Forum Home |  MWR University |  New to the Board? |  IRC Chatroom |  Who Runs This Site? |  ASAP Members |  Microsoft MVP Members |  Downloads |  Good & Bad P2P Programs |  Our Rules

MalWare Removal Forum

Malware Removal University - Teaching people how to support those with infected computers - Teaching them to never give up untill your computer is clean and secure.

Tutorials (etc.) : Boot to Safe Mode - Safely - What to do if your Computer's running slowly
It is currently Tue 21 May, 2013 3:37 pm

View unanswered posts | View active topics


Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Forum rules


Please read > >THIS ANNOUNCEMENT< < before posting your NEW topic about your problem.

Please do NOT reply to your topic until a staff member has responded as they are looking for topics that have ZERO replies.

Paste your logs into your post. DO NOT USE ATTACHMENTS! Logs posted as attachments will be ignored and the topic will be closed.

If no expert has replied after 3 days, and you still require assistance, please post in our 72 hour bump room > > CLICK HERE < < Please do NOT reply to your own topic in an attempt to "bump" it. Bumped topics will be closed, requiring you to start again from the beginning.

If you are being helped and you haven't replied to your helper within 3 days of their last post, your topic will be closed as inactive. If that happens, you will need to start a new topic when you have the time available to promptly complete all instructions.

If your topic has been closed due to inactivity, do NOT request that your topic be reopened - we do NOT reopen topics unless they have been closed in error - you will need to start a NEW topic with NEW DDS logs. Do NOT attempt to start a new topic with a post that is essentially a reply to your closed topic.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 3 of 8
  [ 112 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6 ... 8  Next
  Previous topic | First unread post | Next topic 
Author Message
Bertha
 Post subject:
New postPosted: Mon 28 Mar, 2005 7:59 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Ypu couldnt find the file anywhere? (to upload it)

Bertha

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Mon 28 Mar, 2005 8:23 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
that's an affirmative -- nowhere to be found. T
_________________

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Mon 28 Mar, 2005 8:47 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hav you tried looking for it with all your hidden files and folders showing:

Showing Hidden Files and folders see here
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also I am working on writing a fix up for you (bear with me)

Bertha

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Mon 28 Mar, 2005 9:17 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey madmurph

Print the following instructions off as you will need to be offline

Add Remove Programs

Start - Control Panel – Add/Remove Programs (Might not be there)

SurfSideKick2 (or similair)

Reboot Normally

Ending Process’s

Open task Manager (alt+ctrl+del)[/b] and click the process’s tab
Highlight if found:

tsad.exe
n?lookup.exe

Then click end process

Run Hijackthis and with all windows closed put a check mark next to the following

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKCU\..\Run: [Arma] C:\Documents and Settings\Mom & Dad\Application Data\tsad.exe
O4 - HKCU\..\Run: [Flpyxjlp] C:\WINDOWS\system32\n?lookup.exe

If you did not place these in your trusted zone check them for removal

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

Click "FIX"

Reboot into safe mode see here if you dont know how:
http://service1.symantec.com/SUPPORT/ts ... ec_doc_nam

Showing Hidden Files and folders see here
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Using Windows Explorer look for and delete the following:

aimsgr.exe - look in the windows folder/program files or the system32 folder (file)
C:\Program Files\SurfSideKick2 (folder)
C:\Documents and Settings\Mom & Dad\Application Data\tsad.exe (file)

Reboot

Launch Notepad, and copy the text in the box below into a new text file, save as

File name: Findfile.bat
Save as type: All files

Save it to your desktop
Code:

Quote:
dir C:\WINDOWS\system32\n?lookup.exe /a h > files.txt
notepad files.txt


Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it.

Please post the text in your reply and a New Hijackthis Log

Bertha
_________________

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Mon 28 Mar, 2005 11:43 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
SurfSideKick2 not present in Add/Remove control panel, nor under "04" Run. n?lookup.exe not in Task Manager. Neither R1 process or the 015 "trusted" showed in HJT log. The TSAD.exe file only showed under a "prefetch" item.

Filefind.bat log:

Volume in drive C has no label.
Volume Serial Number is 54CD-C0B7

Directory of C:\WINDOWS\system32

08/03/2004 11:56 PM 76,800 nslookup.exe
03/01/2005 07:15 AM 417,792 n?lookup.exe
2 File(s) 494,592 bytes

Directory of C:\Documents and Settings\Mom & Dad\Desktop



HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:47:01 PM, on 3/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\SpyWare\New Folder\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/prof ... itStop.CAB
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.14.33/ttinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/act ... Atchmt.ocx
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Wed 30 Mar, 2005 4:16 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
Am I still on your list, or did I exceed the allocated page count? Cheers, T

Top
 Profile  
 
ChrisRLG
 Post subject:
New postPosted: Wed 30 Mar, 2005 4:25 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Thu 16 Dec, 2004 3:04 pm
Posts: 17763
Location: Southend, Essex, UK
If bertha has not replied by tonight (my time UK) I will post for you - no we do not give up - British Bulldogs never do.

