Jump to content

Rosty

Honorary Members
  • Posts

    126
  • Joined

  • Last visited

Reputation

0 Neutral

About Rosty

  • Birthday 03/01/1971

Profile Information

  • Location
    Belgium
  • Interests
    Skydiving and helping others with PC problems!!

Recent Profile Visitors

3,378 profile views
  1. Thanks, and no need to say sorry about missing this post!! It can happen to all of us.
  2. Hi all, the next site is blocked by MBAM: 95.211.20.91 valschermsport.be 95.211.20.91 http://www.valschermsport.be This is a site with news about the skydiving clubs in Belgium, where people can ask to sell gear or buy gear. Regards, Rosty.
  3. Hi, I'm helping you here: http://forums.malwarebytes.org/index.php?showtopic=41018 So please follow my advice in that topic!
  4. Can you please post that log from MBAM here for us. You can find it in this way: open MBAM, click the tab" logs". Copy and paste that log here for me. Click here to download HijackThis. Save HJTInstall.exe to your Desktop. Double click on the HJTInstall.exe icon to start the program. By default it will install to C:\Program Files\Trend Micro\HijackThis After the final dialogue box it will launch HijackThis. Click on the scan button. It will scan and then ask you to save the log. Save the log, and post me it in your next reply. Regards, Rosty.
  5. Your computer now seems to be clean. The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files. Go to Start Click on Run Type ComboFix /uninstall (Note: This command is case sensitive.) Clean out Temporary Files etc. This program is for Vista, XP and Windows 2000 only Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All. Then remove the check mark for cookies Click the Empty Selected button. If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. Remove the check mark for Cookies NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked . If you use Opera browser Click Opera at the top and choose: Select All. Remove the check mark for Cookies Click the Empty Selected button. It is a good idea to do this every few weeks as a lot of junk collects there over time. [*]Create a new, clean System Restore point which you can use in case of future system problems: Press Start->All Programs->Accessories->System Tools->System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start->Run and type cleanmgr in the box and press OK Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm [*]Set correct settings for files that should be hidden in Windows XP Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab. Under "Hidden files and folders" if necessary select Do not show hidden files and folders. If unchecked please checkHide protected operating system files (Recommended) If necessary check "Display content of system folders" If necessary Uncheck Hide file extensions for known file types. Click OK [*]Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download. [*]Download and install the free version of Malwarebytes' Anti-Malware to your desktop. Check for the latest updates and perform a full system scan. This is an on-demand scanner and runs very well with Winpatrol. [*]If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm [*]Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out. [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended. Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent. [*]Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. [*]Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates. [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. [*]Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above. [*]Please check out Tony Klein's article "How did I get infected in the first place?" Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond) Regards, Rosty.
  6. Hi, have you done already the other instructions? For MBAM, please follow the advice given here: http://www.malwarebytes.org/forums/index.php?showtopic=29028
  7. Hi, those logs looks clean. How are things running?
  8. Please install an antivirus and firewall first, because it doesn't make any sense to remove malware from your system if no scanner is preventing them from reinfecting your computer. AVG Anti-Virus, Avira OR Avast Home Edition are good FREE antivirus scanners. After installing ONE antivirus program, download the latest signatures, and do a full system scan. Without a firewall your computer is susceptible to being hacked and taken over: Kerio Personal Firewall OR ZoneAlarm are good FREE firewalls. Read Understanding and using firewalls to learn more about using firewalls VERY IMPORTANT: Never install more than ONE antivirus scanner and firewall on your system! Several together can give problems and decrease their reliability and effectiveness! Next, open HijackThis, click do a scan only and place a check next to the following entries: O20 - AppInit_DLLs: zutozube.dll O21 - SSODL: rekobofif - {9da8ba02-94b6-42eb-874a-987c18169052} - (no file) O22 - SharedTaskScheduler: mujuzedij - {68d8bf69-30aa-47fd-b671-890d1b929238} - (no file) O22 - SharedTaskScheduler: kupuhivus - {41b06838-5bd4-4df7-adcc-a3ba37549c2e} - (no file) O22 - SharedTaskScheduler: jugezatag - {acc92b1b-d0e4-4983-a406-04f4ad5f8e93} - (no file) O22 - SharedTaskScheduler: tokatiluy - {4728e706-0f88-4f1e-a381-6e93d12279cb} - (no file) O22 - SharedTaskScheduler: tokatiluy - {68907469-5820-4e8d-a49e-610299314443} - (no file) O22 - SharedTaskScheduler: tokatiluy - {e37f9696-321e-4d9d-ada0-d39405e0fca5} - (no file) Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis. Open MBAM, go to the update button and install the latest update. Now perform a quick scan. Reboot and post a new Hijackthis log and the log from MBAM. Let me know how things are running.
