Plane line 3 Patch dust from the drivers with a wet dry red. 0 nkw compaq. Reg and DelDomains. Inf to find trusted sites Pop settings for IE Onboard keen.
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Or read our to learn how to use this site. Hi Lisa, Thought you had given up. Well, your HijackThis log has finally cleaned up, but there is still some more to do.
Where does McAfee say Vundo is now-what folder? Looks like I was mistaken about the bat file not working the first time. Was using a new tool and misread how to confirm it worked.
You should be clear of AWS now. Just one file didn't confirm. Copy the following bold text and paste it into the Run box (STARTRun) and hit enter: C: Program Files Yahoo! Messenger In the folder that opens up, right click on the Messenger.exe file and choose Properties.
Post back the file size for me. Thermodynamics an engineering approach 6th edition pdf. You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following:. Restart your computer. After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;. Instead of Windows loading as normal, a menu with options should appear;.
Select the first option, to run Windows in Safe Mode, then press 'Enter'. Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press ' Enter' to delete infected files. You will be prompted: 'Registry cleaning - Do you want to clean the registry?' ; answer 'Yes' by typing Y and press 'Enter' in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected.
You may be prompted to replace the infected file (if found); answer 'Yes' by typing Y and press 'Enter'. The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C: rapport.txt If your desktop background/wallpaper disappears, right click on the DesktopProperties and under the Desktop tab reset it to what you like. Hello, Ok the size of the messenger file is 775 bytes. Question for you, eversince I switched over to Firefox I have not had the problems I was having. Is there an issue with my IE? Here is the smitfraud report: SmitFraudFix v2.197 Scan done at 12:08:14.22, 2007-07-01 Run from C: Documents and Settings Lisa Desktop SmitfraudFix OS: Microsoft Windows XP Version 5.1.2600 - WindowsNT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's.dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C: WINNT Tasks At?job Deleted C: WINNT Tasks At??job Deleted C: WINNT system32 susp.exe Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!!
HKEYLOCALMACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon 'System'=' »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix!!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's.dll »»»»»»»»»»»»»»»»»»»»»»»» End. Hi Lisa, sorry for the long delay and hope the move went well. For the YahooMessenger, what has hapened is that the malware has moved the legit file to a bak folder and replaced it with a bad copy in the folder where it is supposed to be. Don't know why the batch didn't work but we'll restore it to where it should be manually and to be on the safe side you may want to reinstall.
Do the following in safe mode. Navigate to C: Program Files Yahoo! Messenger bak folder. Right click on YAHOOMessenger.EXE and choose Cut. Now go up one level of folders so that C: Program Files Yahoo!
Messenger is open. Right click in an open space and choose Paste. Allow Windows to overwrite the file. Now you can delete the bak folder.
Any problems with this let me know. You can also delete the other bak folders in the list at the end of the FindAWS log as they are not needed and just taking up space.
I don't see anywhere in your log where you have Sun's Java installed. You may still be running the MS Java VM, but there is no indication of that either. For better security and internet experience you really need the latest version of Sun's Java. For some reason Sun will also leave older versions of Java behind, which is a security risk, because they are unpatched and still can be called on to run. So first let's uninstall any Java you may have, clean up it's cache along with Windows temp and junk files, then get the latest version. Please do the following: Updating Java: -Go to Start Control Panel double-click on the Software icon add/remove programs.Search in the list for ALL installed versions of Java.
(J2SE Runtime Environment. ) Sun's should have this icon next to it: The MS icons look like a penguin. Select each and click Remove-continue this process until all version have been uninstalled then reboot your system.
Download and install. (Starting with v1.27.260, the standard build installs the Yahoo Toolbar as an option which is checkmarked by default during the installation. Remove the checkmark when provided with the option.After installation, see the. Run CCleaner to clear out your Java cache and other junk files-I don't trust the issues function, so suggest you leave that button alone for now.
Download the latest version of. Scroll down to Java Runtime Environment (JRE) 6u2'. Click the ' Download' button to the right. Check the box that says: ' Accept License Agreement'.
The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Then from your desktop double-click on the download to install the newest version.