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Wed 30 Mar, 2005 5:07 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey madmurph,

Sorry for the wait and as ChrisRLG said we Dont Give Up

Ok just the remaining Malware to deal with

You may like to copy this fix to a Notepad so that you can refer to it

Showing Hidden Files and folders see here http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Using Windows Explorer find and Delete the following File

C:\WINDOWS\System32\n?lookup.exe

When searching for this file you may find two instances of:

nslookup.exe

If you do then check the file size by right clicking on the file and selecting properties. The file you want to delete is 417,792 bytes big

Post a New Log Back Here

Bertha

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Wed 30 Mar, 2005 8:18 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
Hey there -- the only nslookup.exe files that show are 75KB big; one in Sys32 and one in ServicePackFiles. Neither of the size you indicate. To do?

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Wed 30 Mar, 2005 8:30 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
Hey Bertha -- (I knew you were Britts -- that "niggle" thing) Diregard prev. msg, file found and deleted. Here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:20 AM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\SpyWare\New Folder\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://support.gateway.com/support/prof ... itStop.CAB
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.14.33/ttinst.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/act ... Atchmt.ocx
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Thu 31 Mar, 2005 11:53 am 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey madmurph,

Sorry about the wait but for the past week or so and the next few days time is a big problem for me.

Anyway Well Done your ALL CLEAN

Install these for safer surfing:

http://www.javacoolsoftware.com/spywareblaster.html Update when downloaded, SpywareBlaster prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially dangerous sites in InternetExplorer.


http://www.javacoolsoftware.com/spywareguard.html Update when downloaded.
SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.


https://netfiles.uiuc.edu/ehowes/www/resource.htm
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites, that aren't actually innocent at all.


Privacy Keeper
http://www.unhsolutions.net/IEPK/index.shtml

Privacy Keeper Manual:
http://www.unhsolutions.net/IEPK/manual


Check for updates for Windows and Internet Explorer every week or so. Download each critical update one by one, rebooting when necessary.. Repeat this until you get the message "no critical updates available"

http://windowsupdate.microsoft.com/

Also reset your system Restore Points

To disable System Restore

Close all open programs.
On the Windows desktop, right-click My Computer > Properties.
On the Performance tab, click File System.
On the Troubleshooting tab, check Disable System Restore, click OK, and
then click Close.
Click Yes to restart.
This disables the System Restore feature and will purge the contents of
the _RESTORE folder when the system is restarted.

To re-enable System Restore
Close all open programs.
On the Windows desktop, right-click My Computer > Properties.
On the Performance tab, click File System.
On the Troubleshooting tab, uncheck Disable System Restore, click OK,
and then click Close.
Click Yes to restart.

Bertha

Top
 Profile  
 
madmurph
 Post subject:
New postPosted: Mon 04 Apr, 2005 10:57 pm 
Offline
Regular Member
User avatar

Joined: Wed 23 Mar, 2005 6:13 am
Posts: 72
Location: SoCal
Huntbar still shows up in MS antiSpy Beta -- says it cleaned it, but doesn't; and SpyBot (which wants a restrart to clean, and then doesn't); cannot access the WinTools folder in registry to delete -- error message "access denied". What to do?

Top
 Profile  
 
Bertha
 Post subject:
New postPosted: Mon 04 Apr, 2005 11:03 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Sun 06 Feb, 2005 6:17 pm
Posts: 2053
Location: Midlands
Hey madmurph,

Post a new Hijackthis Log and we'll see whats happening

Bertha

Top
 Profile  
 
ChrisRLG
 Post subject:
New postPosted: Sat 16 Apr, 2005 12:09 am 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Thu 16 Dec, 2004 3:04 pm
Posts: 17763
Location: Southend, Essex, UK
Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Top
 Profile  
 
ChrisRLG
 Post subject:
New postPosted: Fri 22 Apr, 2005 3:20 pm 
Offline
MRU Emeritus
MRU Emeritus
User avatar

Joined: Thu 16 Dec, 2004 3:04 pm
Posts: 17763
Location: Southend, Essex, UK
Topic reopenned on request.

Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 3 of 8
  [ 112 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6 ... 8  Next

Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 13 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Member site: Alliance of Security Analysis Professionals | UNITE Against Malware

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group