Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Ghosts in the Machine

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Ghosts in the Machine

Unread postby km2357 » November 21st, 2007, 4:33 pm

log on/off musical chime is still out


Did you follow my instructions exactly? I'll lay them out step-by-step so that there is no confusion:

1. Open Windows Explorer(Right-Click on the Start button and click Explore), in the left pane click on C: then Qoobox then quarantine then c then Windows
(the Windows Explorer address bar should now show C:\Qoobox\quarantine\c\windows)
2.In the right pane, right-click on the Media folder and select Copy
3.Back in the left pane, click on C: again.
4.Now scroll down in the left pane and click on the Windows folder
5.Right-click on the Windows folder and select Paste
6.In the right pane, double-click on the Media folder to open it
7.For each file in the file that ends .wav.vir, right-click on the file, select rename, and remove the .vir part
When you get to SendMail.dll.vir, simply right-click on this file and select delete.



those C commands, are they actual files or commands contained within files? When I typed it under search, it referenced the log reports for Kapersky and HJack, so I just deleted the old scan reports....is that what you wanted or is there more? For future reference, is there a method to locate these files besides putting them in the "run" box? I don't want to run something that I shouldn't.....


Do you mean these:

C:\WINDOWS\system32\kdfmgr.exe
C:\102C.tmp
C:\1D28.tmp
C:\1D2E.tmp


Those are actual files that I want you to delete. Don't ever put any of these files (or others I ask/asked you to delete) in the Run box, you do not want them running and causing you to get infected again.

Here are the steps to delete these files and the ones I had you try earlier:

1. Open Windows Explorer (Right-Click on the Start button and click Explore)
2. Inside the Windows Explorer window, in the left pane, click on C:
3. In the right pane, find the following files on C: click on each filename and press the delete key as you find each one:

Program.exe
102C.tmp
1D28.tmp
1D2E.tmp


4. After those files have been deleted, in the left pane, click on system32. In the right pane, click on the filename and delete the following file:

kdfmgr.exe

Do not delete any other files in the system32 folder.


Empty your Recycle Bin and let me know if you had any trouble deleting any of the files.


The host program installed sends ads to a dummy address right ...127.0.0.01 or something like that.......how can I tell that my hosts are no longer corrupted....


The host program did the right thing, It replaced your corrupted hosts file with one that isn't corrupted.

.....and what can I do about those files listed as virus/spyware that the Kapersky report caught and my anti-virus didn't?


Deleting the files I listed above and emptying Trend Micro's quaratine folder will get rid them. Just remember to always keep your Anti-Virus uptodate.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3003
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Re: Ghosts in the Machine

Unread postby Duece » November 23rd, 2007, 8:14 pm

All of the files you ask me to delete I deleted. I accessed the files via control panel then clicking files/folders. None of the files you are requested to be deleted are present. However my log off/on chime is still gone.....Otherwise everything else seems to be working just fine......by the way, on my microsoft update, it tried to download a 1.1 NET framework upgrade and failed....I am not sure what caused the error and looking at my uninstall list, I am not sure which framework is running...1.0, 1.1, or 2.0??? Lets whack some more bugs!!!

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
a-squared Free 3.0
Broadcom Advanced Control Suite
Chessmaster 10th Edition
Conexant SmartHSFi V92 56K DF PCI Modem
DAO
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support
Digital Line Detect
DVDSentry
Easy CD Creator 5 Basic
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB918997)
hp instant support
HP Photo and Imaging 1.0 - PSC 2000 Series
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 3
Kaspersky Online Scanner
Lexmark 7300 Series
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB886905)
Microsoft .NET Framework 2.0
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (2.0.0.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Paint Shop Pro 7
PowerDVD
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
Print to Fax
QuickTime
Readiris 7.5
SBC Yahoo! DSL Home Networking Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Spybot - Search & Destroy
TaxACT 2003
TaxACT 2004
TaxACT Illinois 2003
TaxACT Illinois 2004
Trend Micro Internet Security Pro
Trend Micro Remote File Lock
Trend Micro TrendProtect for Internet Explorer
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Desktop Search
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby km2357 » November 25th, 2007, 3:09 am

Hi Duece.

