Free Malware Removal Forum

[ej1948]

O.K. so do I copy/paste the backup info first or do I follow the instructions to install the hosts file first? Also, go ahead and give me instructions to disable TeaTimer.

As I write this I see my modem (WebStar) from my local cable company flashing regularly for the PC but the Data light barely comes on and the computer is moving extremely SLOW. So frustrating!

[Odd dude]

O.K. so do I copy/paste the backup info first or do I follow the instructions to install the hosts file first? Also, go ahead and give me instructions to disable TeaTimer.

First you backup, then you install - the whole point of the backup is to be able to revert the installation should you not be happy with it.

To disable TeaTimer:

• Right-click on the Tea Timer icon in your system tray. It looks like this:
• If you have the new version 1.5: click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now unchecked. The Spybot icon in the System tray should now be now colourless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

This is not enough, there is a second step attached:

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go to the bottom of the vertical panel on the left and click Tools
• Now, also in left panel, click Resident - the pictogram shows a red/white shield.
• In the Resident protection status frame, uncheck the box labelled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File > Exit to close Spybot
• Reboot your machine for the changes to take effect.

As I write this I see my modem (WebStar) from my local cable company flashing regularly for the PC but the Data light barely comes on and the computer is moving extremely SLOW. So frustrating!

May just be a fluke - if the problem persists I recommend contacting your ISP (Internet Service Provider). If you think it may be a malware issue, feel free to post one more HijackThis log.

[ej1948]

I think I'm in over my head!!!

I copied and pasted the backup file. The MS DOS screen appeared for a nano-second. I tried it a second time and it did the same thing. Did I do it right?

I then went to the hosts info you gave me, copied and pasted the info and then clicked on the location where you said hosts could be downloaded. After I read everything I downloaded the hosts file which is in zip form. However, when I tried to run it all I could get was a dialogue box saying the files are password protected and to enter the password. I have no idea what it is so I cancelled the installation. What now???

After this is resolved I will post another HiJack This log because the data light on the modem is still barely flashing and my Task Manager Performance screen shows CPU usage of 2%.

I hate this computer!

[Odd dude]

I copied and pasted the backup file. The MS DOS screen appeared for a nano-second. I tried it a second time and it did the same thing. Did I do it right?

Yes.

I then went to the hosts info you gave me, copied and pasted the info and then clicked on the location where you said hosts could be downloaded. After I read everything I downloaded the hosts file which is in zip form. However, when I tried to run it all I could get was a dialogue box saying the files are password protected and to enter the password. I have no idea what it is so I cancelled the installation. What now???

The file is not password-protected.

Right-click HERE and choose Save Target As. Save it to your desktop. Right-click the zip-file you downloaded and choose Extract All. Accept all the default options (just keep clicking Next). At the last screen, put a check next to 'Show extracted files'. Once you click Finish, the folder containing the hosts file opens. Double-click mvps.bat (the .bat-part of the filename usually isn't there, that's perfectly normal) and you're done.

After this is resolved I will post another HiJack This log because the data light on the modem is still barely flashing and my Task Manager Performance screen shows CPU usage of 2%.

Just so you know - the data light on the modem should only flash when you're downloading something from the internet, and the CPU usage should only rise when your computer is executing instructions - the CPU usage does not rise by just having some programs open, it will only rise when those programs are requesting a CPU-intensive instruction set to be executed.

[ej1948]

Please walk me through removing everything that I did last night. It took my computer over 5 minutes to load the MalWare Removal page with your post! I couldn't get my home page (MSN.com) to load at all so I was only able to get on the Internet thru AOL.

[Odd dude]

Oh dear - that's not exactly what I had in mind!

This is very easy to undo - please copy and paste this to Notepad:

Code: Select all

@echo off
setlocal
set here=%cd%
cd c:\windows\system32\drivers\etc
chdir /d %systemroot%\system32\drivers\etc
attrib -r -s -a -h hosts
del /f /a hosts
copy hosts.backup hosts
if not exist hosts copy hosts.mvp hosts
if not exist hosts echo 127.0.0.1  localhost>hosts
attrib +r +s +h hosts
sc config dnscache start= demand
cd /d %here%
endlocal
shutdown -r
del %0

Save it to your desktop as "undo.cmd" and include the quotation marks when saving. Close all open windows (it will reboot your computer). Then double click the file undo.cmd on your desktop (the .cmd part may not show) and it'll undo everything we did.

[ej1948]

OK I followed your instructions and it rebooted like you said. I have two items on my desktop that I'm not sure of: Hosts (contains several files) and gmer.zip. Should I leave them?

Interestingly, I closed all windows including this one but after reboot I came back to the site and was still logged in and on this page.

Should I do a defrag?

[Odd dude]

OK I followed your instructions and it rebooted like you said. I have two items on my desktop that I'm not sure of: Hosts (contains several files) and gmer.zip. Should I leave them?

'Hosts' is the folder that contains the MVPs hosts file - you can delete it. 'gmer.zip' is from a tool we used, feel free to delete that as well.

Interestingly, I closed all windows including this one but after reboot I came back to the site and was still logged in and on this page.

That's normal, the website uses some sort of temporary cookie that keeps you logged in for a certain period of time (I never timed it, but it's something like 15 minutes, I believe). If you'd like to change this behaviour, all you need to do is explicitly logout by clicking 'Logout [ ej1948 ]' in the top-left part of the website.

Should I do a defrag?

A defrag rearranges the file on your hard disk to put bits of the same file closer together, so that access to that file is speeded up. It is never a bad thing to defrag!

[ej1948]

Once I defrag I think I should be o.k. again (for the 3rd time!). Thank you so much for your time and patience with me. It is much appreciated!

[Odd dude]

You're very welcome

Is it OK to close and archive this thread now?

[ej1948]

Yes, and thank you again so much. I appreciate all you've done for me.

[chryssi2001]

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.