21 replies to this topic

[Siggyx]

Download hijackthis to its own folder C:/HJT for example. Extrat the zip file to that folder. Then close all browseer windows, open hijackthis and click on scan. Once the scan has completed click on Save Log, this will produce a text file log. Highlight all of the information from in that text box then right click and copy. Come back to this post you made and click on "add reply" at the bottom right and a new window will open. Paste the hijackthis log into the new window hit add reply in that new window.

HJT download >>> http://www.softpedia.../10-17-69.shtml

[Siggyx]

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically. If not please restart manually
Post the contents of the logfile c\windelf.txt, along with a new hijackhislog.

[Siggyx]

You have multiple infections and we need to almost take them out one at a time based on the most serious to the least.

You will need to now disable Teatimer or it may block the removal. Tutorial here >>>>
http://russelltexas....re/teatimer.htm

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

[Siggyx]

Scan with hijackthis and put a check beside these lines and choose FIX

O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s

O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\system32\msvcp.exe

O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe

O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe

O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe

O20 - Winlogon Notify: htproc - htproc32.dll (file missing)

O21 - SSODL: iDRwB - {1432F3A0-BE98-590A-5773-194053AF7CA2} - C:\WINDOWS\system32\tlhgj.dll (file missing)

O21 - SSODL: fldrsys - {ECE572DC-D917-4C85-8EE5-2D85BC71A22F} - fldrsys.dll (file missing)

Then reboot to safe mode by taping f8 then make sure that all hidden files and visable tutorial here >>>> http://www.xtra.co.n...1916458,00.html

Delete these files or folders if present

C:\WINDOWS\System\svwhost.exe <<<file (be careful as it is closele named to a legitimate file)

C:\WINDOWS\system32\msvcp.exe <<< file

C:\Program Files\WinHound <<<folder

Then reboot and a new hijackthis log please.

[Siggyx]

Scan with ewido again and then post the log it produces also please post a log from a kapersky

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    • Extended (If available otherwise Standard)
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[Siggyx]

I would remove this file if still present

svwhost.exe.bat

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

Then a new ewido scan and log and a new hijackthis log please. How are things running after the scans?

[Siggyx]

Downloaded, unzipped and ran Ragseeker. That part worked well. Even choosing to backup all deleted items and selecting all (green and red) items. But I could not figure out how to delete the selected items.

When the scan is complete click on "select all" then put your cusrsor over the hilighted area and then right click and choose "delete selected items".

That should clean them all out.

I can understand your time issues and work, we all volunteer our time here and sometimes real life gets in the way. If and when time permits and you want to start back up in the classroom just post a request to the classroom again.

In reagrds to how you got infected, well there are a bunch of new nasties coming everyday and the bad guys are getting better and faster at what they do so it is always a game of catch up.

When you have doen the ewido scan please post the log and a new hijackthis log.