What did the error message say when you tried to download the 1.1 NET framework upgrade/update?


Step # 1: Run Batchfile

Start Notepad with a new window.
Copy the following from the quote box by highlighting all the text with your mouse and pressing Ctrl+C on your keyboard

@echo off
dir /s /a C:\Windows\Media > "%userprofile%\desktop\look.txt"
notepad look.txt


Click in the new Notepad window and press Ctrl+V to paste the quote text in the window

In Notepad, click File > Save and save the file as "look.bat". Save it as "All Files" to your Desktop.
Close Notepad
Go to your Desktop and double-click on look.bat
A new Notepad window will open, click Edit > Select All
Then Edit > Copy and paste (Ctrl+V) the contents in your next reply.
When you have posted the contents here, please close the Notepad window.

Note: A cmd window will open - please leave this alone. It will close when you close the second Notepad window.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3003
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Ghosts in the Machine

Unread postby Duece » November 25th, 2007, 11:25 pm

After the chime comes back, I hope we can whack some more bugs!

Volume in drive C has no label.
Volume Serial Number is CCFF-E5BB

Directory of C:\Windows\Media

11/19/2007 12:08 AM <DIR> .
11/19/2007 12:08 AM <DIR> ..
08/29/2002 05:00 AM 97,016 CHIMES (1).wav
08/29/2002 05:00 AM 1,192 CHIMES (10).wav
08/29/2002 05:00 AM 171,100 CHIMES (11).wav
08/29/2002 05:00 AM 22,097 CHIMES (12).wav
09/01/2006 08:47 AM 8,636 CHIMES (13).wav
09/01/2006 08:47 AM 20,336 CHIMES (14).wav
09/01/2006 08:47 AM 2,202 CHIMES (15).wav
09/01/2006 08:47 AM 29,444 CHIMES (16).wav
08/29/2002 05:00 AM 6,400 CHIMES (17).wav
08/29/2002 05:00 AM 36,910 CHIMES (18).wav
08/29/2002 05:00 AM 53,864 CHIMES (19).wav
08/29/2002 05:00 AM 80,856 CHIMES (2).wav
08/29/2002 05:00 AM 39,382 CHIMES (20).wav
08/29/2002 05:00 AM 24,530 CHIMES (21).wav
08/29/2002 05:00 AM 17,132 CHIMES (22).wav
08/29/2002 05:00 AM 44,136 CHIMES (23).wav
08/29/2002 05:00 AM 42,576 CHIMES (24).wav
08/29/2002 05:00 AM 36,614 CHIMES (25).wav
08/29/2002 05:00 AM 36,636 CHIMES (26).wav
08/29/2002 05:00 AM 36,538 CHIMES (27).wav
07/17/2004 12:38 PM 20,336 CHIMES (28).wav
08/29/2002 05:00 AM 179,704 CHIMES (29).wav
08/29/2002 05:00 AM 24,253 CHIMES (3).wav
08/29/2002 05:00 AM 190,208 CHIMES (30).wav
08/29/2002 05:00 AM 1,404 CHIMES (31).wav
08/29/2002 05:00 AM 22,580 CHIMES (32).wav
08/29/2002 05:00 AM 48,988 CHIMES (33).wav
07/17/2004 12:38 PM 29,444 CHIMES (34).wav
08/29/2002 05:00 AM 43,762 CHIMES (35).wav
08/29/2002 05:00 AM 22,816 CHIMES (36).wav
08/29/2002 05:00 AM 19,458 CHIMES (37).wav
08/29/2002 05:00 AM 38,930 CHIMES (38).wav
08/29/2002 05:00 AM 22,070 CHIMES (39).wav
08/29/2002 05:00 AM 119,384 CHIMES (4).wav
08/29/2002 05:00 AM 282,608 CHIMES (40).wav
08/29/2002 05:00 AM 2,202 CHIMES (41).wav
08/29/2002 05:00 AM 424,644 CHIMES (42).wav
08/29/2002 05:00 AM 40,075 CHIMES (5).wav
08/29/2002 05:00 AM 25,434 CHIMES (6).wav
08/29/2002 05:00 AM 10,026 CHIMES (7).wav
08/29/2002 05:00 AM 5,212 CHIMES (8).wav
08/29/2002 05:00 AM 273,920 CHIMES (9).wav
08/29/2002 05:00 AM 55,776 CHIMES.WAV
09/01/2006 08:47 AM 8,636 Windows Feed Discovered.wav
09/01/2006 08:47 AM 20,336 Windows Information Bar.wav
09/01/2006 08:47 AM 2,202 Windows Navigation Start.wav
09/01/2006 08:47 AM 29,444 Windows Pop-up Blocked.wav
47 File(s) 2,771,449 bytes

