Tech Support Forum - View Single Post

MoralTerror · 06-12-2006, 04:18 AM

Hi Joe

You may find it easier to print out these instructions or view them on your desktop while carrying them out on the laptop. Please read the instructions carefully before you begin and if there is anything you do not understand then please post your questions here before beginning. It is important you follow the instructions in the exact order stated.

I notice that you have more than one anti-virus programs on your machine (Trend Micro & Symantec). That's not a good idea!!

This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them.

ALL the antivirus programs must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:

re-install the program -> reboot -> uninstall

## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ##

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. Extract(unzip) HijackThis to the new folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

Both RoboForm and Antikeylogger still appear to be present on the laptop. Please uninstall them from normal mode using Start > Control Panel > Add/Remove Programs.

I see you already have Ewido installed. You will need to make sure you have the latest definitions.

Launch Ewido & click Update from the left pane
Then click on Start Update.

If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Reboot in Safe Mode (by repeatedly tapping F8 until the menu appears)

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

* "Perform action on all infections"
* Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

You don't seem to have many running processes which could indicate the log was taken while in safe mode. To be sure it's clean we need a HijackThis log from normal mode. Could you also check that you do not have Selective startup enabled as this prevents us from seeing everything. To do this:

Go to Start>Run type msconfig and press Enter.

Select Normal Startup - Load all Device Drivers and Services

Reboot in Normal mode

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Scan with HijackThis

Post the Panda Scan report and a new HijackThis log

Required Logs

Ewido report
Panda report
new HijackThis log (from normal mode)

06-12-2006, 04:18 AM	#13 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Hi Joe You may find it easier to print out these instructions or view them on your desktop while carrying them out on the laptop. Please read the instructions carefully before you begin and if there is anything you do not understand then please post your questions here before beginning. It is important you follow the instructions in the exact order stated. I notice that you have more than one anti-virus programs on your machine (Trend Micro & Symantec). That's not a good idea!! This messes up the machine pretty badly. Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall ALL leaving only one of them. ALL the antivirus programs must be removed via add/remove program. For any program that doesn't have an add/remove entry, you will have to do this: re-install the program -> reboot -> uninstall ## Do NOT proceed with the rest of the fix until you have resolved the dual antivirus programs ## You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. Extract(unzip) HijackThis to the new folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Both RoboForm and Antikeylogger still appear to be present on the laptop. Please uninstall them from normal mode using Start > Control Panel > Add/Remove Programs. I see you already have Ewido installed. You will need to make sure you have the latest definitions. Launch Ewido & click Update from the left pane Then click on Start Update. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Reboot in Safe Mode (by repeatedly tapping F8 until the menu appears) Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: * "Perform action on all infections" * Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. You don't seem to have many running processes which could indicate the log was taken while in safe mode. To be sure it's clean we need a HijackThis log from normal mode. Could you also check that you do not have Selective startup enabled as this prevents us from seeing everything. To do this: Go to Start>Run type msconfig and press Enter. Select Normal Startup - Load all Device Drivers and Services Reboot in Normal mode Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now** and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Scan with HijackThis Post the Panda Scan report and a new HijackThis log Required Logs Ewido report Panda report new HijackThis log (from normal mode)