Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACKER.COSTRAT.E

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby whisperer » September 16th, 2006, 4:29 pm

Missed the Kaspersky as I was looking for mcafee - wake up GT

If you do not want mcaffee then try AVG and ZoneAlarm, they are the ones I use and they are both free, BUT you must not have two anti-virus or 2 Firewall solutions running at the same time. It is imperative that you do have one of each running at all times.

There are many paid and free firewalls available for your use but in the interim I would suggest that you install the following free program

The AntiVirus programme, as with a Firewall, is an essential element in your protection against Malware. Go to AVG , scroll to the bottom of the page and download the free programme

Q Were the logs done in Normal or Safe mode please?

GT :thumbup:

It is too late now but I would have preferred you not to have used Kaspersky to remove things that the free scan found, as they often give important clues as to the extent of the damage. Gentle wrist slap delivered :)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Unread postby whisperer » September 16th, 2006, 4:42 pm

I assume that you only downloaded Kaspersky AntiVirus solution and not the full security suite. If this is true then get ZoneAlarm on as a matter of priority.

Regards Weather Pulse: if you downloaded it to Gales desktop then it will only work there, but if you put it into a common folder for all accounts then it should work in all accounts

GT :thumbup:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby bnkrldy » September 16th, 2006, 5:17 pm

Sorry about the Kaspersky file deletions...
I use McAfee because it comes free through the ISP, but I'll give ZoneAlarm a try.

The logs were done in normal mode, I would be happy to redo in Safe Mode.
bnkrldy
Regular Member
 
Posts: 35
Joined: July 8th, 2006, 1:43 am

Unread postby whisperer » September 17th, 2006, 3:51 am

It is all looking good so please update your Uninstall list by opening your HijackThis

1. Click on Open the Misc Tools section or Config… button, depending on how you are set up.
2. If you used the Config... option then click the Misc Tools tab
3. Select Open Uninstall Manager , a list of your installed programs will be displayed.
4. Select the Save List… button and save the file to your desktop.

Please post the list back here together with any comments about the computers behaviour - the word Normal would be nice :D
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby bnkrldy » September 17th, 2006, 12:49 pm

Everything seems to be working well. Two small glitches yesterday: when I first signed on to Leanna, the Home Page was set to "About:Blank", but it remembered the reset to Comcast.Net. Also, when I first signed on to Gale, the Home Page was reset to MSN.com, but again, it remembered the correction to Comcast.Net. Otherwise, nothing seems to be going on...I can say Normal!

Here is the Uninstall Log:

ACS495
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.5
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
ATI mach64 Display Driver
AVG Free Edition
Bookmark Express
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss REBEL 300D WIA Driver
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities File Viewer Utility 1.3
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
EPSON Printer Software
EPSON Status Monitor 2
ewido anti-spyware 4.0
HijackThis 1.99.1
HP Image Zone 3.5
HP Photosmart Cameras 3.5
HP Software Update
IBM Rapid Access Keyboard
Java 2 Runtime Environment, SE v1.4.1_07
Java Web Start
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft IntelliPoint
Microsoft Office 97, Professional Edition
Microsoft Publisher 97
PaperPort 6.5
QuickTime
RealPlayer
Rescue Disk
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Trillian
Visioneer 3300 Scanner Driver
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows XP Uninstall
ZoneAlarm
bnkrldy
Regular Member
 
Posts: 35
Joined: July 8th, 2006, 1:43 am

Unread postby whisperer » September 17th, 2006, 4:44 pm

Thanks for the update, it is looking good.

All of the logs are looking good and I think that we can move on to the penultimate stage - the final being a message from you that a week after removing the TRIAL account that all is OK :)

When your Kaspersky Anti-Virus runs out, or before if you wish, please uninstall Kaspersky whilst disconnected from the internet and install your choice of Antivirus programs, obviously to do this you must download it before removing Kaspersky - no problems with 2 systems on the computer but only 1 must be running.

Clean Log

Well done, your log is clean. Just a tidy up required.
  1. First we make sure that any files in a System Restore point can not re-infect your computer by removing all old system restore points.
    1. Select the Start button and from the available options
    2. Right-click the My Computer option and select Properties.
    3. Click on the System Restore tab.
    4. Check the box against Turn off System Restore on all drives. Click OK
    5. Click Yes to confirm, then restart the computer
    6. After the restart, re-enable System Restore by following steps a-c, but in step c, click to clear the Turn off System Restore on all drives. check box.
  2. Restore your Hidden & System files to their normal state by
    1. Select the Start button and from the available options
    2. Right-click the My Computer option.
    3. Select Explore from the drop-down menu
    4. Select the Tools menu and click Folder Options. from the new window
    5. Select the View Tab.
    6. Under the Hidden files and folders heading remove the tick from Show hidden files and folders by clicking in the check-box to its left
    7. Replace the check against Hide protected operating system files (recommended) option, again by clicking the check-box to its left.
    8. Click Yes to confirm.
    9. Click OK.
  3. Finally, HijackThis makes backups of all corrections made
    • Open HijackThis and select either Open the Misc Tools section or Config button
    • Click the [color=blue]Backups button[/color]and select Delete All and then Yes
    • Close HijackThis
Preventative measures
  1. Firstly Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options .
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

      You would also reduce the risk of attack of you switched your browser to Firefox
  2. Please retain AdAware and Spybot and run them at regular intervals after updating them (7 to 14 days).
  3. Please update SpywareBlaster at the same interval and in addition I would suggest that you install the following 2 free programs, keep these updated as they are background tools
    1. SpywareGuard provides a shield against infection
    2. IE-SpyAd puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available here
  4. Do not forget to get an anti virus solution before the trial Kaspersky runs out
  5. Windows Updates – It is very important to ensure that Internet Explorer and Windows are kept up to date with the latest critical security patches from Microsoft.
  6. On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date.
  7. To maintain a smooth running computer use CCleaner every now and then and Defragmenter as well.
  8. To find out more information about how you got infected in the first place and some excellent guide lines to follow to prevent future infections you can read this article by Tony Klein

Best wishes and safe surfing, I look forward to an all-clear message a week after you have deleted the TRIAL account

GT :thumbup:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby bnkrldy » September 27th, 2006, 9:20 pm

All seems to be running well. Thank you so much for your time and patience.
Bnkrldy
bnkrldy
Regular Member
 
Posts: 35
Joined: July 8th, 2006, 1:43 am

Unread postby whisperer » September 28th, 2006, 3:12 am

It was a pleasure to work with you,

Best wishes

GT :cheers: :hello1: :hello2:
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware