Thread: Slower computer, folders wont open, and automatic popups!
View Single Post
Old 10-03-2006, 02:32 PM   #6 (permalink)
Eclipse2003
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Looking for keygens and cracks can often lead to an infected machine, as you've now seen firsthand. It is also usually illegal. We strongly recommend you not take part in this behavior.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
====================================================================================================

S& D Spybot's Tea Timer

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.
====================================================================================================

Showing Hidden files, folders, and system files and folders

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled.

Also make sure that the System Files and Folders are showing / visible.

Uncheck the Hide protected operating system files option.
====================================================================================================

Downloads

Cleanup!

Cleanup! and install it. You will use this later.


Combofix for Vundo

ComboFix

1. Download this file from one of the following locations-

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe


* IMPORTANT !!! Place combofix.exe on your Desktop


SmitFraudFix

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
====================================================================================================

Tools

Combofix for Vundo



2. Go to Start > Run - paste in the following command & click OK

"%userprofile%\desktop\combofix.exe" /v ssttt uhvjsul winwly32

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

====================================================================================================

Rebooting in Safe Mode

Next, reboot your computer in SafeMode :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.
====================================================================================================

HiJackThis! Fixes

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {1115CCAB-0A70-4FDD-821E-125C22F643DD} - (no file)
O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - (no file)
O2 - BHO: (no name) - {3343E11A-6322-42AE-82A1-85358FB99CE0} - (no file)
O2 - BHO: (no name) - {3F5E2BCA-396D-4538-B384-5CF36AC14D52} - (no file)
O2 - BHO: (no name) - {4D76AFF5-4DEC-47E4-BCF0-893B6C12A378} - (no file)
O2 - BHO: (no name) - {539E7385-E83A-4ED6-94DF-82CAE07A53B0} - (no file)
O2 - BHO: (no name) - {631B8EF1-74AB-4D1C-B4C2-F9F2FB72EC49} - (no file)
O2 - BHO: (no name) - {9CFFC2E3-7772-4394-9F67-2C28849A22A2} - (no file)
O2 - BHO: (no name) - {9E4C542F-8AC5-4651-8817-F7F8D2B49313} - (no file)
O2 - BHO: (no name) - {A33DD06D-205C-45DC-9E7B-77A881421FBE} - (no file)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: (no name) - {A6980CB1-48B4-4AF7-B0F4-58E59812947C} - (no file)
O2 - BHO: (no name) - {EB2B43C9-4456-467C-833F-DF559B469A0D} - (no file)
O2 - BHO: (no name) - {F1B51016-C208-406D-B8F7-8AF8850F2D02} - (no file)
O2 - BHO: (no name) - {FDC08E14-BB77-4E13-85FE-B10BB1100C7F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.
====================================================================================================

Tools

CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and reboot when prompted.
====================================================================================================

Rebooting in Normal Mode


Reboot your system in Normal Mode.
====================================================================================================

Online Virus/Spyware Scan

Panda Activescan

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
====================================================================================================

Tools

ComboFix

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Save this log to your desktop as combo2.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


SmitfraudFix

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!


HiJackThis!

Please run a new HiJackThis! Scan and post the results with your next reply
====================================================================================================

Summary: Please make sure you have completed all of the steps above and include the following in your next post

New HiJackThis! Log
Panda ActiveScan Log
ComboFix Log (The second one)
Smitfraud Fix Log
Eclipse2003 is offline