Hello everydoby I'am a french man, but I learn english at school. Then, I have succeed in understanding extracts of the others topics, but, unfortunately, I can't undestand all... To sum up, I have windows XP "familial...home", norton (the last), Zone alarm...I think that It is an exhaustive list. Well I know that a program ("july14_loader") was installed itself in the recovery part of my computer (C:, and another part of this hard disk, this that I am using, is called D:) More, I find other "auto-installed" programs, for exemple : 180searchassistant, and other but I can't remember the name. More, I am convinced that my computer-or the CPU, I don't know,- is very slow. I have a DSL 512kb whereas internet windows never been too slow to open it. Recently, I found a trojan, and I believe that I killed/blasted it. But, I'm not able to know if my computer is clean... I need you to help me... Although I understand a lot of sentences in english, do you mind if you answer in a "basical" english....thank you If you want, I am able to give to you diferents others informations as my problems or my configuration, or other... Thank you for yours answers and sorry for my probably bad english... :o))
Download newest Spybot Search and Destroy here : http://www.safer-networking.org/index.php?page=mirrors if it is not already installed on your computer Install the program and then start it. Once the program has started make sure you are in the Spybot-S&D section. Click on the "Search for Updates" button. Download all updates. In some cases the program will restart after an update. When updated, click on the Immunize "Scan System" button. When the Check is over, fix all marked with red
we need to configure Ad-aware SE for a full scan. Some of them should be enabled by default, while others you will need to set yourself (see below).
Click on the Gear icon (second from the left) to access the preferences/settings window
In the General window make sure the following are selected: Automatically save logfile Automatically quarantine objects prior to removal Safe Mode (always request confirmation) Click on the Scanning button on the left and select : Scan within archives Scan active processes Scan registry -Deep-scan registry Scan my IE Favorites for banned URLs Scan my Hosts file Under Select drives & folders to scan, choose: Select all of your hard drives that are not selected already Click on the Advanced button on the left and select: Include additional object information Include negligible objects information Include environment information Click the Tweak button and select: Under the Scanning Engine:
Unload recognized processes & modules during scan Under the Cleaning Engine:Let Windows remove files in use at next reboot Click on Proceedto save the settings.
Click Start and on the next screen choose: Use custom scanning options Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.
Save the log file when it asks and then click Finish. When finished, mark everything for removal and get rid of it. (Right-click on any of the entries and choose Select All from the drop down menu and click Next).
Close Ad-Aware SE build 1.04 and Ad-Watch (if running) Install the VX2 Cleaner Start Ad-Aware SE build 1.04 Go to “Plug-ins” Select the VX2 Cleaner plug-in and click “Run Plugin” If your computer isn’t infected, click “Close”.
If your computer is infected:
Select “Clean System” Reboot your computer Scan your computer with Ad-Aware Remove any VX2 objects detected Reboot your computer again Run a second scan to make sure the files have been removed from your computer
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp. C:\Windows\Temp\ C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\ C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <<<This will delete your files in your internet cache--including cookies. C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\ Empty your "Recycle Bin"
There are usally a couple of files that you will not be able to delete..this is normal.
Hello mister Touch....and the others,of course I had used your solution, and it is good, but I have enough others problems, as : Programs who are running slowly : when I look at a film on my computer, or when I play with a game, the first half hour, I can use its, but after, I can see more moments very slows, and that is bad for a normal using (I am not sure of my last sentence) More, I have a firewall and Norton : why this spybots and others viruses can coming on my computer? Other thing : Can I keeping the installers of the using programs (adaware, cwshredder.... And the applications? Other question, Can I install an autoconnect for the DSL or is it dangerous? Because I want to help search and I have another program : SETI@t hom, and my computer and my DSL line are always open... And to finish : do you want a list of the programs infected or another thing....
But to sum up, my computer is not tha same than before your help...thank you for this and I hope that you can help me yet. ThanX 7mO
1. Install Ccleaner: http://www.ccleaner.com/ it can be a lot of junk, crap and Temp files, there slow down your system.
And defrag-open My Computer, rightclick on C-drive-properties?