Please perform this online scan: Note that you need to run this scan with Internet Explorer for it to work correctly. Read the Requirements and Privacy statement, then select ' Accept' 2. A dialogue box will appear asking ' Do you want to install this software?' Name: kavwebscanunicode.cab NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1. Select ' Install' to download the ActiveX controls that allows ActiveScan to run. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval.
Click ' Allow' 5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click ' Next' 6. Click ' Scan Settings' and check the option to use the EXTENDED DATABASE, then click ' OK' 7.
Select a target to scan: Click on ' My Computer' and the scan will begin. When the scan is complete choose save the results by clicking ' Save Report As HTML' Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop. Post the Kaspersky scan results in your next reply. If you have any problem running the scan to completetion, disable your Antivirus temporarily, just be sure to re-enable when done. At this point let's see if you can get service pack 1a installed.
You may not be able to but if successful it will get you patched up better and possibly allow other tools to run for further cleanup if need be. Open this link to the page, select Express Installation and follow the instructions to download/install Service Pack 1a (SP1a). Then scan again with HijackThis and post a new log along with the Kaspersky log. Question for you, eversince I switched over to Firefox I have not had the problems I was having.
Is there an issue with my IE? Have you tried it again after all this cleanup? Since IE is the most commonly used browser out there and basically so deeply imbedded into the XP Windows operating system, it is the No. 1 target and avenue of attack to your system. So yes there are issues with your IE as long as you are infected.
You may get full functionality back, but it could also be damaged. Let me know how it works now and when we get you as clean as possible I will give you some more instructions of securing IE. Once you get used to Firefox you may want to continue to use it and it's features. It is a saf er browser and we rocommend it as a way to avoid infections, but nothing is immune and it is better to keep IE functional and patched. As far as getting a legal copy of Windows, I've sort of been avoiding that as it can turn into a long tutorial in itself as there are many things to consider. One is that you can get ripped off when buying online or get poor support.
The site with the best reputation is NewEgg, and you can find their deals on operating systems here: Each deal changes over time, and unfortunately, when checking this today the only XP versions are a retail XP Pro, which is over your budget, and an upgrade to XP Home SP2. Upgrades are cheaper, but it is generally recommended to install a full version as upgrades are often problematic and you really need a standard CD to be able to perform system repairs properly when needed and to boot from the CD. Full retail packages are the most expensive, but completely above-board and legal. But they are getting hard to find for XP online as most deals are for OEM versions. For definitions and more info on what OEM/DSP means, suggest you read this entire article: When I originally researched this some days back, NewEgg had a couple of XP Pro OEM's for sale for around $150. The best deal I found online was here-and note that I have no idea how reputable this company is: XP Home is going to be considerable cheaper than XP Pro, and should be fine if you are a typical home user that doesn't need to network with other computers at your residence.
The cheapest deal just mentioned doesn't say anything about having to purchase hardware to get that price. In general, you should contact these retailers and make sure you know what you are getting into, what shipping costs might be, etc., and do some research on them and their reputation. With a lot of searching around on the net, you may be able to find a better deal to suite you.
But a legal copy you need sooner rather than later as it will solve all these issues we have been fixing, make your system much more secure and XP itself may not be around much longer. If you don't have any icons then you don't have any Java to uninstall (which is what your log indicated), so you can just skip the uninstalling step and continue with the rest of the instructions. I don't have the time at the moment to check out your link-it looks good and what you can find on most online stores, I would just check out all their policies on returns and such and you can get some reviews of sellers on some sites like epinions, altho you will often get both good and bad reviews from users so it is hard to tell.
I'll see what I can find out a little later. Most antivirus (AV) will look system wide and several anti-spywares like Ad-Aware. Those are general scanners that use definitions-sort of a mug shot. HijackThis is an enumerator, it only lists certain areas of the registry that enable malware to start in one way or another-it's our job to look over that list to see what needs to be changed. What you have in the registry are settings, and some of those settings are specific to each user account. The most common of these are settings that allow a person to customize their account, like the desktop and Internet Explorer's home page. There may not be much in your son's account, but since the trend lately as been hijacking the desktop, that could be the entry point for the malware you've had so it won't take long to check it.
