Thread: Please check my log and tell if there is any problems?
View Single Post
Old 12-01-2005, 02:20 PM   #5 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,802
OS: 2000 Pro; XP Pro; XP Home


In control, but not done yet.....

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download this ISTbar Removal Tool and run it.

------------------------------------------------

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html
------------------------------------------------

Delete the following Files/Folders if they exist:

C:\WINDOWS\alchem.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\usta32.ini
C:\PROGRAM FILES\COMMON FILES\InetGet
C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.j ar-2cb7cc7c-17694dc2.zip
C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.j ar-2cb7cc7f-45ce33a1.zip
C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.j ar-31f06070-7246cbb6.zip
C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.j ar-4514e5ea-1551efd4.zip
C:\Documents and Settings\elmeri\.jpi_cache\jar\1.0\javainstaller.j ar-4514e5ea-23db0402.zip

If any resist deletion, boot to safe mode and delete them from there. If you cannot delete any, please let me know.
------------------------------------------------

This next scan is to get a "second opinion", to ensure that all has been cleaned from your system.

Perform an online scan with Internet Explorer with

Kaspersky Online Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Restart and run a new HijackThis scan. Save the log file and post it here.

We will address protection tools once you are clean.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline