef.exe
O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ray\APPLIC~1\PURETH~1\keep mess.exe
O4 - Startup: PowerReg SchedulerV2.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1<<<<this is a folder which begins with DENTDA
C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE
C:\DOCUME~1\Ray\APPLIC~1\PURETH~1<<<<this is a folder which begins with PURETH

Restart into normal mode and run a new HijackThis scan. Save the log file and post it here.

Download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer

Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

08-22-2005, 08:29 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,187 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm and then click OK. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). Make sure you downloaded, installed, updated and ran these programs already - Ad-aware, Spybot and Microsoft AntiSpyware. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rxplkmelreeenjig.com/WB0...xtnBdknx.htm l R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.bwafahkuehnsgpjfrvlg.com...DE/sdJXDpEM.php N2 - Netscape 6: user_pref("browser.startup.homepage", "http://jelkrnrjrtn.info/WB0RtGMhrpLHu72boEtJ7ujUJaE/as7MDE/sdJXDpEM.jsp");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Ray\Application Data\Mozilla\Profiles\default\nst0z0rm.slt\prefs.j s) O2 - BHO: (no name) - {76149F86-07BD-7663-82A2-7E1A0CA4D6A1} - C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1\Fork Loud.exe O4 - HKLM\..\Run: [Proc Drive Gram Love] C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE\TitleRef.exe O4 - HKCU\..\Run: [Poke Download] C:\DOCUME~1\Ray\APPLIC~1\PURETH~1\keep mess.exe O4 - Startup: PowerReg SchedulerV2.exe Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: C:\DOCUME~1\Ann\APPLIC~1\DENTDA~1<<<<this is a folder which begins with DENTDA C:\Documents and Settings\All Users\Application Data\ITCHNAMEPROCDRIVE C:\DOCUME~1\Ray\APPLIC~1\PURETH~1<<<<this is a folder which begins with PURETH Restart into normal mode and run a new HijackThis scan. Save the log file and post it here. Download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop (tmas-web-scan.exe) It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here. Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it Click On 'Scan Now' Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB Begin the scan by selecting My Computer * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. If it finds any malware, it will offer you a report. Click on see report Then click Save report Post the contents of the report in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009