[Resolved] help me get rid of the malware
#1
Posted 06 April 2008 - 09:26 AM
Register to Remove
#2
Posted 06 April 2008 - 10:21 AM
My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
Please download HijackThis version 2.0.2 and save the file to your desktop. Double click the Hijackthis icon on your desktop and hit Do a System Scan and Save a Logfile and then copy and paste the log into a new reply, using the Add Reply button.
I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#3
Posted 06 April 2008 - 11:22 AM
#4
Posted 06 April 2008 - 11:25 AM
Did you see this second part?
I need to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button.
- Save the file to your desktop, with the default name of uninstall_list
- Copy & Paste the entire contents of that file in your in your next post.
EDIT: Never mind, got it now.
Edited by jpshortstuff, 06 April 2008 - 11:26 AM.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#5
Posted 06 April 2008 - 11:26 AM
#6
Posted 06 April 2008 - 02:18 PM
#7
Posted 07 April 2008 - 10:16 AM
Don't worry, I haven't forgotten about you. HijackThis logs take a while to research, plus, I am still in training so my replies must be checked first. Please be patient.
You appear to be running both AVG and Symantec Anti-Virus. You should only ever be running one Anti-Virus program as they could conflict and slow your system down. I recommend you uninstall AVG as Symantec is also your firewall. Instructions will be posted below.
Viewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.
Please click Start >> Control Panel >> Add or Remove Programs.
Find each of the below items on the list and click remove on each one.
AVG Free Edition
Viewpoint Manager
Viewpoint Media Player
You need to disable TeaTimer, so that it doesn't interfere with our fix.
This is a two step process.
First step:
- Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
- If you have the new version 1.5, click once on Resident Protection, then right-click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
- If you have Version 1.4, Click on Exit Spybot S&D Resident
- Open Spybot S&D
- Click Mode, choose Advanced Mode
- Go to the bottom of the vertical panel on the left, click Tools
- Then, also in left panel, click Resident shows a red/white shield.
- If your firewall raises a question, say OK
- In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
- OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.
Disable Windows Defender.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.
Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
Close all browsers and windows except for HijackThis and click Fix Checked.
Please Right Click your Start button, and click Explore.
Next, locate and delete the following files and folders (if present):
Files:
C:\WINDOWS\system32\wmsdkns.exe <<FILE
If any of them aren't there then don't worry, but if you have a problem deleting one of them then please let me know.
Please reboot your computer at this point.
Please run this online scan:
Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Edited by jpshortstuff, 07 April 2008 - 10:17 AM.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#8
Posted 07 April 2008 - 07:11 PM
#9
Posted 08 April 2008 - 06:37 PM
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\wmsdkns.exe
- Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Then, please continue with the rest of my instructions as before (the Panda Scan, and then DSS).
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#10
Posted 08 April 2008 - 06:48 PM
Register to Remove
#11
Posted 08 April 2008 - 06:53 PM
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#12
Posted 08 April 2008 - 07:16 PM
#13
Posted 10 April 2008 - 09:10 AM
Ok, so there was a problem with the Panda scan, thats fine. We'll try another scan. Did you encounter a problem with DSS or did you just not run it as Panda didn't work? If you didn't try DSS last time, I want you to run it this time even if the following Kaspersky scan doesn't work. If the DSS scan fails, please post a new HijackThis log.
Please do an online scan with Kaspersky WebScanner
Follow this link in Internet Explorer (Note: You must use Internet explorer to use Kaspersky): Kaspersky WebScanner
You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives Scan Mail Bases
- Click OK
- Now under select a target to scan:
Select My Computer
- The program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
- Save the file to your desktop.
Now, please try this DSS scan whether or not the above scan worked, unless you have already tried it and it failed. Please leave your computer alone while DSS is scanning, or it may crash.
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
- Close all applications and windows.
- Double-click on dss.exe to run it, and follow the prompts.
- When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
- Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.
Thanks.
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
#14
Posted 11 April 2008 - 03:37 AM
#15
Posted 11 April 2008 - 03:51 AM
Proud Graduate of the TC/WTT Classroom
At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
Need help remembering those important computer maintenance tasks? Let SCars do it for you.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users