CTSNKY

We'll get the respect after running the table in the SEC again this year. We kinda prefer being ranked a bit lower until March. Puts the pressure on Kansas or UNC, etc.........you already see what id does to some of them (UNC/AZ losses).

Here we go......

Boot into Safe Mode.

Run SD again in the same fashion.

For each of these entries, highlight each, one at a time, and click the Delete button:

`[rename]
`NUL=C:\WINDOWS\wupdsnff.exe
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\4c71e87.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\CORECOMP.INI
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\CTL3D32.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\DLGIMAGE.BMP
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\ReadMe.txt
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\Register.log
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\SETUP.INI
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\setup.ins
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\UNINST.EXE
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\_INSIS30.INZ
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\_ISREG32.DLL
`NUL=C:\WINDOWS\TEMP\_ISTMP0.DIR\_SETUP.LIB
`NUL=C:\WINDOWS\TEMP\_INS0432._MP
`NUL=C:\WINDOWS\TEMP\_INZ0432._MP
`NUL=C:\WINDOWS\TEMP\_WUTL95.DLL
======
*C:\mssys.com
*C:\WINDOWS\mssys.com


Then, delete:

C:\WINDOWS\wupdsnff.exe
C:\WINDOWS\TEMP\ <<<Entire contents of folder, not folder itself.
C:\mssys.com
C:\WINDOWS\mssys.com


Reboot and report on your machine's condition.

__________________


GO BIG BLUE!!

Lauren29

I rebooted into same mode-SD-config-check all-uncheck Nt services and n kernel and it would not let me delete any of them. what now? I could see them but not delete any of them .got an error n53 message.

Help

CTSNKY

Try skipping the SD part and concentrate on deleting those files....Safe or Normal Mode.

__________________


GO BIG BLUE!!

Lauren29

Ive saved all of my pertinent files to CD( pictures, spreadsheets word documents etc). This is my home computer and Im tired of struggling with it. It is so slow over the last couple of weeks. It is less than a year old and has plenty of power. Something is running in the background causing all sorts of problems If i do a system restore will that eliminate the problems. then I can bring it back up to speed. What do you think? Ill spend less time reloading my software than fighting these hijacker, trojans etc. although Im sure they will be back at some point. Also any recommendations on security to keep from having the hijacker problems? you guys do great work.

thanks

Lauren

MicroBell

Hi Lauren29:

I'm not sure system restore would help as we dont know how long the infection has been in the system. We are working on a process to remove this hijack..and it's a bit complicated. To protect yourself Please read through the spyware prevention section on how to protect yourself from spyware/adware Here Use the recommend methods and programs!

If you want to try and FIX this hijack following the instructions below. If not I would recommend a reinstall of the OS. The choice is yours....so read through the first step of the fix and then decide.

For the Fix...

You will need some programs for the removal process so I will group them for you to download before the fix.

Programs Needed::

Kill2Me http://www.hijackthislogs.com/dl/kill2me.zip
PV http://www.hijackthislogs.com/dl/pv.zip
VX2Finder(126) http://www.hijackthislogs.com/dl/VX2Finder(126).exe
Hoster http://members.aol.com/toadbee/hoster.zip
CleanUp http://cleanup.stevengould.org/
KillBox http://www.greyknight17.com/spy/killbox.zip


==================================================

Process

1. Download Kill2Me from here and run
http://www.hijackthislogs.com/dl/kill2me.zip

2. Download this version of pv and unzip it to your desktop. (**Note** It MUST be on the desktop!) It will create it's own folder.

http://www.hijackthislogs.com/dl/pv.zip

Then proceed below..

1. Double click the runme.bat file.
2. Select option 3 and hit enter. Save the log that was generated.
3. Then select option 5. Save the log that was generated.

Copy and paste each of them into the next your next post.

3. Copy and paste the text below inside the quote box to notepad.
Save it to your desktop as type "all files" and name it notify.bat.


Then doublclick to run it. It will generate a text file named notify.txt. Copy and paste the contents into your next reply.

4. Download the latest vx2 finder here

http://www.hijackthislogs.com/dl/VX2Finder(126).exe

Click the "Find Vx2.Betterinternet" button. Click the Make Log button a post that log in your next reply.

So I need ALL 4 of these logs from the infected PC. Please note that during this removal process this PC can NOT be turned off or REBOOTED. Doing so...makes all 3 logs useless as the rootkits DLL (the baddie) file name will change. So if you have to wait a day to proceed with the next step in the fix..just make sure the PC is not rebooted.

If you must reboot or turn the PC off you will need to start over in the process section and do it again. The logs and the fix must be done at the same time without the PC being rebooted.

__________________

MicroBell

EDIT:::

I also need you to list the files located in the Downloaded Programs File Folder. It might be located at....

C:\WINDOWS\Downloaded Program Files\ as well as here

C:\Program Files\Internet Explorer\ <== You may not have a download folder in here...but check. We are looking for any randomly named files

__________________