Jump to content

Danny

Honorary Members
  • Posts

    30
  • Joined

  • Last visited

Reputation

0 Neutral

About Danny

  • Birthday 08/12/1992

Contact Methods

  • AIM
    dknoppix12
  • MSN
    dknoppix12
  • Website URL
    http://dknoppix.com
  • ICQ
    0
  • Yahoo
    dknoppix

Profile Information

  • Location
    Ardmore, PA
  1. Hi, Please post a HijackThis log in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7
  2. Hi, Next, please run Notepad and paste the following text into a new file: Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then go to the desktop and double-click on fix.reg, and click "Yes to merge it with the registry." Reboot and tell me how your computer is doing. Danny
  3. Hi, Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Danny :thumbsup:
  4. Hi, Please Download FixBmalE from here.Save the file to a convenient location, such as your Windows desktop. Please boot into Safe Mode. To do this:Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. [*]When in Safe Mode, double-click FixBmalE.exe to start the removal tool. [*]Read the EULA, and click the "Accept" button. [*]Click Start to begin the process, and then allow the tool to run. [*]Restart your computer. [*]Run the removal tool again. [*]Reboot, and post a new HijackThis log. Danny
  5. Hi, Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Please download ewido anti malware it is a free version of the program. Install ewido anti malware When installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu [*]Launch ewido, there should be an icon on your desktop, double-click it. [*]The program will now open to the main screen. [*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. [*]You will need to update ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. [*]The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Once the updates are installed do the following: Click on scannerClick on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido anti malware. Reboot and post a new HijackThis log as well as the Ewido log. Danny
  6. Hi beefyalby, Thanks for posting this here About:Blank is a pesky infection and installs alot of files along with it. Even if you do what you said, I still recommend you run ewido anti malware and post a HijackThis log. Danny
  7. Hi, We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. store points which are likely to be infected) Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal FirewallKerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-VirusAvast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE PersonalSpybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! Danny
  8. Hi, It seems that everything worked! I hope you have had a great holiday! ----------------- We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. store points which are likely to be infected) Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal FirewallKerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-VirusAvast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE PersonalSpybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! Danny :thumbsup:
  9. Hi, Sorry for the delay. I hope you had a great holiday Please download the Killbox by Option^Explicit. Note:In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Please double-click Killbox.exe to run it. Select "Delete on Reboot then Click on the "All Files" button. [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C C:\WINNT\system32\??pPatch\winword.exe C:\Program Files\daei\siha.exe [*] Return to Killbox, go to the File menu, and choose "Paste from Clipboard". [*]Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt. If your computer does not restart automatically, please restart it manually. When your computer reboots, please open HijackThis and check the following items (If Present): O2 - BHO: (no name) - {FF9D5EEA-B50E-B8F9-2C06-CC891C5E62B1} - C:\WINNT\system32\ekcgmvcq.dll (file missing) O4 - HKCU\..\Run: [Hnttj] C:\WINNT\system32\??pPatch\winword.exe O4 - HKCU\..\Run: [Aarr] "C:\Program Files\daei\siha.exe" -vt ndrv Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis. Reboot and post a new log. Danny
  10. Please follow the instructions provided, you may want to print out these instructions and use them as a reference. Please download ewido security suite it is a free version of the program. Install ewido security suite When installing, under "Additional Options" uncheck..Install background guardInstall scan via context menu [*]Launch ewido, there should be an icon on your desktop, double-click it. [*]The program will now open to the main screen. [*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. [*]You will need to update ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. [*]The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates Once the updates are installed do the following: Click on scannerClick on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido security suite. Reboot and post a new HJT log as well as report.txt. Danny
  11. Please download the Suspicious File Packer from here: http://www.safer-networking.org/files/sfp.zip Unzip it to the desktop and run it. Paste the following list of bad files into the Suspicious File Packer window: C:\WINDOWS\llhrt.dll C:\WINDOWS\system32\addxd.exe Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to danny[AT]malwarebytes[DOT]org. (replace [AT] with @ and [DOT] with .) Danny ======= Hi, You have an About:Blank CWS Infection. Please follow the following directions carefully because this is a tough infection to remove. The Fix: Step#1:Getting Ready (the reason Wordpad was chosen is that Notepad is sometimes deleted by this variant) Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available. After downloading the tools, you must disconnect from the internet totally, because staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection. To replace Internet Explorer to use during this fix, please use Internet Explorer once to download and install FireFox, to be used as your alternate browser throughout this fix. Close Outlook Express and Internet Explorer for the duration of this fix Read through all the instructions so that you can ask any questions now, before you disconnect from the Internet. Please start by downloading the tools you will need to clean this infection with FireFox. If you have a problem or question with any please continue to follow the list step by step to the end and ask the questions when you are asked to reply. Just be sure to let us know what the problem was when you finally reply. Step#2:Show All Hidden Files Very Important Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer. http://www.davehigham.zen.co.uk/downloads/xphidden.zip Step#3:Download CWShredder Do Not Use Yet 1. Please Download the most recent version of CWShredder, from CWSInstall.exe 2. Check for Updates but please Do NOT use it yet Step#4:Download About Buster Do Not Use Yet 1. Please download About:Buster from here: http://www.malwarebytes.biz/AboutBuster5.zip. 2. Once it is downloaded extract it to c:\aboutbuster. 3. Check to make sure it is up-to-date. Please Do NOT use it yet Step#5:Download Registrar Lite Do Not Use Yet Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use. Caution should be exercised when editing the registry as it is very easy to render a Computer unbootable by deleting the wrong key Step#6:Download Ewido Security Suite Only For Windows 2000 and XP Do Not Use Yet Download and install Ewido security suiteRight Click on the “E” icon in your taskbar and open Ewido Security Suite then click “update” to get the most recent definitions for it to use. When it prompts you to update, click the OK button. download the updates and when they are finished installing, close the window Please Do Not Use It Yet Step#6:Download A Registry File to Remove Registry Entries Do Not Use Yet Please download the following zip file to your desktop: HSfix Double Click on HSfix.zip and it will unzip to a new folder it makes on your desktop, called HSfix Do Not Use It Yet Please disconnect from the Internet Step#7:Stop The Running Processes Press control-alt-delete to get into the task manager and end the following processes if they exist: llhrt.dll addxd.exe Step9: I now need you to delete the following files: C:\WINDOWS\llhrt.dll C:\WINDOWS\system32\addxd.exe If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again. Step#10:Cleaning With HijackThis Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049 O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab O23 - Service: Workstation NetLogon Service ( 11F
  12. Please double-click on My Computer and locate the file "C:\WINNT\system32\AppPatch\winword.exe". Right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each. Next, please download the Suspicious File Packer from here: http://www.safer-networking.org/files/sfp.zip Unzip it to the desktop and run it. Paste the following list of bad files into the Suspicious File Packer window: C:\WINNT\system32\AppPatch\winword.exe Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to danny[AT]malwarebytes[DOT]org. (replace [AT] with @ and [DOT] with .) Danny
  13. Hi, Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop. Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log. (This is different than what I did before. Please tell me if it doesn't work) Danny
  14. Ah! Sorry Try the search again, but: When you launch Windows Search: Click on "All Files and Folders"Click On "More Advanced Options" Check Search Hidden files and folders" Now Search for it. Tell me: How many folders there are (I'm hoping for two), and the Contents of the folder(s) Thanks, Danny
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.