Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: my hijack this log

Unread postby mrtomasulo » February 19th, 2008, 10:53 am

and computer is runnning very well.
mrtomasulo
Active Member
 
Posts: 13
Joined: January 30th, 2008, 11:39 pm
Advertisement
Register to Remove

Re: my hijack this log

Unread postby silver » February 19th, 2008, 8:32 pm

mrtomasulo wrote:and computer is runnning very well.

Great :)

Did look.txt appear on your Desktop? If so, please post the results - if not, please try again and let me know what happens.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijack this log

Unread postby mrtomasulo » February 25th, 2008, 10:25 am

Sorry for delay. Here is look.txt

Volume in drive C is OS
Volume Serial Number is 3A88-24D2

Directory of c:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6EMEZLU

02/15/2008 08:25 AM 266,240 wmiprves[1].exe
1 File(s) 266,240 bytes

Total Files Listed:
1 File(s) 266,240 bytes
0 Dir(s) 116,333,486,080 bytes free
mrtomasulo
Active Member
 
Posts: 13
Joined: January 30th, 2008, 11:39 pm

Re: my hijack this log

Unread postby silver » February 25th, 2008, 10:25 pm

Hi mrtomasulo,

That bad file is still there, please try removing it as follows:

Open Notepad: press Start, type notepad into the search box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
attrib -r -s -h "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6EMEZLU\wmiprves[1].exe" >> look2.txt 2>>&1
del /q /f "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6EMEZLU\wmiprves[1].exe" >> look2.txt 2>>&1
dir /a "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6EMEZLU\wmiprves[1].exe" >> look2.txt 2>>&1
del runme.bat

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop, right-click it and choose Run as administrator
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called look2.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijack this log

Unread postby silver » March 1st, 2008, 7:51 pm

How are you getting on?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijack this log

Unread postby mrtomasulo » March 2nd, 2008, 11:59 am

Sorry, here we go:

Volume in drive C is OS
Volume Serial Number is 3A88-24D2

Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K6EMEZLU

File Not Found
mrtomasulo
Active Member
 
Posts: 13
Joined: January 30th, 2008, 11:39 pm

Re: my hijack this log

Unread postby silver » March 2nd, 2008, 8:20 pm

Hi mrtomasulo,

That looks better, some important final steps:

You should now delete DSS.exe from your Desktop, also delete this folder:
C:\Deckard


Re-hide hidden/system files and folders:
Click Start Orb-> Computer, press Alt once, then from the top menu select Tools,
Click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

Re-enable Windows Defender real-time protection:
  • Open Start->All Programs->Windows Defender
  • Click on Tools from the top menu, then press Options
  • Scroll down to Real-time protection options, check Use real-time protection and press Save
  • Close Windows Defender

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start, then right-click Computer, select Properties then click System Protection
  • Next to You can create a Restore Point right now... click Create...
  • Type a name for the Restore Point like All Clean and press OK
  • Once the Restore Point has been created, press OK, OK and close the System dialog box.

Now remove old, infected System Restore points:
  • Next click Start, type cleanmgr in the search box and press Enter
  • Select Files from all users on this computer
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and confirm by pressing Delete
  • Then press OK and Delete Files to confirm

------------------------------------------------------------------------

If the above went well, I think your machine is now clean of malware :) here are some tips to help you keep it that way:

The DSS scan shows your antivirus and antispyware software as being outdated. If these programs do not have the latest updates then they cannot protect you effectively, make sure they are set to automatically update daily. If your ZoneAlarm antivirus and/or CounterSpy subscriptions have lapsed, either renew it or remove the relevant program and install another antivirus/antispyware. This is crucial for your security so if you need any assistance with this please let me know.

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Windows Update
Click Change settings on the left side, then select Install updates automatically and choose a suitable schedule

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijack this log

Unread postby mrtomasulo » March 4th, 2008, 12:09 am

Done, including installing the hosts file and WinPatrol.

I don't know how to thank you enough for all your valuable help, but thank you very much!
mrtomasulo
Active Member
 
Posts: 13
Joined: January 30th, 2008, 11:39 pm

Re: my hijack this log

Unread postby silver » March 4th, 2008, 12:33 am

You're most welcome, we're very happy to help :)
Best of luck!





This topic has now been closed. If you wish it reopened, please send an email to admin at malwareremoval.com with a link to your thread.

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware