Tech Support Forum - View Single Post - Would Someone Please Take Look At Hjt Log?

**POADB** · 04-21-2006, 11:10 AM

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Before you begin, take a read through these instructions and download the programs that I've advised. Save the below instructions in notepad or wordpad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers open during the cleaning process unless otherwise prompted.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

Please allow yourself a few spare hours. Below are instructions for a virus scan(s) that can take longer then 2 hours.

It is also important you don't miss a step and perform everything in the right order!! .

********************************FOR YOUR INFORMATION*************************

Please do not run Hijackthis from it's current location.

Create a permanent directory - C:\Program Files\HiJackThis\
Re-locate all files to the new directory

********************************DOWNLOADS********************************

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in the same directory as the HiJackThis program.

Please download CleanUp! and install it. Do not run it yet!

Download Ewido Security Suite - Install & Update it's database but do not run it yet.

Unplug your computer from the Internet when you have finished downloading.

********************************PURGE/CLEANUP*********************************

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Set the slider to "Standard CleanUp!"
Uncheck the following:
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
- Scan local drives for temporary files
Click OK

Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep that are stored in these locations; Move Them Now!!!

********************************SAFE MODE*********************************

REBOOT TO SAFE MODE

Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

*********************************SETTING UP********************************

Enable the viewing of Hidden files

From Windows Explorer, go to Tools>Folder Options>View tab.
Enable the option for `Show hidden files and folder´
Disable the option for `Hide file extensions for known types´
Disable the option for `Hide protected operating system files´
Click Yes to confirm & then click OK

*********************************SMITFRAUDFIX********************************

Open the SmitfraudFix Folder,

Double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?"
Answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

********************************DESKTOP REPAIR********************************

Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

********************************EWIDO SCAN********************************

** Please disable all other antivirus programs before proceeding.**

Run Ewido:

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
Once finished, click the Save report button
Save the report to your desktop

Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

********************************TRUSTED ZONES********************************

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

********************************ONLINE SCAN********************************

REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.

Click on see report. Then click Save report

Please post that log in your next reply.

********************************CHECK LIST********************************

In your next post, please include fresh logs from:

HiJackThis
Online scan
Ewido Results
rapport.txt

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

04-21-2006, 11:10 AM	#4 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,482 OS: XP SP2	Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". Before you begin, take a read through these instructions and download the programs that I've advised. Save the below instructions in notepad or wordpad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers open during the cleaning process unless otherwise prompted. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below. Please allow yourself a few spare hours. Below are instructions for a virus scan(s) that can take longer then 2 hours. It is also important you don't miss a step and perform everything in the right order!! . ******************************FOR YOUR INFORMATION********************* Please do not run Hijackthis from it's current location. Create a permanent directory - C:\Program Files\HiJackThis\ Re-locate all files to the new directory ****************************DOWNLOADS**************************** Please download these additional files/programs. Do not run them unless instructed to do so. Unless otherwise stated, they should be stored in the same directory as the HiJackThis program. Please download CleanUp! and install it. Do not run it yet! Download Ewido Security Suite - Install & Update it's database but do not run it yet. Unplug your computer from the Internet when you have finished downloading. ****************************PURGE/CLEANUP***************************** Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Set the slider to "Standard CleanUp!" Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep that are stored in these locations; Move Them Now!!! ****************************SAFE MODE***************************** REBOOT TO SAFE MODE Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. *****************************SETTING UP**************************** Enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options>View tab. Enable the option for `Show hidden files and folder´ Disable the option for `Hide file extensions for known types´ Disable the option for `Hide protected operating system files´ Click Yes to confirm & then click OK *****************************SMITFRAUDFIX**************************** Open the SmitfraudFix Folder, Double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter*. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry?" Answer Yes* by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ******************************DESKTOP REPAIR**************************** Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok. ****************************EWIDO SCAN**************************** Please disable all other antivirus programs before proceeding. Run Ewido: Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK Once finished, click the Save report** button Save the report to your desktop Close Ewido * Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. ******************************TRUSTED ZONES**************************** Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. ****************************ONLINE SCAN**************************** REBOOT TO NORMAL MODE Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please post that log in your next reply. ******************************CHECK LIST****************************** In your next post, please include fresh logs from: HiJackThis Online scan Ewido Results rapport.txt Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________