Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help me, I'm infected...;((

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby clanta » December 8th, 2006, 10:29 am

No... i don't understand... maybe my english isn't so good too... but, the problem is that I couldn't open any page from a link.
For example, I check my email on yahoo, I see that I have 1 unread message, I click on it, but nothing happen... nothing! the link dont work and I cannot open the message.
Samer thing with Panda and Kaspersky too... when I click on "Scan now" button, nothing's happened.
I don't know how to expalin you, but it's like any link is not active and I cannot access pages or new windows under this links.

Hope you understand now... please help me!
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm
Advertisement
Register to Remove

Unread postby Linkmaster » December 8th, 2006, 11:14 am

Make sure you have closed all IE windows

Open Notepad (Start, All programs, Accessories, Notepad)
Copy and Paste the following RED text into Notepad :

regsvr32 Shdocvw.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Actxprxy.dll
regsvr32 Mshtml.dll
regsvr32 Urlmon.dll
regsvr32 Msjava.dll
regsvr32 Browseui.dll


Save the file as IEfix.cmd
Set Save as type to All Files and save it to your desktop
Double Click IEfix.cmd file

Reboot and try the links again !

Post a fresh HijackThis log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby clanta » December 8th, 2006, 11:29 am

No changes... here is the fresh hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 5:27:32 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Parental Filter\ParentalFilter.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - (no file)
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ParentalFilter] C:\Program Files\Parental Filter\ParentalFilter.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... canner.ocx
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.romtelecom.ro/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7987469990
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promot ... 371110.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm

Unread postby clanta » December 8th, 2006, 12:14 pm

Strange thing!?

I try to make windows update, but the page http://windowsupdate.microsoft.com, show me a blank page... a white one, nothing I mean...

I try to open bitcommet, but a message who tel me that I need MSXML3, appear... Itry to download this file from microsoft, but no link under the name of the file... I mean no link to click on, in oredr to download the file...

OMG... that's Xfiles ???
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm

Unread postby Linkmaster » December 8th, 2006, 1:33 pm

Go to Try F-Secure BlackLight
Choose I ACCEPT then click Download Blacklight Beta graphical user interface version to download Blacklight to your Desktop
Double-click blbeta.exe then accept the agreement
Click Scan then click Next
You'll see a list of all items found
There will also be a log on your desktop with the name fsbl.xxxxxxxxxxxxxx.log (the xxxxxxxxxxxxxx stand for numbers).
Copy and Paste the contents of the fsbl.xxxxxxxxxxxxxx.log here
Do Not choose the rename option yet!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby clanta » December 8th, 2006, 1:48 pm

OK, here it is:

12/08/06 19:46:47 [Info]: BlackLight Engine 1.0.47 initialized
12/08/06 19:46:47 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/08/06 19:46:47 [Note]: 7019 4
12/08/06 19:46:47 [Note]: 7005 0
12/08/06 19:46:50 [Note]: 7006 0
12/08/06 19:46:50 [Note]: 7011 1620
12/08/06 19:46:50 [Note]: 7026 0
12/08/06 19:46:50 [Note]: 7026 0
12/08/06 19:46:54 [Note]: FSRAW library version 1.7.1020
12/08/06 19:47:18 [Note]: 2000 1012
12/08/06 19:47:18 [Note]: 2000 1012
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm

Unread postby clanta » December 8th, 2006, 6:18 pm

I'm dead...

IE doesn't work anymore...

LAN is connected, but no IP, no Subnet mask, no DEf. Gateway...

when I click repair, message "failed to query TCP/IP settings of the connection. cannot proceed" appear...

This message I wrote on my laptop and I hope you help me to fix my desktop... the first idea in my mind is now to format C: and reinstall windows...

I am hopeless...
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm

Unread postby Linkmaster » December 9th, 2006, 8:15 am

Did you uninstall Trend Micro ??

Are you getting popups from your firewall ??

Has IE always done that or has it justed started and gotten worse ??

Are you getting any error messages ??

Did you install this :

O4 - HKLM\..\Run: [ParentalFilter] C:\Program Files\Parental Filter\ParentalFilter.exe

If not :
Go to Start, Control Panel, Add/Remove Programs
Uninstall ParentalFilter
Try using IE to get on the Internet

Post a fresh HijackThis log here
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA

Unread postby clanta » December 9th, 2006, 12:12 pm

Thanks, but too late...

I formatted my C: and reinstall windows...

I have only one wish now... Please help me to choose a good security software... wich one you recommend for a good& efficient protection?

Thank you very much, for all your support!
clanta
Regular Member
 
Posts: 23
Joined: December 4th, 2006, 3:20 pm

Unread postby Linkmaster » December 10th, 2006, 12:07 pm

Well, sorry it came to that !!

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software :
*Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests
*Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
*Restrict the actions of potentially dangerous sites in Internet Explorer.
*Consumes no system resources

*Download, run, check for updates, download updates, select all, protect against checked. All done
*Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Outpost Firewall Free© by Agnitum Ltd
Jetico Personal Firewall© by Jetico, Inc.

Alternative Browsers :
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness
FireFox© by Mozilla
Opera© by Opera Software ASA

Install Java :
Java Runtime Environment© Sun Microsystems. It's much more secure than Microsoft's Java Virtual Machine

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware