Bio-Hazard

Experts
  • Content count

    38
  • Joined

  • Last visited

About Bio-Hazard

  • Rank
    New Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Cornwall, UK
  1. Hello! Sorry for the delay. What kind of problems are you still having? ATF-Cleaner Please download ATF Cleaner by Atribune. Save it to your desktop Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords please click No at the prompt. Click Exit on the Main menu to close the program. Kaspersky Online Scan You can use either Internet Explorer or Mozilla FireFox for this scan. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply along with a fresh HijackThis log. random's system information tool (RSIT) Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open: log.txt (<<will be maximized) info.txt (<<will be minimized) [*]Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.) Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: Kaspersky Log RSIT Logs,log.txt (<<will be maximized) and info.txt (<<will be minimized) A description of how your computer is behaving
  2. Hello and Welcome to forums! Sorry for the delay. My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. I f you don't know or understand something please don't hesitate to ask. Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. No Reply Within 5 Days Will Result In Your Topic Being Closed!! Could you please run Malwarebytes Antimalware quick scan and post that log for me to see. Turn Off WordWrap Click Start All Programs Accessories Notepad On the menu bar in Notepad select Format Click on WordWrap so it appears unchecked Could also post a new HijackThis log for me to see.
  3. Your log now appears to be clean. Congratulations! You can get rid of the tools we used: Rootrepeal - (You can just delete the exe file from your desktop) ATF cleaner - (You can just delete the exe file from your desktop) OTC Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exeClick the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so. General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Clear Infected System Restore PointsTurn System Restore off On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer Turn System Restore on On the Desktop, right click on the My Computer icon. Click Properties. Click the System Restore tab. Uncheck *Turn off System Restore*. Click Apply, and then click OK. Note: only do this once,and not on a regular basis [*]Set correct settings for files Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab. Under Hidden files and folders if necessary select Do not show hidden files and folders. If unchecked please check Hide protected operating system files (Recommended) If necessary check Display content of system folders If necessary Uncheck Hide file extensions for known file types. Click OK [*]Make sure that you keep your antivirus updated New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. [*]Security Updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. [*]Update Non-Microsoft Programs Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month. Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. Hosts File For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Use an alternative Internet Browser Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera Here is a great article by miekiemoes How to prevent Malware. Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date. Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean! Bio-Hazard
  4. Remove HijackThis entries Run HijackThis Click on the Scan button Put a check beside all of the items listed below (if present): O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - (no file) O3 - Toolbar: (no name) - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - (no file) O16 - DPF: {F48EAB92-8BCE-4C77-BE98-D10060BD8590} - http://www.spybouncer.com/downloader/downloader.ocx Close all open windows and browsers/email etc... Click on the Fix Checked button When completed close the application. ATF-Cleaner Please download ATF Cleaner by Atribune. Save it to your desktop Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords please click No at the prompt. Click Exit on the Main menu to close the program. Kaspersky Online Scan You can use either Internet Explorer or Mozilla FireFox for this scan. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply along with a fresh HijackThis log. Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: Kaspersky Log A fresh HijackThis Log ( after all the above has been done) A description of how your computer is behaving
  5. Hello! Go to this folder C:\rsit and you should find the the info.txt, double click it and it should open into a notepad. Please post that log for me to see.
  6. Hello! What happens when you try to post RSIT info.txt? Gmer Please download Gmer by Gmer and save it to your desktop. Right click on gmer.zip and select Extract All.... Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard. Click on the Browse button. Click on Desktop. Then click OK. Click Next. It will start extracting. Once done, check (tick) the Show extracted files box and click Finish. Double click on gmer.exe to run it. Select the Rootkit tab. On the right hand side, check all the items to be scanned, but leave Show All box unchecked. Select all drives that are connected to your system to be scanned. Click on the Scan button. When the scan is finished, click Copy to save the scan log to the Windows clipboard. Open Notepad or a similar text editor. Paste the clipboard contents into the text editor. Save the Gmer scan log and post it in your next reply. Close Gmer. Note: Do not run any programs while Gmer is running.
