Tech Support Forum - View Single Post - Nasty Persistent Pop-up Hijack log please help

tetonbob · 06-10-2006, 05:44 PM

Keep the infected machine disconnected from the internet until we've got it clean. Pull the plug.

Carry any tools to it via USB stick drive or CDR.

What file is it hanging on, can you tell?

Delete that version of Dr. Web. Dr.Web has no built-in update function, and has new updates built in to the downloadable file twice an hour. We'll address that in a bit if I want to use it again. I need to see a new HJT log.

I also need you to run these tools as well:

* Download WinPFind http://www.bleepingcomputer.com/files/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don't do anything with it yet!

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

So, please return with a new HJT log, WinPFind's log, the rapport.txt from SmitfraudFix, and any info from Dr. Web you may have been able to glean.

06-10-2006, 05:44 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Keep the infected machine disconnected from the internet until we've got it clean. Pull the plug. Carry any tools to it via USB stick drive or CDR. What file is it hanging on, can you tell? Delete that version of Dr. Web. Dr.Web has no built-in update function, and has new updates built in to the downloadable file twice an hour. We'll address that in a bit if I want to use it again. I need to see a new HJT log. I also need you to run these tools as well: * Download WinPFind http://www.bleepingcomputer.com/files/winpfind.php o Double click on WinPFind and unzip it to your Desktop. o Don't do anything with it yet! Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Double click WinPFind.exe * Click 'Start Scan' * It will scan the entire system, so please be patient! * Once the scan is complete: 1. Go to the WinPFind folder 2. Locate WinPFind.txt 3. Copy those results in the next post! So, please return with a new HJT log, WinPFind's log, the rapport.txt from SmitfraudFix, and any info from Dr. Web you may have been able to glean. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009