  9. Hi, open HijackThis, click do a scan only and place a check next to the following entries: O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200 O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\candy\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll", start 70367200 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL aibsmp.dll ysstpd.dll c:\windows\system32\jezaweze.dll rawijeku.dll c:\windows\system32\kosilalo.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\gipunowe.dll O21 - SSODL: SysNet - {1AD0B360-4604-4F0F-A6E8-DB2AAD8C601C} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (file missing) O21 - SSODL: davelovuj - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing) O21 - SSODL: jokupewul - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing) O21 - SSODL: zirezobaz - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing) O21 - SSODL: yimihonad - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing) O22 - SharedTaskScheduler: tokatiluy - {aca1c60d-6547-42af-b644-da43159ba1ae} - c:\windows\system32\jezaweze.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {4f967da0-6753-482d-a8c2-b45555cce0bb} - c:\windows\system32\kosilalo.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {17abdb9a-50b7-4278-9fe7-9d59005d87ff} - c:\windows\system32\dasofupu.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {5e3557ca-2cad-4785-9082-a40966c6bc6d} - c:\windows\system32\gipunowe.dll (file missing) Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Post the log from ComboFix when you've accomplished that and a new log from HijackThis.
  10. Hi, I overlooked a line in your log!! Please open HijackThis, and select Open the Misc Tools section. Select Delete an NT service. Copy and paste the following into the box that pops up: fastnetsrv Service Click OK. Next, open HijackThis, click do a scan only and place a check next to the following entries: O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis. It is also important to keep your Java updated as there is the possibility that some malware uses out of date Java installs to infect pc's. Test if your version is the latest here. Updating Java: [*]Download the latest version of Java Runtime Environment (JRE) 6 update 17 . [*]Scroll down to where it says "Java Runtime Environment (JRE) 6 update 1
  11. Your computer now seems to be clean. The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files. Go to Start Click on Run Type ComboFix /u (Note: This command is case sensitive.) Clean out Temporary Files etc. This program is for Vista, XP and Windows 2000 only Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All. Then remove the check mark for cookies Click the Empty Selected button. If you use Firefox browserClick Firefox at the top and choose: Select All Click the Empty Selected button. Remove the check mark for Cookies NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked . If you use Opera browser Click Opera at the top and choose: Select All. Remove the check mark for Cookies Click the Empty Selected button. It is a good idea to do this every few weeks as a lot of junk collects there over time. [*]Create a new, clean System Restore point which you can use in case of future system problems: Press Start->All Programs->Accessories->System Tools->System Restore Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close Now remove old, infected System Restore points: Next click Start->Run and type cleanmgr in the box and press OK Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required. Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt Press OK and Yes to confirm [*]Set correct settings for files that should be hidden in Windows XP Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab. Under "Hidden files and folders" if necessary select Do not show hidden files and folders. If unchecked please checkHide protected operating system files (Recommended) If necessary check "Display content of system folders" If necessary Uncheck Hide file extensions for known file types. Click OK [*]Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download. [*]Download and install the free version of Malwarebytes' Anti-Malware to your desktop. Check for the latest updates and perform a full system scan. This is an on-demand scanner and runs very well with Winpatrol. [*]If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm [*]Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out. [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended. Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent. [*]Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. [*]Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates. [*]Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. [*]Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miekiem...prevention.html that will give you more information on some of the points above. [*]Please check out Tony Klein's article "How did I get infected in the first place?" Follow this list and your potential for being infected again will reduce dramatically. (preventionspeech by Elrond) Regards, Rosty.
  12. 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.
  13. Hi, open HijackThis, click do a scan only and place a check next to the following entries: O2 - BHO: (no name) - {5c5fba88-9628-402a-a648-bcc1954cd263} - zujobato.dll (file missing) O4 - HKLM\..\Run: [mbwhvgvk] C:\Documents and Settings\jramirez\Local Settings\Application Data\pscmcc\tyqfsysguard.exe Close all other windows and browsers, except HijackThis, and click Fix Checked. Close HijackThis. Reboot and post a new Hijackthis log. Let me know how things are running.
  14. Hi, sorry for the delay!! I've overlooked your topic. 1. Please open Notepad Click Start , then Run Type notepad .exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.