Tech Support Forum - View Single Post

**Deckard** · 12-04-2006, 08:48 PM

I see you have a "undetected speed hack" installed for Soldat. We are not here to pass judgment; however, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

The same goes for P2P software - we don't pass judgment, but using it can make you more susceptible to re-infection.

I strongly urge you to update to SP2 when I declare your machine clean (but not before; SP2 should only be installed on a malware free machine). It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, I will have you return to the Windows Update page and install SP2. I will also then advise you on how to better protect yourself online.

Clear Cookies
Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear.

Clean Quarantine
Please follow Symantec's guide to clean out your Norton quarantine directory.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player
Web Savings from Ebates

Please let me know if any of these were unable to uninstall.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Mark's Folder\Soldat\1.3\Speed_Hack.zip
C:\Program Files\Viewpoint

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

With Your Next Post...
Please paste the following with your next reply (in this order please):

Panda scan report,
a new HiJackThis log taken after Panda finishes.

Also let me know how your machine is behaving now.

12-04-2006, 08:48 PM	#8 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	I see you have a "undetected speed hack" installed for Soldat. We are not here to pass judgment; however, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. The same goes for P2P software - we don't pass judgment, but using it can make you more susceptible to re-infection. I strongly urge you to update to SP2 when I declare your machine clean (but not before; SP2 should only be installed on a malware free machine). It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, I will have you return to the Windows Update page and install SP2. I will also then advise you on how to better protect yourself online. Clear Cookies Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear. Clean Quarantine Please follow Symantec's guide to clean out your Norton quarantine directory. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Media Player Web Savings from Ebates Please let me know if any of these were unable to uninstall. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Mark's Folder\Soldat\1.3\Speed_Hack.zip C:\Program Files\Viewpoint Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. With Your Next Post... Please paste the following with your next reply (in this order please): Panda scan report, a new HiJackThis log taken after Panda finishes. Also let me know how your machine is behaving now. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006