Total Files Listed:
47 File(s) 2,771,449 bytes
2 Dir(s) 45,869,924,352 bytes free
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby Duece » November 26th, 2007, 12:00 am

It just save update failed to install. The update is 1.0 .net for xp service pack 3, while my system is running on service pack 2. Now I am thinking to just upgrade to Vista since windows is advising me to do so anyway. I am just a little nervous about Vista due to the rumors that I have heard about its performance.
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby km2357 » November 26th, 2007, 3:16 pm

Hi Duece.

Don't worry about the .Net upgrade for now, you do not need to update anything for Windows unless Windows Update says you need to. As for updating to Vista, that's a whole different operating system that you would have to buy.


Let's try this and see if we get your logon/logoff sounds/chimes back:



Step # 1: Run Batchfile

Start Notepad with a new window.
Copy the following from the quote box by highlighting all the text with your mouse and pressing Ctrl+C on your keyboard

for %%g in (
"C:\WINDOWS\Media\CHIMES (13).wav"
"C:\WINDOWS\Media\CHIMES (14).wav"
"C:\WINDOWS\Media\CHIMES (15).wav"
"C:\WINDOWS\Media\CHIMES (16).wav"
"C:\WINDOWS\Media\CHIMES (28).wav"
"C:\WINDOWS\Media\CHIMES (41).wav"
) do (
del /f /q %%g
)
ren "C:\Windows\Media\CHIMES (1).wav" chord.wav
ren "C:\Windows\Media\CHIMES (10).wav" start.wav
ren "C:\Windows\Media\CHIMES (11).wav" tada.wav
ren "C:\Windows\Media\CHIMES (12).wav" town.mid
ren "C:\Windows\Media\CHIMES (17).wav" "Windows XP Balloon.wav"
ren "C:\Windows\Media\CHIMES (18).wav" "Windows XP Battery Critical.wav"
ren "C:\Windows\Media\CHIMES (19).wav" "Windows XP Battery Low.wav"
ren "C:\Windows\Media\CHIMES (2).wav" ding.wav
ren "C:\Windows\Media\CHIMES (20).wav" "Windows XP Critical Stop.wav"
ren "C:\Windows\Media\CHIMES (21).wav" "Windows XP Default.wav"
ren "C:\Windows\Media\CHIMES (22).wav" "Windows XP Ding.wav"
ren "C:\Windows\Media\CHIMES (23).wav" "Windows XP Error.wav"
ren "C:\Windows\Media\CHIMES (24).wav" "Windows XP Exclamation.wav"
ren "C:\Windows\Media\CHIMES (25).wav" "Windows XP Hardware Fail.wav"
ren "C:\Windows\Media\CHIMES (26).wav" "Windows XP Hardware Insert.wav"
ren "C:\Windows\Media\CHIMES (27).wav" "Windows XP Hardware Remove.wav"
ren "C:\Windows\Media\CHIMES (29).wav" "Windows XP Logoff Sound.wav"
ren "C:\Windows\Media\CHIMES (3).wav" flourish.mid
ren "C:\Windows\Media\CHIMES (30).wav" "Windows XP Logon Sound.wav"
ren "C:\Windows\Media\CHIMES (31).wav" "Windows XP Menu Command.wav"
ren "C:\Windows\Media\CHIMES (32).wav" "Windows XP Minimize.wav"
ren "C:\Windows\Media\CHIMES (33).wav" "Windows XP Notify.wav"
ren "C:\Windows\Media\CHIMES (34).wav" "Windows XP Pop-up Blocked.wav"
ren "C:\Windows\Media\CHIMES (35).wav" "Windows XP Print Complete.wav"
ren "C:\Windows\Media\CHIMES (36).wav" "Windows XP Recycle.wav"
ren "C:\Windows\Media\CHIMES (37).wav" "Windows XP Restore.wav"
ren "C:\Windows\Media\CHIMES (38).wav" "Windows XP Ringin.wav"
ren "C:\Windows\Media\CHIMES (39).wav" "Windows XP Ringout.wav"
ren "C:\Windows\Media\CHIMES (4).wav" notify.wav
ren "C:\Windows\Media\CHIMES (40).wav" "Windows XP Shutdown.wav"
ren "C:\Windows\Media\CHIMES (42).wav" "Windows XP Startup.wav"
ren "C:\Windows\Media\CHIMES (5).wav" onestop.mid
ren "C:\Windows\Media\CHIMES (6).wav" recycle.wav
ren "C:\Windows\Media\CHIMES (7).wav" ringin.wav
ren "C:\Windows\Media\CHIMES (8).wav" ringout.wav
dir /s /a C:\Windows\Media > "%userprofile%\desktop\look.txt"
notepad look.txt