  7. MBAM entries are in either qurantine folder or system restire which we will get rid of when we are uninstalling Combofix. HijackThis log is clean. The registry entries says that you have disabled security center option on antivirus and windows updates. Your log now appears to be clean. Congratulations! You can get rid of the tools we used: ATF cleaner - (You can just delete the exe file from your desktop) Erunt - (You can uninstall it from Add/Remove Programs) Delete ComboFix and Clean Up Click Start > Run > type combofix /u > OK (Note the space between combofix and /u) Please advise if this step is missed for any reason as it performs some important actions. OTC Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so. General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Make sure that you keep your antivirus updatedNew viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Security Updates for Windows, Internet Explorer & Microsoft OfficeWhenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. Update Non-Microsoft ProgramsMicrosoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month. Make Internet Explorer More SecureYou are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrolAs a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. SpywareBlasterSpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE. Hosts FileFor added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Use an alternative Internet BrowserMany of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera Here is a great article by miekiemoes How to prevent Malware. Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date. Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean! Bio-Hazard
  8. Hello and Welcome to forums! My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. I f you don't know or understand something please don't hesitate to ask. Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. No Reply Within 5 Days Will Result In Your Topic Being Closed!! random's system information tool (RSIT) Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open: log.txt (<<will be maximized) info.txt (<<will be minimized) [*]Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.) RootRepeal - Rootkit Detector Download RootRepeal.zip and unzip it to your Desktop. Double click RootRepeal.exe to start the program Click on the Report tab at the bottom of the program window Clickthe Scan button In the Select Scan dialog, check: Drivers Files Processes SSDT Stealth Objects Hidden Services [*]Click the OK button [*]In the next dialog, select all drives showing [*]Click OK to start the scan The scan can take some time. DO NOT run any other programs while the scan is running [*]When the scan is complete, the Save Report button will become available [*]Click this and save the report to your Desktop as RootRepeal.txt [*]Go to File, then Exit to close the program Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: RootRepeal.txtRSIT Logs, info.txt and log.txt A description of how your computer is behaving
  9. There are few leftovers from Norton which we can get rid of. These entries are legitimate. So no need to worry. If they were bad i would have dealt with them. Kaspersky entries are harmless. We deal with the Combofix quarantine entries when we are done. So all in good time. We have few more things to do. Lets get rid of those Norton entries. Back Up registry with ERUNT Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE Click on the erunt-setup.exe Follow the prompts to install ERUNT Choose language A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO Backup your registry to the default location Note: To restore your registry (if needed), go to the folder and start ERDNT.exe Download and run OTM Download OTM by Old Timer and save it to your Desktop. Double-click OTM.exe to run it. Paste the following code under the area. Do not include the word Code. :Processesexplorer.exe :Services Automatic LiveUpdate Scheduler LiveUpdate Symantec Core LC :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=- [-HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}] :Files C:\Program Files\Common Files\Symantec Shared C:\Program Files\Symantec :Commands [emptytemp] [start explorer] [Reboot] Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Push the large button. OTM may ask to reboot the machine. Please do so if asked. Copy everything in the Results window (under the green bar), and paste it in your next reply. NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Malwarebytes' Anti-Malware I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings: Open Malwarebytes' Anti-Malware Select the Update tab Click Check for Updates After the update have been completed, Select the Scanner tab. Select Perform full scan, then click on Scan Leave the default options as it is and click on Start Scan When done, you will be prompted. Click OK, then click on Show Results Checked (ticked) all items and click on Remove Selected After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: Malwarebytes Antimalware Log OTM Log A fresh HijackThis Log ( after all the above has been done) A description of how your computer is behaving
  10. Hello! I see few Norton entries in your HijackThis. Have you uninstalled Norton? The infection you had interfered with Combofix. You did very well. What do you mean by this? What entry makes you beleieve you have this virus? ATF-Cleaner Please download ATF Cleaner by Atribune. Save it to your desktop Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords please click No at the prompt. Click Exit on the Main menu to close the program. Kaspersky Online Scan You can use either Internet Explorer or Mozilla FireFox for this scan. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Please go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchives [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply along with a fresh HijackThis log. Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: Answer to my questions Kaspersky Log A fresh HijackThis Log ( after all the above has been done) A description of how your computer is behaving
  11. Hello and Welcome to forums! My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work: I will be working on your Malware issues this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine. I f you don't know or understand something please don't hesitate to ask. Please DO NOT run any other tools or scans whilst I am helping you. It is important that you reply to this thread. Do not start a new topic. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe. Absence of symptoms does not mean that everything is clear. No Reply Within 5 Days Will Result In Your Topic Being Closed!! Download and Run ComboFix Download ComboFix from one of these locations: Link 1 Link 2 Link 3 Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX You must download it to and run it from your DesktopComboFix SHOULD NOT be used unless requested by a forum helper. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE Double click on ComboFix.exe and follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. [*]Do not mouseclick combofix's window whilst it's running. That may cause it to stall. [*]Combofix should never take more that 20 minutes including the reboot if malware is detected. IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use. Download HijackThis To get things going i need you to download HijackThis see the instructions below. Click HERE to download HijackThis Installer Save HijackThis Installer to your desktop. Doubleclick on the HijackThis Installer icon on your desktop. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted. DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. Next Reply Please reply with: ComboFix log (found at C:\Combofix.txt) New HijackThis log
  12. Are they running fine now? Your log now appears to be clean. Congratulations! You can get rid of the tools we used: Delete ComboFix and Clean UpClick Start > Run > type combofix /u > OK (Note the space between combofix and /u) Please advise if this step is missed for any reason as it performs some important actions. OTC Download OTC by Old Timer and save it to your Desktop. Double-click OTC.exe Click the CleanUp! button Select Yes when the Begin cleanup Process? Prompt appears If you are prompted to Reboot during the cleanup, select Yes The tool will delete itself once it finishes, if not delete it by yourself Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so. Protection Programs Don't forget to re-enable any protection programs we disabled during your fix. You can now re-enable XXXXXXXXXXXXX General Security and Computer Health Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Make sure that you keep your antivirus updatedNew viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC. Security Updates for Windows, Internet Explorer & Microsoft OfficeWhenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis. NOTE: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install. Update Non-Microsoft ProgramsMicrosoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month. Make Internet Explorer More SecureYou are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE Recommended Programs I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis. WinPatrolAs a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE. SpywareBlasterSpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE. Malwarebytes' Anti-MalwareMalwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. Here are two tutorials: Malwarebytes' Anti-Malware Setup Guide and Malwarebytes' Anti-Malware Scanning Guide. Hosts FileFor added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE. Use an alternative Internet BrowserMany of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera Here is a great article by miekiemoes How to prevent Malware. Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date. Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed. Happy surfing and stay clean! Bio-Hazard
  13. Run CFScript Close any open browsers. Open Notepad by click start Click Run Type notepad into the box and click enter Notepad will open Copy and Paste everything from the Code box into Notepad: File::c:\windows\system32\Fxxplfnt.tmpE:\Programs\legion.zipE:\Programs\melgibs.rarE:\Programs\Nero.zip Folder::D:\Jon's PC\Monsterkill\Installers\LegionD:\Program Files\LegionE:\Programs\legionSave this as CFScript.txt, in the same location as ComboFix.exe (on your desktop) Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt NOTE: Do not mouseclick combofix's window whilst it's running. That may cause it to stall it. Next Reply Please reply with: ComboFix log (found at C:\Combofix.txt) New HijackThis log A description of how your computer is behaving
  14. Hello! If you still have Combofix on your computer, delete that version and download a new version from here: Link 1 Link 2 Link 3 Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX Please run it and post a log for me to see.
  15. Hello! Sorry for the delay. We use it tp remove malware entries ir entries that are not needed. Disable Teatimer Please disable Teatimer as it may interfere with the fix. If you have version 1.6, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol). Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless. Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy. Click on Mode > Advanced Mode. When it prompts you, click Yes. On the left hand side, click on Tools. Check this box if it is not yet ticked: Resident. You will notice that Resident is now added under Tools. Click on Resident. Uncheck this box: Resident "TeaTimer" (Protection of over-all system settings) active. Exit Spybot Search & Destroy. Reboot your machine for the changes to take effect. Once your log is clean you can re-enable those settings in TeaTimer. OTM Double-click OTM.exe to run it. Copy the lines in the codebox below. :Processesexplorer.exe :FilesD:\Jon's PC\Monsterkill\Installers\LegionD:\Program Files\LegionE:\Programs\legionE:\Programs\legion.zipE:\Programs\melgibs.rarE:\Programs\Nero.zip :Commands[emptytemp][start explorer][Reboot]Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste. Click the red Moveit! button. OTM may ask to reboot the machine. Please do so if asked. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTM Logs/Information to Post in Next Reply Please post the following logs/Information in your reply: OTM log A fresh HijackThis Log ( after all the above has been done) A description of how your computer is behaving