republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Trojan] Trojan Removal?
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
« Hijack  
AuthorAll Replies


TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA

reply to JonS1983
Re: [Trojan] Trojan Removal?

quote:
C:\Program Files\HijackThis\peanutbutter.exe
How appropriate, after I used some on a mousetrap this morning. :) :)

Your version of HijackThis is outdated.
Please download the current version of 'Hijack This!:
»www.trendsecure.com/portal/en-US···download
Please save it in a convenient permanent folder such as C:\HJT\,
and be sure the next log is with the newer version.
If it won't run (you may find that it will run now), rename it as last time.

Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

You need to run an antivirus program and keep it up-to-date. I don't see one in your HijackThis log, although I see en entry that shows you had AVG 8 installed at one time. I recommend you go to Control Panel's Add or Remove Programs, and uninstall AVG 8 if there is still an entry for it. Then you need to reinstall an antivirus program. You can re-install AVG 8, but I would recommend that for now you try Avira AntiVir PersonalEdition Classic available at http://www.free-av.com. It's an excellent scanner, and it will give a log to post, and there is a tutorial available on it's installation here:
»www.free-av.com/en/pages/20/Inst···Vir.html.

After installing AntiVir and updating it, perform a full system scan and clean everything found.
When the system scan completes, reboot.
After rebooting, open your Avira AntiVir and select "Reports".
Double-click the report from the full scan you just completed. Click the "Report File" button and copy and paste this report in your next reply.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{334D1067-913A-46B0-B67B-37FCBB2476C0}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F4D6420-A3C8-4AEE-A256-013B68992699}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CS1\Services\Tcpip\..\{334D1067-913A-46B0-B67B-37FCBB2476C0}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CS2\Services\Tcpip\..\{334D1067-913A-46B0-B67B-37FCBB2476C0}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.24,85.255.112.118

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates, your database version is outdated.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Download ComboFix© by sUBs from one of these locations:


* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
»www.bleepingcomputer.com/combofi···combofix

- Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.

- Double click on ComboFix.exe & follow the prompts.

- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Please post a new HijackThis log, the log from MBAM, the log from Avira, and in a second reply as it could get too long, the log from ComboFix (combofix.txt), and note any errors encountered.

--
Proud ASAP member since 2005
to forum · permalink · · 2009-06-11 21:52:55 · Reply to this
-
Forums » Up and Running » Security » Security Cleanup« Hijack  

Sunday, 29-Nov 14:11:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [124] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [77] Weekend Open Thread
· [76] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Is Easynews down? [Filesharing Software]
· Are GPS's better today? [General Questions]
· Windows 7 boot manager editing questions [Microsoft Help]
· [NFL] Week 12 Games Thread [Sports Chat]
· Grey Cup on the Web? [Canadian Chat]
· What is the spell hit cap for a lvl 80 full arcane spec mage [World of Warcraft]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Surfers beware !!! [TekSavvy]
· U-Verse Commercial [AT&T U-verse]
· Samsung LCD TV No Picture but has Sound [Electronics]