2. Let´s see a hijackthis log.
Download Hijackthis http://www.download.com/3001-8022_4-10307556.html?idl=n Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT. Scan, scan button change to-save log. Post log here
If no one else look to it, i´ll be back sunday evening
If i may suggest? Deactive Norton, and install AVG:
Logfile of HijackThis v1.97.7 Scan saved at 15:42:01, on 29/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Ok...but it is not a file that I put on D:Programme files/HJT, it a shortcurt...Is it good? I have clicked on Fix too... Here... I hope that can be using by you.... And felicitations for your more exhaustive help... 7mO
Ok, I am to doing that, but...what mean the URL? I do not understand what I can Do with these... Others things are OK... Thank you for your answer... 7mO
I have doig that you want, but I have not find these files : D:\document and setting\renaud\local settings\temp\U9.exe = It do not exist ! winupdt.exe = I have done the search, but It can't be found To finish, I have erased another file : not windatemanager.exe, but windatemanager.exe-up Here are my work. I hope your help. ThanX 7mO
All is OK... But maybe you can help to me again... I have a fire wall, and it "ask" to me if I let differents programs to go on the net... I know that Nescape, and the others programs who contains system can go to the net, but others? For exemple, "application gateway service" or U9 or others... What can I do about these? TX Otherwise, I can see messages : program downloader agent S trojan....and others sentences or words that I can't remember.... Here... Thank you and sorry for these news problems 7mO
About Firewall, you´ll have to try, if you deny for a program, and you cant use the net, it should be allowed.
application gateway service: Description: This process is running only on the Windows XP operating system. It deals with ICF (Internet Connection Firewall) and ICS (Internet Connection Sharing) system process and also looks after some processes in the network.
Well, when I am at school, I let my computer runing. And this message can be seen when I am on the net or, and this is very strange, when I AM NOT ON THE NET too... If I "cut" my connexion, this message can be seen too... As I can to go to school today (this morning), I let turn on my computer, and I put on this forum the exact message for the trojan downloader. More, I want to put on this forum all the applications who need an intrenet accès to ask to you if I can let it turn on, or if I can to disagree with my firewall... Thanks
The exact message was : "Virus trojan horse downloader.purityscan.E is found in file D:\System volume information\_restore{468EDC65-34A7-4083-B78B-B1F57E0D8A13}\RP134\A0069581.exe To remove this virus, please run AVG for Windows"
I wanted to show to you this message. Now, I'll do a new hijackthis and I put the log.... 7mO
Logfile of HijackThis v1.97.7 Scan saved at 13:31:02, on 06/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
OK. I have done all that you want. To continue, here it is the programs founded ; maybe its can help you... MediaPlex Advertising.com Avenue A,Inc Double click DSO exploit Hit box.
I want talk to you about CClean who found always files... It is normal??? More, I do not know what doing about my firewall... I accept connexion with nescape, of course, and I refuse messenger, but I do not know what doing about Generic host process for Win32 services (I think that I can let it go on the net, cause If I Do not let it, I can't go on the net...) and about Spooler sub system...I disagree with his access, but I do not know really... 7mO
I remember now, sorry, but Is an autoconnect a good thing? I want to use ADSL autoconnect for my internet connexion. Is it a risk for the viruses or the trojans? But as I am using a program who need to internet connexion. Of course I can remove it... Thanks.... 7mO
Ok, I have got receive it.....thanks And very good job on my computer cause I can using it..... Sometime to time, I do Ccleaner..... And I can confirm that AVG is a super AV...lol TX 7mO
Hello touch' You help was very precious for me....but I think that I am a new time infected by a trijan/virus. My computer run very slowly, I can send information on the net.....and a lot of another things.... I have not any idea.... Can you help me please??? Can I put a new log??? If yes, can you put the link..... thanks... 7mO
To finish, I had used Kazaa to download files, and it was afeter that I had used it that I "meet" viruses... I do not know what dsoing about its... Thanks for your help...
Currently it is Friday, July 30, 2010 2:28 PM (GMT +2) There are a total of 79.134 posts in 17.897 threads. In the last 3 days there were 8 new threads and 53 reply posts. View Active Threads
Who's Online
This forum has 31950 registered members. Please welcome our newest member, Willow. 19 Guest(s), 0 Registered Member(s) are currently online. Details
|