Josheh Hey guys, went away for the week with my cousins and other family members used my Desktop while i was away, No idea what they did or what happened but i come back with a barely working computer. Back to Top
Touch Forum Moderator
Hi Josheh
This is probably what they have done -
How to get Infected without trying A little bit of humour but also based on fact.
Look for cracks, subdivided in illegal software and .....
Look for spyware removers, concentrate on the kind that makes you pay before it removes anything
--------------------------------------------
Therefore -
After You have run the scan tools -
Reboot normally
Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic
Do NOT post your problem in someone elses thread.
Back to Top
Josheh So far only got root log done: Back to Top
Josheh I couldn't get you the Combofix log mate, for some reason that just doesn't work like it should on my comp, i haven't had any hickups after the AVG Scan / Reboot though and the comp seems faster already, Although the clock is missing and for some reason it auto set my default browser back to IE and it also asked if i want to unblock internet access to MSN? Did this do a system restore of some sort? the "Combfix"? Back to Top
Josheh ok 15 mins of being online and it's all back again the comp wa running fine for around 15 mins, I'm working out the back while it does it all and just come back to see the same thing is back. Back to Top
Touch Forum Moderator There are still some infections in hijackthis log We have to fix -
Please download Free Version of Superantispyware
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
Download and install DrWebCureit:
to your desktop.
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O2 - BHO: (no name) - {158A95B4-1F79-3B06-78BF-0424CDB17C2E} - C:\Program Files\Zksvcaym\rzetjkmi.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [509619c8] rundll32.exe "C:\WINDOWS\system32\naathtad.dll",b
O20 - Winlogon Notify: skmnxahn - C:\WINDOWS\SYSTEM32\skmnxahn.dll
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Delete:
Files:
C:\WINDOWS\system32\skmnxahn.dll
C:\WINDOWS\system32\naathtad.dll
Folders:
C:\Program Files\Zksvcaym
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab. Move dot from Express scan to Complete Scan . Click on The Green It will now scan your drive(s), say yes to all
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with all items it found. Next, after cleaning, allow it to Reboot
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ?
Do NOT post your problem in someone elses thread.
Back to Top
Josheh jeez what happened to the site yesterday??? I couldn't come on at all and get any help! hah Back to Top
Josheh huh? The program won't do anything because the license on the program is broken now, So what else am i suppose to do apart from use that program? because it's not working Back to Top
Josheh huh? The program won't do anything because the license on the program is broken now, So what else am i suppose to do apart from use that program? because it's not working Back to Top
Josheh Okay done it all, Here is .txt.txt.txt.txt.txt.txt.txt.txt.txt.txt Back to Top
Josheh Okay done it all, Here is .txt.txt.txt.txt.txt.txt.txt.txt.txt.txt Back to Top
Touch Forum Moderator Looks clean
Delete: C:\QOOBOX < - Folder
Hide systemfiles again From Windows Explorer, go to Tools>Folder Options> View tab. Untick - Show hidden files and folder Tick - Hide file extensions for known types Tick - Hide protected operating system files Click Yes to confirm & then click OK
To completely and immediately remove any infected file or files in the data store, turn off and then turn on System Restore. To do so, follow these steps: System Restore
Important -->>> Now that You are clean:
Here are some additional software you may wish to consider using, to prevent malicious software installing in your PC - >
SpywareBlaster This is not a scanner, it blocks malicious objects and code from being downloaded, in addition to blocking access to sites known to download malware. Spyware Blaster runs silently in the background and does not need to be open to protect your PC. Freeware
Boclean BOClean is designed to run quietly without intrusion if no malware "attack" exists and will scan through any suspicious files with signature analysis to preclude false alarms or possible damage to valid configurations.
Make sure to keep these programs up-to-date
Do NOT post your problem in someone elses thread.
Back to Top
Josheh Thanks Touch, Funny thing is all those hide extensions and all that had already changed back to how they where before. Back to Top
Touch Forum Moderator My pleasure
Now that your problem appears to be resolved, this thread will be closed to prevent others with similar issues posting in it.
Do NOT post your problem in someone elses thread.
Back to Top
Forum Information Currently it is Saturday, November 21, 2009 3:04 PM (GMT +1)View Active Threads Who's Online This forum has 30334 registered members. Please welcome our newest member, sushil .Details prolife 5 Latest Threads
|