Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

The BIG RED X

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: The BIG RED X

Unread postby dan12 » April 3rd, 2008, 4:45 am

When I get to system restore and click on "create a restore point" it goes to a screen that says"type a description for your restore point in the following text box. Ensure that you choose a description that is easy to identify in case you need to restore your computer later on."


So for this you could put "My pc restored clean by dan12 " << my example..The date and time will be added automatically, it's just a reminder for yourself.

When I go to "Start - Run" and type in 'cleanmgr" it does not have the "more options" box.

Once you put in the above information ( My pc restored clean by dan12 )then try again
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: The BIG RED X

Unread postby conky » April 3rd, 2008, 8:27 am

When I get to system restore and click on "create a restore point" it goes to a screen that says"type a description for your restore point in the following text box. Ensure that you choose a description that is easy to identify in case you need to restore your computer later on."


So for this you could put "My pc restored clean by dan12 " << my example..The date and time will be added automatically, it's just a reminder for yourself.

Did this and it worked

Quote:
When I go to "Start - Run" and type in 'cleanmgr" it does not have the "more options" box.

Once you put in the above information ( My pc restored clean by dan12 )then try again

In the start - run box after typing in "cleanmgr" it still only has a browse box.

Should I use the system restore and go to the notation made instead? What I am missing?

Thanks, Debbie

_________________
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby dan12 » April 3rd, 2008, 8:47 am

Looking into it for you :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby dan12 » April 3rd, 2008, 10:52 am

Step 1 Which I believe you have done

Click on Start > Accessories > System Tools > System Restore. You will see the following window:

Image

Select Create a restore point option and click Next.

Step 2

Enter a name for this system restore point and click the Create button. Which you have done

Image

This is the point I think your having problems, ater you have put into the run command "cleanmgr"

After this box is shown...Allow the progress bar to complete :)

Image

You will see this... Click the tab to the right more options

Image
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby conky » April 5th, 2008, 8:08 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-05 05:04:52
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Anti-Virus - SBC Yahoo! Online Protection 7.0.7.4 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040467 adware/elitebar Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\internet settings\user agent\post platform\iebar
00046021 adware/megasearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq205.tmp
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B3.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AC.tmp
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq204.tmp
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1FE.tmp
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp
00145433 Cookie/Mammamediasolutions TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq203.tmp
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AE.tmp
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B0.tmp
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp
00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AF.tmp
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp
00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq202.tmp
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq200.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B4.tmp
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp
00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq201.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B1.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby dan12 » April 6th, 2008, 4:48 am

The scan just picked up a couple of registery entries and the rest were cookies which have been quarantined by your a\v.

Copy/paste the following text into a new Notepad document. (You must use Notepad, NOT Wordpad). Make sure that you have NO blank lines at the beginning of the document before REGEDIT4, and ONE blank line at the end of the document as shown in the quoted text:

Code: Select all
REGEDIT4

[-hkey_local_machine\software\microsoft\windows\currentversion\internet settings\user agent\post platform\iebar]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}]



Save it to your desktop as Fixme.reg. Save it as follows...
File Type: "All Files" (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.


Please post a Further HJT log
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby conky » April 6th, 2008, 10:29 am

Hi Dan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:22 AM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.windowsdownloads.com/success.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON PictureMate Deluxe (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P33 "EPSON PictureMate Deluxe (Copy 1)" /O6 "USB004" /M "PictureMate Deluxe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON PictureMate Deluxe (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.EXE /P33 "EPSON PictureMate Deluxe (Copy 1)" /M "PictureMate Deluxe" /EF "HKCU"
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://images.autodesk.com/adsk/files/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3703931719
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

--
End of file - 7028 bytes
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby dan12 » April 6th, 2008, 10:35 am

Did the registry fix go ok?
Do you still have the big red x on the c: drive?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby conky » April 6th, 2008, 10:40 am

Merged successfully.
Big red x is still there.
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby conky » April 6th, 2008, 10:50 am

Dude, look what I found

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]

IT IS GONE.

One more question - can I delete the quarantined files, or should they just stay there?
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby dan12 » April 6th, 2008, 11:09 am

Yes, I'm aware of that fix for it but wanted to check other ways first before attempting a reg fix.
Have you carried out the reg fix? be very carfull when delving into registry.
let me know so we can move on.
Thanks dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby conky » April 6th, 2008, 11:21 am

What about the quarantined files? Can they be dumped?
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm

Re: The BIG RED X

Unread postby dan12 » April 6th, 2008, 11:36 am

I assume you carried out the reg fix then as it's not there anymore?
What about the quarantined files?
They are safe there nothing sinister just cookies.
Can they be dumped?
Yes :) you can.

I'm just going over your last HJT log will post back soon :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby dan12 » April 6th, 2008, 11:59 am

Well done!
Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Create a new System Restore Point
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: The BIG RED X

Unread postby conky » April 6th, 2008, 12:31 pm

You are my forever hero. Thanks for your patience through the process. I have learned a ton and you have given me a lot of great tools!
conky
Regular Member
 
Posts: 27
Joined: March 24th, 2008, 5:28 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware