Jump to content

Ltangelic

Honorary Members
  • Posts

    76
  • Joined

  • Last visited

Reputation

0 Neutral

About Ltangelic

  • Birthday 09/03/1991

Profile Information

  • Location
    Somewhere out there
  • Interests
    Hijack Analysis aka malware removal, horoscopes, music, reading and more...

Recent Profile Visitors

7,029 profile views
  1. I'm sorry to hear you won't be available after today. I really appreciate all your help. Thank you very much and I hope you're very succesful in all your endeavors.

  2. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  3. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  4. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  5. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  6. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  7. Hi, Sincere apologies for the late reply. I will be unavailable from today and a fellow colleague will take over and help you instead. Please be patient in waiting for a reply, thank you.
  8. Hey Mr Sparkle, Thank you for your feedback. It is always wise to backup your data. If you are worried that the infection may transfer, boot into safe mode and backup from there. Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix. Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (AVG anti-virus and Zonealarm Firewall) as it/they may hinder the tools from running. Instructions is in the link below: http://www.bleepingcomputer.com/forums/topic114351.html 1) Upload files for analysis To enable the viewing of Hidden files follow these steps: Close all programs so that you are at your desktop. Double-click on the My Computer icon. Select the Tools menu and click Folder Options. After the new window appears select the View tab. Put a checkmark in the checkbox labeled Display the contents of system folders. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types. Remove the checkmark from the checkbox labeled Hide protected operating system files. Press the Apply button and then the OK button and close My Computer. Now your computer is configured to show all hidden files. THEN Please visit the online Jotti Virus Scanner <--link Copy and paste the following filepath in the box: c:\windows\system32\1025f.exe Click on the button. The scanner will check the file with various AV companies. Copy and paste the results box into a reply to this thread. Please do the same for the files below: c:\windows\system32\activedsz.sys c:\windows\system32\adsnty.sys c:\windows\system32\unam4ie.exe 2) Run Kaspersky Webscanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion. Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 19. Click the "Download JRE" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6u19 with JavaFX 1 License Agreement". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u19-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Make sure the C:\Program Files\JAVA folder is removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u19-windows-i586.exe and select "Run as an Administrator.") THEN Please do an online scan with Kaspersky WebScanner Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. 3) Uninstall ComboFix and run Dr Web Click START then RUN Now type ComboFix /uninstall in the runbox and click OK. Note the space between the x and the /, it needs to be there. THEN Download Dr.Web CureIt to the desktop. Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, chose the Complete Scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look and see if you can click the following icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log. NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner. 4) Run Rooter and ComboFix Please download Rooter.exe and save it to your desktop Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator... Alow it to run when you get a Security Warning. At the main control page, please click the green button. It will now begin to scan, please be paitent. The scan should not take more than 3 minutes A Notepad file containing the report will open soon. It can also be foun/d at %systemdrive%\Rooter$\Rooter_1.txt Now push the button to close Rooter. Please post the contents of that log file here in your next reply. NEXT Download ComboFix from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall Next reply (please include in your post): 4 virscan reports Kaspersky scan log Drweb scan log ComboFix.txt Rooter_1.tzt
  9. Hey Adela, Thank you for the logs. From your log, you seem to have Cleanup Antivirus installed. Cleanup antivirus is a rogue protection software which gives exaggerated reports and false positives, and can even compromise your computer security. Please go to Add or Remove Programs and remove the following (if present): Cleanup Antivirus Then use Windows Explorer and remove the following (if present): C:\Program Files\Cleanup antivirus Reboot your computer. Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix. Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (ESET Nod32 antivirus) as it/they may hinder the tools from running. Instructions is in the link below: http://www.bleepingcomputer.com/forums/topic114351.html Download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Next reply (please include in your post): ComboFix.txt
  10. Hey Mr Sparkle, Thank you for the logs. Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix. Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (AVG anti-virus and Zonealarm Firewall) as it/they may hinder the tools from running. Instructions is in the link below: http://www.bleepingcomputer.com/forums/topic114351.html 1) Run CFScript 1. Please open Notepad Click Start , then Run Type notepad.exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: File:: c:\windows\Wxoriracevenupe.dat c:\windows\Qtuzo.bin C:\WINDOWS\system32\12520850o.exe c:\windows\system32\2719601349.dat Driver:: Spoolerwscsvc Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000000 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply: Combofix.txt . 2) Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :Filefind srescan.sys Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 3) Run Malwarebytes scan Open Malwarebytes by clicking on its shortcut on desktop. Please click on the "Update" tab and click "Check for Updates". If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Next reply (please include in your post): Tell me how your computer is running ComboFix.txt Systemlook.txt MBAM scan log
  11. Hey Thundergod, Thank you for the logs. Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix. Before we go on to run the tools, it would be advisable to temporarily disable your protection software(s) (McAfee) as it/they may hinder the tools from running. Instructions is in the link below: http://www.bleepingcomputer.com/forums/topic114351.html 1) Run CFScript 1. Please open Notepad Click Start , then Run Type notepad.exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: Driver:: 0285181250872064mcinstcleanup Registry:: [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\startupfolder\^winzipreg.tx_] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000000 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply: Combofix.txt . 2) Run SystemLook Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :Filefind dxtmsft.dll dxtrans.dll Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt 3) Optional Removal From your log, you seem to have Viewpoint Media Player installed. Viewpoint is not malware, but it is considered froistware that is installed without your permission. While it is not harmful in itself, it can bring about unnecessary security risks to your computer as well as collecting private information about your browsing habit. Please look at the article(s) below: en.wikipedia.org/wiki/Viewpoint_Media_Player Due to the dubious nature of these programs, it is highly recommended that you remove the programs via Add or Remove Programs in Control Panel and refrain from downloading these programs in the future. If you have made a decision to remove these programs, please do the following: Please go to Add or Remove Programs and remove the following (if present): Viewpoint Media Player Then use Windows Explorer and remove the following (if present): c:\program files\viewpoint Reboot your computer. Next reply (please include in your post): Tell me how your computer is running ComboFix.txt SystemLook.txt
  12. Hi Adela, I'm sorry to hear about your health condition, and I hope you will get well soon! No worries, it is my job to guide you through the cleaning up process, so feel free to ask when you don't understand. Since they are not 2 anti-virus programs, you can keep them on your computer just fine. When I mean "script-blocking protection", I am referring to your anti-virus and anti-spyware programs that can prevent DDS from running. Just disable those and you should be fine. Run DDS for me so I can have a look, thanks!
  13. Hi Big Bill, Sorry for the delay. Did updating .Net Framework solve your .Net Framework update problem? As for your IE problem, let's try the following: Open a new notepad window. Copy/Paste the following text into the notepad window. rem Script used to manually reregister Internet Explorer and Shell related *.dlls rem Also included the Digital Signing and Cryptographic Provider *. dlls if needed rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\System32\dacui.dll rem rundll32.exe advpack.dll /DelNodeRunDLL32 C:\WINNT\Catroot\icatalog.mdb rem regsvr32 setupwbv.dll /s rem regsvr32 wininet.dll /s regsvr32 comcat.dll /s regsvr32 CSSEQCHK.DLL /s regsvr32 shdoc401.dll /s regsvr32 shdoc401.dll /i /s regsvr32 asctrls.ocx /s regsvr32 oleaut32.dll /s regsvr32 shdocvw.dll /I /s regsvr32 shdocvw.dll /s regsvr32 browseui.dll /s regsvr32 browsewm.dll /s regsvr32 browseui.dll /I /s regsvr32 msrating.dll /s regsvr32 mlang.dll /s regsvr32 hlink.dll /s rem regsvr32 mshtml.dll /s regsvr32 mshtmled.dll /s regsvr32 urlmon.dll /s regsvr32 plugin.ocx /s regsvr32 sendmail.dll /s rem regsvr32 comctl32.dll /i /s rem regsvr32 inetcpl.cpl /i /s rem regsvr32 mshtml.dll /i /s regsvr32 scrobj.dll /s regsvr32 mmefxe.ocx /s rem regsvr32 proctexe.ocx mshta.exe /register /s regsvr32 corpol.dll /s regsvr32 jscript.dll /s regsvr32 msxml.dll /s regsvr32 imgutil.dll /s regsvr32 thumbvw.dll /s regsvr32 cryptext.dll /s regsvr32 rsabase.dll /s rem regsvr32 triedit.dll /s rem regsvr32 dhtmled.ocx /s regsvr32 inseng.dll /s regsvr32 iesetup.dll /i /s rem regsvr32 hmmapi.dll /s regsvr32 cryptdlg.dll /s regsvr32 actxprxy.dll /s regsvr32 dispex.dll /s regsvr32 occache.dll /s regsvr32 occache.dll /i /s regsvr32 iepeers.dll /s rem regsvr32 wininet.dll /i /s regsvr32 urlmon.dll /i /s rem regsvr32 digest.dll /i /s regsvr32 cdfview.dll /s regsvr32 webcheck.dll /s regsvr32 mobsync.dll /s regsvr32 pngfilt.dll /s regsvr32 licmgr10.dll /s regsvr32 icmfilter.dll /s regsvr32 hhctrl.ocx /s regsvr32 inetcfg.dll /s rem regsvr32 trialoc.dll /s regsvr32 tdc.ocx /s regsvr32 MSR2C.DLL /s regsvr32 msident.dll /s regsvr32 msieftp.dll /s regsvr32 xmsconf.ocx /s regsvr32 ils.dll /s regsvr32 msoeacct.dll /s rem regsvr32 wab32.dll /s rem regsvr32 wabimp.dll /s rem regsvr32 wabfind.dll /s rem regsvr32 oemiglib.dll /s rem regsvr32 directdb.dll /s regsvr32 inetcomm.dll /s rem regsvr32 msoe.dll /s rem regsvr32 oeimport.dll /s regsvr32 msdxm.ocx /s regsvr32 dxmasf.dll /s rem regsvr32 laprxy.dll /s regsvr32 l3codecx.ax /s regsvr32 acelpdec.ax /s regsvr32 mpg4ds32.ax /s regsvr32 voxmsdec.ax /s regsvr32 danim.dll /s regsvr32 Daxctle.ocx /s regsvr32 lmrt.dll /s regsvr32 datime.dll /s regsvr32 dxtrans.dll /s regsvr32 dxtmsft.dll /s rem regsvr32 vgx.dll /s regsvr32 WEBPOST.DLL /s regsvr32 WPWIZDLL.DLL /s regsvr32 POSTWPP.DLL /s regsvr32 CRSWPP.DLL /s regsvr32 FTPWPP.DLL /s regsvr32 FPWPP.DLL /s rem regsvr32 FLUPL.OCX /s regsvr32 wshom.ocx /s regsvr32 wshext.dll /s regsvr32 vbscript.dll /s regsvr32 scrrun.dll mstinit.exe /setup /s regsvr32 msnsspc.dll /SspcCreateSspiReg /s regsvr32 msapsspc.dll /SspcCreateSspiReg /s regsvr32 licdll.dll /s regsvr32 regwizc.dll /s regsvr32 softpub.dll /s regsvr32 IEDKCS32.DLL /s regsvr32 MSTIME.DLL /s regsvr32 WINTRUST.DLL /s regsvr32 INITPKI.DLL /s regsvr32 DSSENH.DLL /s regsvr32 RSAENH.DLL /s regsvr32 CRYPTDLG.DLL /s regsvr32 Gpkcsp.dll /s regsvr32 Sccbase.dll /s regsvr32 Slbcsp.dll /s exit Save the notepad file as reset.bat. Double-click on reset.bat. A window will open and close, this is normal. Reboot your computer. See if the above resolved your IE problem.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.