Tech Support Forum - View Single Post

**RavenMind** · 10-15-2005, 11:01 PM

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back to address your problem A.S.A.P.

Please Subscribe to this thread, (Thread Tools->Subscribe to this Thread) so that you are notified when a reply has been made.

Please be patient with me during this time.

In the mean time, please download & run a scarn with AdAware SE Personal. Keep the default options, however, some of the settings will need to be changed before your first scan.

Close ALL windows except Ad-Aware SE.
Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
1. In the ‘General’ window make sure the following are selected in green:
  1. Under [Safety]:
    - Automatically save log-file
  2. Automatically quarantine objects prior to removal
  3. Safe Mode (always request confirmation)
2. Under [Definitions]:
  - Prompt to update outdated definitions - set the [number of days]
Click on the ‘Scanning’ button on the left and select in green:
1. Under [Driver, Folders & Files]:
  - Scan Within Archives
2. Under Select drives & folders to scan:
  - choose all hard drives
3. Under [Memory & Registry]: all green
  - Scan Active Processes
  - Scan Registry
  - Deep Scan Registry
  - Scan my IE favorites for banned URL’s
  - Scan my Hosts file
Click on the [‘Advanced’] button on the left and select in green:
1. Under [Shell Integration]:
  - Move deleted files to recycle bin
2. Under [Logfile Detail Level]: all green
  - include addtional object information
  - DESELECT - include negligible objects information
  - include environment information
3. Under [Alternate Data Streams]:
  - Don't log streams smaller than 0 bytes
  - Don't log ADS with the following names: [CA_INOCULATEIT]
Click the ‘Tweak’ button and select in green:
1. Under [Scanning Engine]:
  - Unload recognized processes during scanning
  - Scan registry for all users instead of current user only
2. Under [Cleaning Engine]:
  - Let Windows remove files in use at next reboot
3. Under [Log Files]:
  - Include basic Ad-aware SE settings in logfile
  - Include additional Ad-aware SE settings in logfile
  - Please do not Select: Include Module list in logfile
Click on ‘Proceed’ to save the settings.
Click ‘Start’
Choose 'Perform Full System Scan'
DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
Right-click on the list and choose [Select All]
Click the [Next] button to finish removing the items that were found
When finished, REBOOT to complete the removal of what Ad-Aware SE found

-----------------------------------------------------------------------

Next perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

------------------------------------------------------------------------

Please reply back with the Kaspersky log, a fresh HJT log in Normal Mode, and anything AdAware fails to clean.

Thanks,

RavenMind

10-15-2005, 11:01 PM	#2 (permalink)
RavenMind Lazy Bum Join Date: Mar 2005 Location: Salt Lake Posts: 1,015 OS: XP Home SP3/Vista	Hi and welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back to address your problem A.S.A.P. Please Subscribe to this thread, (Thread Tools->Subscribe to this Thread) so that you are notified when a reply has been made. Please be patient with me during this time. In the mean time, please download & run a scarn with AdAware SE Personal. Keep the default options, however, some of the settings will need to be changed before your first scan. Close ALL windows except Ad-Aware SE. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window: In the ‘General’ window make sure the following are selected in green: Under [Safety]: Automatically save log-file Automatically quarantine objects prior to removal Safe Mode (always request confirmation) Under [Definitions]: Prompt to update outdated definitions - set the [number of days] Click on the ‘Scanning’ button on the left and select in green: Under [Driver, Folders & Files]: Scan Within Archives Under Select drives & folders to scan: choose all hard drives Under [Memory & Registry]: all green Scan Active Processes Scan Registry Deep Scan Registry Scan my IE favorites for banned URL’s Scan my Hosts file Click on the [‘Advanced’] button on the left and select in green: Under [Shell Integration]: Move deleted files to recycle bin Under [Logfile Detail Level]: all green include addtional object information DESELECT - include negligible objects information include environment information Under [Alternate Data Streams]: Don't log streams smaller than 0 bytes Don't log ADS with the following names: [CA_INOCULATEIT] Click the ‘Tweak’ button and select in green: Under [Scanning Engine]: Unload recognized processes during scanning Scan registry for all users instead of current user only Under [Cleaning Engine]: Let Windows remove files in use at next reboot Under [Log Files]: Include basic Ad-aware SE settings in logfile Include additional Ad-aware SE settings in logfile Please do not Select: Include Module list in logfile Click on ‘Proceed’ to save the settings. Click ‘Start’ Choose 'Perform Full System Scan' DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window Right-click on the list and choose [Select All] Click the [Next] button to finish removing the items that were found When finished, REBOOT to complete the removal of what Ad-Aware SE found ----------------------------------------------------------------------- Next perform an online scan with Internet Explorer with Kaspersky WebScanner Next Click on Launch Kaspersky Anti-Virus Web Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan ------------------------------------------------------------------------ Please reply back with the Kaspersky log, a fresh HJT log in Normal Mode, and anything AdAware fails to clean. Thanks, RavenMind Last edited by RavenMind; 10-15-2005 at 11:11 PM.