Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
Around, Us
 ·Comcast
| reply to RavonTUS
Re: Do you trust the uninstaller?
said by RavonTUS  :What would you do? Wait on the calvary and while waiting read a somewhat recent post by miekiemoes as it was being removed.
This post---> »Had bad problems with Virus |
|
sanjuandav
join:2005-12-07
Friday Harbor, WA
| Thanks!!!!!
Why can't someone create an operating system for people who just want email, internet access and some basic office programs that isn't susceptible to these kind of problems. I might have a little streak of geek but it's asking too much of someone about to qualify as a senior citizen to be able to find and use this wonderful fix, or even to find the problem.
I suppose I should buy antivirus software, but would it have stopped this? I hate to have to slow down the system and pay money to prevent malicious software from hiding in the operating system when a decent operating system wouldn't permit it in the first place. My software friends tell me the operating system has to be this complicated to let everyone do what they want to do, but I think there should be a simpler, more bullet proof system, for those us who just want basic services.
Anyway, you just saved me from a lot of frustration. Thanks again. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Hi sanjuandav, and welcome to DSLReports Security Forum 
Without taking this thread too far off topic, you should know there are alternative operating systems, but none are what I would call "bulletproof" and you would need to learn how to use and protect them as well. Also, for Windows there are some fine free Antivirus (and other programs) available to protect your system. And there are other things you can do that require no special program at all, just a little know how to secure your system.
You might want to start a new topic or browse our FAQ pages
»Security
get some tips on how to secure your system. In particular, you might want to start with this one: »Security »How do I prevent browser hijacks and spyware?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
ambience
@cable.rogers
| Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters.
here's my log ----
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45]
@="vzx658AHIIHIIJI8Zw\\bhBcHIIHXKIrdiioInF9Az3ONIy8:Cz89IvAv8:y\\zJ9F9"
"Device"="\\\\.\\rEbgGMuH"
"DriverPath"="C:\\WINNT\\System32\\drivers\\ataridge.sys"
"DriverName"="aecport"
"HideUninstallerName"="C:\\Program Files\\Abcrixxx\\dmlphost.exe"
"UninstallerPath"="C:\\WINNT\\System32\\minvdmod.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINNT\\System32\\atrctrac.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xeaafef2-cba3-7c9a-0cb5-ccb96dcaee12}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Abcrixxx\\srrdocvw.exe"
************
Removing hidden service:
Service aecport removed.
Removing hidden folder:
Deletion of folder Abcrixxx succeeded!
Deleting files:
Deletion of file C:\WINNT\System32\drivers\ataridge.sys succeeded!
Deletion of file C:\WINNT\System32\ddrtopen.exe succeeded!
Deletion of file C:\WINNT\System32\atrctrac.dll succeeded!
Deletion of file C:\WINNT\System32\minvdmod.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CsXhrAvFfS45]
[-HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}]
Done!
Finished! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by ambience :
Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters.
That's a first! It is possible you have some securtiy program settings that are blocking the changes? Are you running Adaware with Adwatch enabled?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
ambience
@cable.rogers
| I do have adaware installed, but AdWatch is turned off.
HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time.
Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| said by ambience :
I do have adaware installed, but AdWatch is turned off. Just turning it off is sometimes not enough. It adds them back when you re-enable it on reboot.
Make sure you have disabled Adwatch in this manner:
This to Disable AdWatch
Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.
quote:
HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time.
So you are saying the AproposFix log now comes up clean?
quote:
Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites.
quote:
Those two files I do not see in the log. Possibly you have something else on the system besides this pest? If so, AproposFix will not address those. Go through these steps and post a new topic. We'll see if we can help.
»Security »I think my computer is infected or hijacked. What should I do?
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
ambience
@cable.rogers
| ok, I don't have ad-watch on because my version of adaware doesn't have it hehe. I do have spysweeper installed, I've noticed sometimes it blocks things.
The log below is what I get when I scanned again. Still no device manager
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| ambience,
That log is clean so we've exhausted that. For remaining issues you'll need to go here:
»Security »I think my computer is infected or hijacked. What should I do?
and then post a new topic. |
|
