Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My HijackThis log file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My HijackThis log file

Unread postby mannzee » June 26th, 2010, 2:23 pm

----
Not sure what happened there? Here is the Kaspersky log. Thanks
----------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 25, 2010 14:56:40
Records in database: 4301363
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 181519
Threats found: 2
Infected objects found: 2
Suspicious objects found: 2
Scan duration: 06:20:20


File name / Threat / Threats count
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Zhelatin.ct 1
C:\Documents and Settings\Dorothy\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\N360_BACKUP\Drive_C\Documents and Settings\Dorothy\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Zhelatin.ct 1
C:\N360_BACKUP\Drive_C\Documents and Settings\Dorothy\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

Selected area has been scanned.
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am
Advertisement
Register to Remove

Re: My HijackThis log file

Unread postby deltalima » June 27th, 2010, 6:21 am

Hi mannzee,

Threats found: 2


Firstly please log into the computer as user Dorothy, open Outlook Express and them Empty Deleted Items.

The second infection is stored in a subfolder of C:\N360_BACKUP\Drive_C , I recommend that you create a new bakup of drive C: and then delete this one.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 20.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version

Let me know when the above has been completed then we can finish off the remaining few tasks.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby mannzee » June 27th, 2010, 6:58 am

Hi Deltalima, quick question Dorothy never had outlook express set up on this computer however she is setup with outlook on laptop which connects wireless to this one . I'm having major issues with her laptop and was going to start on that as soon as I finish with this one. Not sure how to proceed. Thanks
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby deltalima » June 27th, 2010, 7:09 am

Hi mannzee,

Dorothy never had outlook express set up on this computer


In that case it should be safe to delete the file

C:\Documents and Settings\Dorothy\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby mannzee » June 27th, 2010, 7:26 am

Deltalima , I located the above file and deleted it. However when I tried to download adobe's lastest verison Internet Explorer security warning poped up and blocked from doing so. Whats up with that?
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby mannzee » June 27th, 2010, 8:00 am

Here is the error message


Internet Explorer has closed this webpage to help protect your computer

A malfunctioning or malicious add-on has caused Internet Explorer to close this webpage.
What you can do:
Go to your home page

Try to return to adobe.com

More information

Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on.
Other things you can do:
Go online to learn about the Data Execution Prevention (DEP) security feature
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby deltalima » June 27th, 2010, 9:45 am

Hi mannzee,

Please reboot and try again, make sure you untick any extas that are offered to be downloaded.

That link downloads fine for me. Do you have access to another computer that you could download to and transfer using a USB memory stick?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby mannzee » June 27th, 2010, 10:00 am

Not at this moment My wife's laptop cannot connect to the internet. I worked with dell for 3.5 hours last wk did system restore and ran a bunch of scans removed infected files. This worked fine for 2 days then same issue again.
I'll try rebooting and I did untick extras before downloading . What happens is Active X dissapears before I can click on it to allow download . Thanks
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby deltalima » June 27th, 2010, 11:09 am

Hi mannzee,

Are still having computer lock and blue screen issues ?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby mannzee » June 27th, 2010, 6:37 pm

Hi Deltalima, my computer is working great. The only issue that I havn't been able to address is the Adobe download. I really have no idea why it kicks me before I can click on Active X button.
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby deltalima » June 28th, 2010, 3:14 am

Hi mannzee,

my computer is working great.


Good!

The only issue that I havn't been able to address is the Adobe download.


Let's try to reset Internet Explorer to it's default settings.


Reset IE8:

  • Please download Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE8.
  • Next time IE8 is launched you will be prompted to reapply settings again, this is normal.
  • Note: Any add-ons will require to be reapplied after the above reset.

Now please try the Adobe link again and let me know if it works now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby mannzee » June 28th, 2010, 10:35 am

Hi Deltalima, installed Microsoft Fixit and still couldn't open adobe same error message pops up. Thanks
mannzee
Regular Member
 
Posts: 15
Joined: June 20th, 2010, 7:32 am

Re: My HijackThis log file

Unread postby deltalima » June 28th, 2010, 10:47 am

Hi mannzee,

Pleases copy the following URL and paste into the address bar in Internet Explorer.


Code: Select all
ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.3/enu/AdbeRdr930_en_US.exe


Download and save the file and then execute it to install Adobe Reader v9.30

Once installed use Help then Check for Updates to update to the latest version.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: My HijackThis log file

Unread postby Elrond » July 1st, 2010, 12:09 pm

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware