Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

E2Give gives too much

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

E2Give gives too much

Unread postby madmurph » January 14th, 2006, 3:36 pm

Ran AdAware, Spybot S&D. The latter found E2Give, but couldn't remove, even after Safe Mode boot following complete power off. HJT as follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:10 AM, on 1/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Network Associates\VirusScan\VsStat.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\Network Associates\VirusScan\Vshwin32.exe
E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
E:\Program Files\Network Associates\VirusScan\Avconsol.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\Mixer.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\Program Files\BroadJump\Client Foundation\CFD.exe
E:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\HighPoint\RAID Administrator\raid.exe
E:\Program Files\Sony Handheld\HOTSYNC.EXE
E:\Program Files\Microsoft Office\Office10\msoffice.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Documents and Settings\Tomás\My Documents\Computers\SpyWare\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BJCFD] E:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MMTray] E:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = E:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAID Administrator.lnk = E:\Program Files\HighPoint\RAID Administrator\raid.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2908410899
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3686633990
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - E:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - E:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal
Advertisement
Register to Remove

Unread postby AndyAtHull » January 14th, 2006, 4:15 pm

Hi Madmurph,

I will have a look at your log and look up about E2Give. All my answers have to be double checked by a teacher before they are given to ensure you have the best advice available. Any problems, questions. Please reply to this thread only.

Andy :)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby madmurph » January 14th, 2006, 11:16 pm

Here's the SpyBot log, just in case.

E2Give: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4A5AB08F-72C5-4929-9D31-486132DD6FE1}

E2Give: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{4A5AF1B4-3A9C-402D-B079-C3A77283FC59}
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Unread postby AndyAtHull » January 15th, 2006, 12:56 pm

Hi Madmurph,

Your log looks clean. So let us move onto the E2Give problem. Spybot should pick this up as it is in there definitions.

----------

Click on Control Panel>Add/Remove. And look for:

E2give Plug-in
E2Give Browser Add On

or anything regarding E2Give or E2G

It may not be present but just to double check.
Becarefull when looking for this file as it can catch you out with the spelling.. If anything was uninstalled please do a reboot.

----------

Just to be sure we can look for any processes and kill them. press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open Windows Task Manager. Look for these if present. Don't panic if they are not.


ei.exe
filgmo.exe
pi1.exeprutsct.exe
prutpct.exe
pruttct.exe
ptech.exe
skytown.exe


Click on End Process for each of these found.

----------

In Windows Explorer, navigate to these files/folders in RED. Use Find (F3) or Start, Search if the folder is not shown; then Delete these folders, if present:
(Note - Make sure you delete the whole folder and not the content of the folders.

E:\E2Give
E:\Program Files\E2Give
E:\Program Files\E2G

If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete.
If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, click End Process, then retry delete.
(Note the name and location of any file you cannot delete.)

Empty your Recycle Bin.

----------

I would uninstall SpyBot. And download a fresh copy.Download Spybot S&D v1.4 from HERE and install.

Setting up Spybot S&D

1. In the Menu Bar at the top of the Spybot window you will see 'Mode. Make certain that 'default mode' has a check mark beside it.
2. Close ALL windows except Spybot S&D
3. Click the button to ‘Search for Updates’ then download and install the Updates.
4. click on the left had side of Spybot, Immunize. Make sure you Immunize the Permanent Internet Explorer Immunity from all bad objects.
5. Next click the button ‘Check for Problems'
6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and
‘GREEN’ entries in the window.
7. Make certain there is a check mark beside all of the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9. REBOOT to complete the scan and clear memory.


----------

This should solve your problem. Please let me know.

Andy :)
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby madmurph » January 15th, 2006, 3:36 pm

Negative. None of those programs, files, or processes could be found. Used advanced search, as well. Folder options are set to view hidden and system files. The following shows on the hard drive with a 1-14-06 creation date: hyberfil.sys Is this file a problem?
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Unread postby madmurph » January 15th, 2006, 4:03 pm

New ver. of S&D removed the registry entries. As always, thank you very much for the help and advice. Have a great remainder of the weekend! Cheers,
the Madman
User avatar
madmurph
Regular Member
 
Posts: 95
Joined: March 23rd, 2005, 1:13 am
Location: SoCal

Unread postby AndyAtHull » January 15th, 2006, 4:54 pm

Regarding going into Add/Remove about E2Give. It was just to check really. I'd rather write a fix out with that process than none at all and finding out it was in there in the first place. However the main process was to uninstall Spybot and install a fresh copy. And that would remove it.

As to hyberfil.sys. Hyberfil.sys is used for computer hibernation. Nothing bad. It is where the system mem goes when the system is "at rest"

----------

This is my post for when you are all clean - which you seem to be. Please adivise on any problems you may still have.:-

Hide System Files
1. Click Start.
2. Open My Computer.
3. SelectTools menu
4. Click Folder Options.
5. Select the View Tab.
6. Uncheck Show hidden files and foldersin the Hidden files and folders section.
7. Select Hide protected operating system files (recommended) option.
8. Check the Hide file extensions for known file types option.
9. Click Yes.
10. Click OK.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer


    Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Un-Check Turn off System Restore.
    Click Apply, and then click OK.
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Click here for more information on -> Computer Safety On line - Anti-Virus

    I would recommend Grisofts© AVG or AVAST©. As these are the more secure and better ones.
  4. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Click here for more information on -> Computer Safety On line - Software Firewalls

    I would recommend ZoneAlarm© as a firewall as it's easy to use. But for a more secure firewall, Sunbelts Kerio© is the one.
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Set up system to ensure a regular update of the Operating System.

    Automatically:
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click on Automatic Updates
    4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    5. Select the Day/Time of choice
    6. Click Apply
    7. Click OK


    Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  7. Install Spybot© - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  8. Install Lavasofts© Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  9. Install Javacools© SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here for more info -->Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically. Remember, A clean computer is a happy Computer :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby NonSuch » January 20th, 2006, 6:26 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 498 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware