Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

A Friend Needs Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby 'KotaGuy » April 27th, 2005, 9:06 pm

Got rid of snapple... which is good... that google thing is still there though :confused2:

Maybe something will show in the Silent Runners log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Unread postby rayzer » April 27th, 2005, 9:24 pm

Like I said, I'm really sorry about the delay, it seems I only get a reply from him in the early hours :(

I think he's logged off now so I doubt we are going to get this log same time tomorrow.

Thankyou for your patience with this, I will edit the logfile in (below the HJT one) when I receive it and bump the thread.

You can show me how silent runners works too :)
User avatar
rayzer
Regular Member
 
Posts: 75
Joined: March 7th, 2005, 9:04 am

Unread postby 'KotaGuy » April 27th, 2005, 9:33 pm

No problem.... got some more instructions for you to pass on though.

Have him fire up regedit again and go to the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Key.

Look for and delete any/all of the following entries if found:

".Prog"="%Windir%\system\services.exe"
"BuildLab"= "%Windir%\system\services.exe"
"ccApps"="%Windir%\system\services.exe"
"FriendlyTypeName"="%Windir%\system\services.exe"
"Microsoft Visual SourceSafe"="%Windir%\system\services.exe"
"RegDone"="%Windir%\system\services.exe"
"TEXTCONV"="%Windir%\system\services.exe"
"WMAudio"="%Windir%\system\services.exe"


Run and scan with HijackThis. With all other browsers and windows closed, place a check besdie the following and Fix:

O4 - HKLM\..\Run: [MsCom32Agent] C:\WINDOWS\System32\google.exe
O4 - HKLM\..\RunOnce: [*MsCom32Agent] C:\WINDOWS\System32\google.exe
O4 - HKCU\..\Run: [MsCom32Agent] C:\WINDOWS\System32\google.exe
O4 - HKCU\..\RunOnce: [*MsCom32Agent] C:\WINDOWS\System32\google.exe


Boot to Safe Mode. Search for and delete google.exe

Clean temp files, Recycle Bin, etc...

Reboot Windows normally and post a new log along with the Silent Runners log.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby rayzer » April 27th, 2005, 9:55 pm

Thanks :

He's currently online and said that he cannot download the silent runners file, it just takes him to that script page that I attempted to post :? I regave him the link to double check (tested it myself too) and he's assured me that all he gets when clicking on it is the script??

*Bangs head against the wall*

I will post that fix for him to try though :)
User avatar
rayzer
Regular Member
 
Posts: 75
Joined: March 7th, 2005, 9:04 am

Unread postby 'KotaGuy » April 27th, 2005, 10:48 pm

Have him copy/paste the contents of that link into a new text document.

Name it "SilentRunners.vbs". Save it as File Type "All Files".

He should then be able to run the script.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby rayzer » May 9th, 2005, 11:25 am

He hasn't got back to me since, I can only presume this topic is now dead :cry:
User avatar
rayzer
Regular Member
 
Posts: 75
Joined: March 7th, 2005, 9:04 am

Unread postby 'KotaGuy » May 9th, 2005, 7:58 pm

OK rayzer... let us know if there is a change in the situation.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware