Sponsored By

sari

Members
  • Content Count

    105
  • Joined

  • Last visited

About sari

  • Rank
    HJT Team

Contact Methods

Profile Information

  • Location
    Maryland
  1. Chrissie, That looks good. Just a little clean up, and you should be ready to go. Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. You can also delete the smitfraudfix program we installed at the beginning. Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news). Turn OFF System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Restart your computer. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically. Automatic Updates for Windows Click Start. Select Settings and then Control Panel. Select Automatic Updates. Click Automatic (recommended) Choose a day and a time when you know the computer will be on and connected to the internet. Click Apply then OK. In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 7). Once downloaded, install it and then Reboot your computer. It is most important that you also uninstall older versions of Java. Click Start, Control Panel, Add/Remove Programs. Delete all Java updates except Java 6 Update 7 The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein. sari
  2. Chrissie, That looks better - I'm going to have you run an online virus scanner just as a final check. Please do an online scan with Kaspersky WebScanner Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases [*]Click on My Computer under Scan. [*]Once the scan is complete, it will display the results. Click on View Scan Report. [*]You will see a list of infected items there. Click on Save Report As.... [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. [*]Please post this log in your next reply. Upgrading Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")
  3. Chrissie, It looks like those runs cleaned up a lot of the issues. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O21 - SSODL: genadmui - {16824F4F-3B2B-AF53-C6C2-098B56D7403C} - C:\Program Files\gehndkd\genadmui.dll Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Please remove these entries from Add/Remove Programs in the Control Panel(if present): genadmui Please note any other programs that you dont recognize in that list in your next response Please delete these folders using Windows Explorer(if present): C:\Program Files\gehndkd After that, Reboot. Please post a new hijackthis log.
  4. Chrissie, First, I want to verify that what you're dragging looks like this: . Second, let's delete your version of Combofix and download a newer one. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** Once it's saved, drag the recovery console to it again, and report back here. Thanks, sari
  5. Chrissie, I'm checking on this - we'll get it resolved and get the rest of the PC cleaned up.
  6. Chrissie, I would really like for the recovery console to be installed. While I don't anticipate that we'll need it, there are still a number of infected files present. Would you please try dragging the recovery console file over to Combofix again? If you're asked to accept any EULAs by Microsoft, please accept them - it's a just a license agreement for the recovery console software. Once you've completed that, re-run combofix and post the log. Thanks, sari
  7. Chrissie, We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. sari
  8. Chrissie, Hi, and welcome to Besttechie. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click SmitfraudFix.exe Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm sari
  9. cirobest, Welcome to Besttechie. I apologize for the wait - I hope you're still checking. You have something called Lop, and I can help you with it. Disable your Avast anti-virus; you'll re-enable it after the scan Download Lop S&D < here Double-click Lop S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which is created: (%SystemDrive%\lopR.txt) sari
  10. samuel3838, Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Thanks, sari
  11. Samuel3838, Sorry - I didn't realize you had replied to this, and I was away for part of that time. Let me review what you have and I'll post shortly. sari
  12. Panda08, You'll download SP2 - that will install the recovery console. sari
  13. raiannon, Could you give some more detail on what you see? That hijackthis log is clean, so I'm curious what symptoms you're seeing, or what the scanners have found.
  14. Panda08, You had an infection called Wareout, that redirects your browser to other sites and generally interferes with how your PC runs. Most viruses, spyware, etc., interfere with the performance of the PC, so I'm not surprised yours was running much faster after that - it was the primary infection on your PC. I'd like you to follow some directions to install what's called the Recovery Console. This isn't to clear up anything you have; it's more of a safety measure. We're seeing more cases of nasty viruses that can prevent PCs from booting up, and having this installed could help you out in the future. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log. Please do not reboot your machine until we have reviewed the log. Once that's done, we'll clean up the tools we used and you can go on your way, malware-free! sari
  15. Panda08, How are things running now? Are you still having issues with slowness, because your logs are clean now. sari