Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Posted for godivarides

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 12:38 pm

Hi, Sandra,
If I was you then I would leave alone if it's not broke don't fix it, a phrase that comes to mind. :)
I would hate to say go ahead and lose the data base as I'm not to familiar with that program.

As for the software you mentioned, I have to be honest I don't know, just a little out my area expertise.

As I mentioned you can fix this line with HJT if you need it you can start it manually.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Well Sandra, we have come a long way,well done for staying with it and replying to my posts on a frequent basis ,makes things a lot easier to get on top of these infections. your a\v and firewall should be fine just remember to update them regularly.
malwarebytes is a good program to keep in your tool box,again update on a regular basis before scanning as new definitions come out almost every day.



Congratulations you are clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Create a new System Restore Point
This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.5.2
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here
Find here changes from older version 1.4 here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Kind regards Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 2:48 pm

Hi Dan

As per your last post, I have:

a) deleted the 04 line via HJT
b) created a new restore system date

I could not perform this last task:

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

*******************

Start ->Run -> only provides me to open a file/folder - does not offer "more options".
When I entered the string, "cleanmgr" it asks for drive and then performs a systems check for space.

What have I missed?

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 2:51 pm

Hi Dan

oops! I forgot the last part ... thank you for the recommendations and I will complete the Malware complaints form you provided!

My greatest appreciation to you and Piney for all your time and attention! My system is running much faster and (obviously) cleaner!

Is there anything I have loaded you would advise to remove?

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 2:57 pm

Dan... one last quirk ... over this past week, I noticed a number of email addresses are missing from my address book - these are long time emails or interestingly, emails I use quite regularly. They are not in my address book and must be added. What do you make of this?

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 2:58 pm

I could not perform this last task:

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.


please give it time for the progress bar to complete and then you will see "more options" tab ;)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 3:00 pm

godivarides wrote:Dan... one last quirk ... over this past week, I noticed a number of email addresses are missing from my address book - these are long time emails or interestingly, emails I use quite regularly. They are not in my address book and must be added. What do you make of this?

Sandra

I will look into it for you, maybe with all the problems you have had they may of been lost.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 3:22 pm

I noticed a number of email addresses are missing from my address book - these are long time emails or interestingly, emails I use quite regularly. They are not in my address book and must be added. What do you make of this?

which email client?
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 6:21 pm

Hi Dan

Sorry for the delay in responding, from your recommended list, I've installed:
SpywareGuard
SpywareBlaster
WinPatrol
FireTrust SiteHound

MVPS Hosts File is the problem child - downloaded, tried unzipping, searched for it, followed the manual extraction instructions, still can't find it, let alone run it! I know it's lurking on my system somewhere!

I haven't used either Secunia or F-Secure yet.

I rebooted and Spyware Terminator automatically began a scan and post another HJT report below.

What do you recommend with the other AV, AS on my system and will they all conflict?
Avast
AdAware
Spyware Terminator
SuperAntiSpyware (this one actually kick started my system when Piney sugg Combofix)
XoftSpySE
Zonealarm

Email addresses have been from all over, it isn't restricted to one or two, at least 12+, however, I do have them in my inbox, when I see the field isn't auto-populating with the rest of the address, I know it's been wiped out.

Thank you so much!!

Sandra



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:52 PM, on 02/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


--
End of file - 2004 bytes
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 6:42 pm

Hi Sandra your HJT log seems to be cut off, I don't need to see it any more as I'm happy your clean.
Don't get yourself to bogged down with antimalware programs as we don't want slow downs. what you have presently should be adequate, but please do take on board my advise regarding p2p sites,the sites may be clean but the files people send are not always :(
Remember only one a\v needs to be on a system same goes for a firewall or else were going to have conflicts!
I need to know which email client were talking about to look into your issue. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 6:45 pm

Hi Dan

I think I found the ACT file you mentioned earlier.

Spyware Terminator ran the fastest time ever for a full scan and it took just over an hour!

Nothing found.

I reviewed the "unknown" list and moved some of the items to the "safe list" and then found ACT7 in the start up file - it was a trial version to promote upgrades.

c:\ProgramFiles|ACT\ACTforWin7|APL.exe

I removed it via Spyware Terminator.

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 6:51 pm

Dan

Do you want the various email addresses? Sorry, I'm not understanding. It would like trying to email you, and I type your name and the autopopulate field doesn't kick in. I would need to type in your entire email address, as there is nothing in the memory, like the entry was deleted from the address book. Truly this is not biggie, just stops me when I encounter it.

Ok, so now I've inundated myself with AV & AS programs - are the ones you've recommended stronger/strongest in detection and eliminate the rest?

Sandra
ps, I'm amazed at how fast my system is, it's like jet propulsion!
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 7:07 pm

All I wanted to know do you use outlook express? hotmail ?
or a web based email as it helps to search your problem, it may be that i have to forward you on as it's not my field.
I can but try :)

I will give mine as an example I have nod 32 which is a paid version which has a firewall also. I use spybot search and destroy, adaware 2007 and run with a host file, I use malwarebytes also. I do regular scans, updating definitions first then I will defrag the system on a regular basis to keep on top of things and it suits me.

As I explained to you you only want one a\v and one firewall your statement here was making me think you were having additional a\v's I hope I have cleared this one up with you.It's not so important having a few antimalware programs running.
Ok, so now I've inundated myself with AV & AS programs
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby godivarides » July 2nd, 2008, 7:14 pm

Gotcha! It's the address book in Outlook Express.

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Posted for godivarides

Unread postby dan12 » July 2nd, 2008, 7:28 pm

Will look into it for you, again it's late here so will catch you at some point tomorrow.
dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Posted for godivarides

Unread postby dan12 » July 3rd, 2008, 2:37 pm

Hi, Sandra sorry for delay,have not forgot you just catching up :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware