Tech Support Forum - View Single Post

Ried · 03-03-2006, 07:45 PM

Hi galefly,

Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions.

You have 2 Anti-Virus programs running. (AVG and Symantec) While this may seem to be added protection for your system, it in fact can leave you more vulnerable because they will conflict with one another, as well as cause system instability. Please choose and run only 1.

I see you were previously infected with L2M. I would like to be certain all traces were removed.

Download L2mfix from one of these two locations:

http://www.downloads.subratam.org/l2mfix.exe
http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Since you didnt' post a report from an online scan, I'm assuming you are still having browser problems. I'd like to try this tool and see what it can ferret out for us.

You can download this tool to any removable media and bring to this PC to install it. You will then have to update the definitions file. This should not be a problem as a browser is not needed for the updates to download.

Please download and install the trial version of Webroot SpySweeper (8.3MB) .

When SpySweeper starts, please accept any prompts to update definitions.
Configure it as follows:
*From the left pane, click Options
*Select the Sweep Options tab & ensure the following are ticked:
-Sweep Memory
-Sweep Registry
-Sweep Cookies
-Sweep All Users accounts
*Do Not Sweep System Restore Folder
*Enable Direct Disk Sweeping
*Sweep For Rootkits
After that's done, select Sweep from the left pane & click on the Start button

Allow Spysweeper to reboot your machine to remove the infected files.
*After rebooting, launch SpySweeper & select Results from the left pane
*Click the 'Session Log' tab & choose Save to File to create a log.

## IMPORTANT - do not use your computer as you scan.

Post that in your next reply along with a new HJT log and the log from the l2mfix. Also, please provide an update on how your system is performing.

03-03-2006, 07:45 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,551 OS: WinXP and Vista	Hi galefly, Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions. You have 2 Anti-Virus programs running. (AVG and Symantec) While this may seem to be added protection for your system, it in fact can leave you more vulnerable because they will conflict with one another, as well as cause system instability. Please choose and run only 1. I see you were previously infected with L2M. I would like to be certain all traces were removed. Download L2mfix from one of these two locations: http://www.downloads.subratam.org/l2mfix.exe http://www.atribune.org/downloads/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! Since you didnt' post a report from an online scan, I'm assuming you are still having browser problems. I'd like to try this tool and see what it can ferret out for us. You can download this tool to any removable media and bring to this PC to install it. You will then have to update the definitions file. This should not be a problem as a browser is not needed for the updates to download. Please download and install the trial version of Webroot SpySweeper (8.3MB) . When SpySweeper starts, please accept any prompts to update definitions. Configure it as follows: From the left pane, click Options Select the Sweep Options tab & ensure the following are ticked: -Sweep Memory -Sweep Registry -Sweep Cookies -Sweep All Users accounts *Do Not Sweep System Restore Folder *Enable Direct Disk Sweeping *Sweep For Rootkits After that's done, select *Sweep* from the left pane & click on the *Start* button Allow Spysweeper to reboot your machine to remove the infected files. After rebooting, launch SpySweeper* & select Results from the left pane Click the 'Session Log'* tab & choose Save to File to create a log. ## IMPORTANT - do not use your computer as you scan. Post that in your next reply along with a new HJT log and the log from the l2mfix. Also, please provide an update on how your system is performing. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."