Also when I do get ready to purchase the new XP home if I can't get this totally cleaned up will it effect the new XP?There will be no holdover effect if you do a reformat of the hard drive before installing Windows. You need to start getting prepared for that by backing up the data you want to keep and making sure you have all your drivers together. These articles will get you started on what you need to consider and do and I will help with that as much as I can.
Based on what I see in your HJT log, we need you to run another tool and attach the log. You have a trojan named Downloader-BEW see Download and run FindAWF by noahdfear.
Please download FindAWF by noahdfear. Save to your desktop. Double-click the FindAWF icon.
If a Security Alert shows, allow the program to run. As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders. The scan may take a while, please be patient.
When done, a text file, Find AWF report is produced. Please attach the Find AWF report in your next post.
First delete the below folder if found: C: Program Files Java jre1.6.001 Now Disable Spybot's TeaTimer. Run Spybot and click Mode. Select Advanced Mode.
Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer. Also while this is open, in the left column now select IE Tweaks. and then in the right pane make sure all the Miscellaneous locks are unchecked.
Now quit Spybot! Now please download and unzip it to your desktop. Do not run it yet. Find the files from deldomains.zip on your Desktop and RightClick on the deldomains.inf file and select Install. Next, we need to run FindAWF again. Double-click the FindAWF icon. If you receive any security alerts and/or warnings please allow the utility to run.
As instructed, press any key to continue. Use the following option: Press 2 then Enter to restore files from bak folders. A text file opens called: files.txt. Click below the line and paste the following list of files to be restored.
Note: The O15 lines I'm asking you to remove with HijackThis may no longer be there. The below is just a precaution.
Run C: MGtools analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIXuntil you exit all browser sessions including the one you are reading in right now: O4 - HKLM. Run: QuickTime Task 'C: Program Files QuickTime bak qttask.exe' -atboottime O4 - HKLM. Run: SunJavaUpdateSched 'C: Program Files Java jre1.6.003 bin jusched.exe' O15 - Trusted Zone:.doginhispen.com O15 - Trusted Zone:.whataboutadog.com After clicking Fix, exit HJT. Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the ' Save as' type is set to 'all files' Once you have saved it double click it and allow it to merge with the registry. Click to expand. Now click the 'Done' button. Click on the traffic light icon and OK the prompt. You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C: avenger.txt Now run Ccleaner! Now run the C: MGtools GetLogs.bat file by double clicking on it. Then attach the new C: MGlogs.zip file that will be created by running this and also attach the log from Avenger. Make sure you tell me how things are working now! Based on your logs you are clean. Are you still having problems?
Did the fixME.reg patch add into the registry successfully? Did you receive a success message? Try again if unsure. Also do the below. Download and then follow the below steps. Unzip HostsXpert.zip.It will create a folder named HostsXpert in whatever folder you extract it to.Run HostsXpert.exe by double clicking on it.click the Make Writeable?.click Restore Microsoft's Hosts File and then click OK.Click the X to exit the program. You're welcome.
If you are not having any other malware problems, it is time to do our final steps:. If we used Pocket Killbox during your cleanup, do the below. Run Pocket Killbox and select File, Cleanup, Delete All Backups. If we used ComboFix, you can delete the ComboFix.exe file, C: ComboFix folder, C: QooBox folder, C: WINDOWS nircmd.exe, C: combofix.txt and C: ComboFix-quarantined-files.txt logs that was created.
If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it. If we used SmitFraudFix, you can delete all files and folders related to it now including the c: rapport.txt log. If we used VundoFix, you can delete the VundoFix.exe file and the C: VundoFix Backups folder and C: vundofix.txt log that was created. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C: fixwareout folder. If we had you run Avenger, you can delete all files related to Avenger now. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now. You can delete the C: MGtools folder and the C: MGtools.exe file.
You can also delete the C: MGlogs.zip. If you are running Windows XP or Windows ME, do the below:.
go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and Enable System Restore to create a new clean Restore Point. After doing the above, you should work thru the below link:.