Start Notepad with a new window, click Edit > Paste
Save the file to your Desktop as media.bat Save as type: All Files
Close Notepad
Go to your Desktop and double-click on media.bat
A new Notepad window will open, click Edit > Select All
Then Edit > Copy and paste (Ctrl+V) the contents in your next reply.
When you have posted the contents here, please close the Notepad window.

Note: A cmd window will open - please leave this alone. It will close when you close the second Notepad window.

Let me know if the logon/logoff chimes are working on your computer.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3003
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Ghosts in the Machine

Unread postby Duece » November 26th, 2007, 7:55 pm

Volume in drive C has no label.
Volume Serial Number is CCFF-E5BB

Directory of C:\Windows\Media

11/26/2007 05:54 PM <DIR> .
11/26/2007 05:54 PM <DIR> ..
08/29/2002 05:00 AM 273,920 CHIMES (9).wav
08/29/2002 05:00 AM 55,776 CHIMES.WAV
08/29/2002 05:00 AM 97,016 chord.wav
08/29/2002 05:00 AM 80,856 ding.wav
08/29/2002 05:00 AM 24,253 flourish.mid
08/29/2002 05:00 AM 119,384 notify.wav
08/29/2002 05:00 AM 40,075 onestop.mid
08/29/2002 05:00 AM 25,434 recycle.wav
08/29/2002 05:00 AM 10,026 ringin.wav
08/29/2002 05:00 AM 5,212 ringout.wav
08/29/2002 05:00 AM 1,192 start.wav
08/29/2002 05:00 AM 171,100 tada.wav
08/29/2002 05:00 AM 22,097 town.mid
09/01/2006 08:47 AM 8,636 Windows Feed Discovered.wav
09/01/2006 08:47 AM 20,336 Windows Information Bar.wav
09/01/2006 08:47 AM 2,202 Windows Navigation Start.wav
09/01/2006 08:47 AM 29,444 Windows Pop-up Blocked.wav
08/29/2002 05:00 AM 6,400 Windows XP Balloon.wav
08/29/2002 05:00 AM 36,910 Windows XP Battery Critical.wav
08/29/2002 05:00 AM 53,864 Windows XP Battery Low.wav
08/29/2002 05:00 AM 39,382 Windows XP Critical Stop.wav
08/29/2002 05:00 AM 24,530 Windows XP Default.wav
08/29/2002 05:00 AM 17,132 Windows XP Ding.wav
08/29/2002 05:00 AM 44,136 Windows XP Error.wav
08/29/2002 05:00 AM 42,576 Windows XP Exclamation.wav
08/29/2002 05:00 AM 36,614 Windows XP Hardware Fail.wav
08/29/2002 05:00 AM 36,636 Windows XP Hardware Insert.wav
08/29/2002 05:00 AM 36,538 Windows XP Hardware Remove.wav
08/29/2002 05:00 AM 179,704 Windows XP Logoff Sound.wav
08/29/2002 05:00 AM 190,208 Windows XP Logon Sound.wav
08/29/2002 05:00 AM 1,404 Windows XP Menu Command.wav
08/29/2002 05:00 AM 22,580 Windows XP Minimize.wav
08/29/2002 05:00 AM 48,988 Windows XP Notify.wav
07/17/2004 12:38 PM 29,444 Windows XP Pop-up Blocked.wav
08/29/2002 05:00 AM 43,762 Windows XP Print Complete.wav
08/29/2002 05:00 AM 22,816 Windows XP Recycle.wav
08/29/2002 05:00 AM 19,458 Windows XP Restore.wav
08/29/2002 05:00 AM 38,930 Windows XP Ringin.wav
08/29/2002 05:00 AM 22,070 Windows XP Ringout.wav
08/29/2002 05:00 AM 282,608 Windows XP Shutdown.wav
08/29/2002 05:00 AM 424,644 Windows XP Startup.wav
41 File(s) 2,688,293 bytes

