Re: how to get to the point where I can run throug

Author	All Replies
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	reply to richb2 Re: how to get to the point where I can run throug All I see are some leftovers from the CWS infection, (but none are active). If you don't already have Killbox downloaded, do this Download the Pocket Killbox. »www.downloads.subratam.org/KillBox.zip Unzip the contents of KillBox.zip to a convenient location. Double-click on KillBox.exe. Put a dot in the box under Delete on reboot Paste each of these files into the "Full Path of File to Delete" box and press the red button with an "x" in it. (When asked to reboot, answer no after each until you get to the last one) C:\WINNT\SYSTEM32\ztyjc.dat C:\WINNT\SYSTEM32\tiigm.dll C:\WINNT\SYSTEM32\appsl.exe C:\WINNT\SYSTEM32\ikgym.dat C:\WINNT\SYSTEM32\yraku.txt C:\WINNT\SYSTEM32\d3ko32.exe C:\WINNT\SYSTEM32\d3de.exe C:\WINNT\SYSTEM32\ntuh32.exe C:\WINNT\SYSTEM32\ipvr.exe C:\WINNT\SYSTEM32\iehn32.exe C:\WINNT\SYSTEM32\ netjp.exe {answer yes to the reboot question after entering this last one) Killbox will make a backup of all of those just in case. Other than that, you log looks clean. I would recommend you get an online AV scan at Trend-micro's housecall as it, too, may find additional files to delete left over from the infection. Trend Micro (PC-cillin) - Free on-line Scan »housecall.antivirus.com -- It takes a disaster to make a woman out of a female Gladiator Security Forum Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · 2005-02-07 12:58:13 ·
richb2 Wooliewillie join:2001-12-31 Montvale, NJ	Do you think time has come to connect that PC up to the internet? I am gun shy since my last attempt. The first thing I want to do is to get that firewall downloaded and setup. Or should I do killbox first?
	to forum · permalink · 2005-02-07 13:26:49 ·
amysheehan Premium,VIP,MVM join:1999-12-21 Huntington Beach, CA kudos:9 Reviews: ·RoadRunner Cable 1 edit	said by richb2: Do you think time has come to connect that PC up to the internet? I am gun shy since my last attempt. The first thing I want to do is to get that firewall downloaded and setup. Or should I do killbox first? Follow CalamityJane's instructions before doing anything else, please.
	to forum · permalink · 2005-02-07 14:04:59 ·
richb2 Wooliewillie join:2001-12-31 Montvale, NJ	Thanks Amy. I am not connected with the subject machine and thus am not able to paste the above links into kill box. I have been sneaker-netting it. I just wanted to know if I could continue with the PC online. I will continue the way I am going until told to connect.
	to forum · permalink · 2005-02-07 17:58:50 ·
richb2 Wooliewillie join:2001-12-31 Montvale, NJ	reply to CalamityJane Well CalamityJane, I just connected to the internet so I could do this part of your instructs: Trend Micro (PC-cillin) - Free on-line Scan »housecall.antivirus.com What happened is that a few of those damned icons appeared on my desktop again "virus hunter", "pop-up blocker", etc. F-prot Realtime again popped up with something. Should I run another HJT log?
	to forum · permalink · 2005-02-07 18:14:38 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	Yes please. That doesn't sound good You could put the list of files to delete with killbox by putting it into a text file and copy to the other PC via floppy or CD?
	to forum · permalink · 2005-02-07 18:22:16 ·
richb2 Wooliewillie join:2001-12-31 Montvale, NJ	I did this. After doing Killbox, I decided to connect up. As soon as I saw the "popup blocker" on the desktop, I disconnected the cable. Would it make sense to go online, get a firewall installed, and then start removing again?
	to forum · permalink · 2005-02-07 18:49:51 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	said by richb2: I did this. Would it make sense to go online, get a firewall installed, and then start removing again? Yes, at this point it would.
	to forum · permalink · 2005-02-07 19:11:53 ·
richb2 Wooliewillie join:2001-12-31 Montvale, NJ	OK. I installed zone alarm. Any certain settings to catch this thing in the act?
	to forum · permalink · 2005-02-07 19:23:16 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL kudos:8	I believe on default install that everything is set to ask permission to access the internet under Program Control. Nothing should need server rights. So make sure everything has question marks in Program control and each application will popup an alert to allow or block. You should be able to spot any suspicious programs or applications that want to connect. Block it, make note of the file name and where it wants to connect to (all details). First, though, I need to see a HijackThis log to determine if anything snuck back on there. -- It takes a disaster to make a woman out of a female Gladiator Security Forum Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · 2005-02-07 19:40:56 ·

richb2 Wooliewillie join:2001-12-31 Montvale, NJ	I;ll have a HJT log for you in a few. Right now I am running the TrendMicro Housecall and it has found a number of viruses. I also noticed that the winnt/isrvs directory came back. I tried to delete it but it says that it is in use. I stopped desktop.exe via the task manager, but it still wouldn't remove. I will post the HJT log in a few minutes.
	to forum · permalink · 2005-02-07 19:57:23 ·

Broadband Tech > Security > Security > how to get to the point where I can run through st