Total Files Listed:
41 File(s) 2,688,293 bytes
2 Dir(s) 39,658,328,064 bytes free
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby Duece » November 26th, 2007, 8:00 pm

:cheers: WHOO HOO!!! MY CHIME IS BACK!.......Can we whack some more bugs now?
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby km2357 » November 27th, 2007, 5:33 pm

Hi Duece.

That's great to hear that your chime came back. :thumbright:

Looking over your latest logs, I do not see anything else malware-related for me to take care of.

Regarding your problems with updating 1.1 .Net, that problem does not appear to be malware-related and is therefore out of my field/speciality. If you still have questions/problems with the upgrade, I will refer you to a few different forums where they would be happy to answer your questions:

Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require free registration before posting for help.


I would like you to remove/delete the following from your computer (if found):

Tools:

SmitfraudFix (Delete the SmitfraudFix folder from your Desktop)
ComboFix (Delete ComboFix.exe and CFScript.txt from your Desktop)
HostsXpert (Delete HostsXpert.zip from your Desktop)

Files:

KAV.txt (Delete it from your Desktop)
look.bat (Delete it from your Desktop)
media.bat (Delete it from your Desktop)
look.txt (Delete it from your Desktop)

Folder:

C:\ComboFix\
C:\QooBox\

Empty your Recycle Bin


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:
  • This is a good time to clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.
    • This will remove all restore points except the new one you just created.
    .

    The Disable/Re-enable System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
  • Make your Internet Explorer more secure This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    5. When all these settings have been made, click on the OK button.
    6. If it asks you if you want to save the settings, press the Yes button.
    7. Next press the Apply button and then the OK to exit the Internet Properties page.
    Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  • Use IE-SPYAD Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Windows Update Site Frequently It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miek ... ntion.html

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3003
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: Ghosts in the Machine

Unread postby Duece » November 27th, 2007, 6:43 pm

:cry: No more bugs? No more threads? What am I going to do now?.........

I guess I will just have to enjoy using the internet again.... :lol: Thanks to you and this university. I am very much appreciative of all of your efforts. I have learned a lot through this experience and I am very grateful. Honestly, I have been running a few scans the last couple of days and they have all returned green-light...no bugs...So the "Ghosts in the Machine" have been removed. Its been fun.....Rod :bigsmurf:
Duece
Regular Member
 
Posts: 26
Joined: November 10th, 2007, 3:44 am

Re: Ghosts in the Machine

Unread postby Elrond » November 28th, 2007, 12:47 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware