Sponsored By

Dan

Members
  • Content Count

    742
  • Joined

  • Last visited

Everything posted by Dan

  1. Hey Arachnid You just need to check one thing: Open hijackThis click the "Scan" button, and check the following item: O2 - BHO: (no name) - {04047354-D353-11D2-B3EB-0060B03C5581} - (no file) Click the "Fix Checked" button and close HJT. Other than that you're clean (You probably have all this, but yeah, its customary!) We have a couple of last steps to perform and then you're all set. First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Under the Hidden files and folders heading UNSELECT Show hidden files and folders. CHECK the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Next, let's clean your restore points and set a new one: Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Restart your computer. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check Turn off System Restore. Click Apply, and then click OK. System Restore will now be active again. store points which are likely to be infected) Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. You should also have a good firewall. Here are 3 free ones available for personal use: Sygate Personal Firewall Kerio Personal Firewall ZoneAlarm and a good antivirus (these are also free for personal use): AVG Anti-Virus Avast Home Edition It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit Microsoft Windows Update monthly. And to keep your system clean run these free malware scanners AdAware SE Personal Spybot Search & Destroy weekly, and be aware of what emails you open and websites you visit. To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? Have a safe and happy computing day! Danny
  2. Dan

    24

    Wow! Great premere! I've been hooked since about a month ago.. It was hard watching seasons 1 - 4 in a month But the stupid tivo left out the last 10 min, so I didn't get to see it, but got a recap today Danny
  3. I'd wait for a ps3 The xbox is too expensive for me, and isn't worth it ATM, PS2 has a bigger game range, and its smaller then the xbox.... Danny
  4. Dan

    Hjl

    Hi, Do you know what this program is? EZ-DUB.exe? Now, Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Danny
  5. Dan

    Hjl

    Hi, Please take a look at this post here: http://www.besttechie.net/forums/index.php?showtopic=5672 Post me a HJT log please Sorry, Just saw it! I'm getting a responce ready
  6. Great news!!! A WMF Patch has been released! http://www.microsoft.com/athome/security/u...200601_WMF.mspx Danny
  7. What about Ilfak's patch? I think that unregistring the dll and running that patch are still the best things to do /for now/...
  8. Hexblog is down because of too much trafic... :x The patch is hosted here: http://handlers.sans.org/tliston/wmffix_hexblog14.exe And CCops is going to host a board for Ilfak....
  9. Hexblog is down because of too much trafic... :x The patch is hosted here: http://handlers.sans.org/tliston/wmffix_hexblog14.exe And CCops is going to host a board for Ilfak....
  10. Read more: http://news.com.com/Sony+settles+rootkit+c...html?tag=cd.top Danny
  11. The link doesn't work Pete.. http://blogs.technet.com/jesper_johansson/.../02/416762.aspx ^Theres the link I see your point. I'm still going to use the patch, but I think it'll be better for users to unregister the dll..... Danny
  12. Hey everyone, Here is some backround information about the WMF Exploit: From here: http://blogs.technet.com/jesper_johansson/.../02/416762.aspx The most basic way to stop this is to just unregister the dll. To do this, you just need to click "Start --> Run" and type this: regsvr32 /u %windir%\system32\shimgvw.dll This will unregister the dll, but you have to be an administrator. A few days ago, and stumbled apon this: http://www.hexblog.com/2005/12/wmf_vuln.html#more This is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary! I recommend you read the post under this about what Pete said. When Microsoft Issues a patch, please use that one! Here are the technical details: Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful Danny
  13. Hey everyone, I was reading a few days ago, and stumbled apon this: http://www.hexblog.com/2005/12/wmf_vuln.html#more This is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary! When Microsoft Issues a patch, please use that one! Here are the technical details: Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful I believe that all of the sites that have HOSTS files are updating them so that the wmf exploit gets blocked. Danny
  14. Hi, Sorry for the delay You have a CoolWebSearch infection. Download CWShredder here to its own folder. Update CWShredder * Open CWShredder and click I AGREE * Click Check For Update * Close CWShredder Boot into Safe Mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows. Open HijackThis, click the "Scan" button, and check the following items: O2 - BHO: C:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINNT\adsldpbf.dll (file missing) O3 - Toolbar: (no name) - {C1D794EE-8B19-44EF-B8D5-6A7F34D235B8} - (no file) O4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exe O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dll O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing) Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis. Locate the following file, and delete it (If Present): C:\WINNT\alt.exe << This File Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in your next reply. Reboot and post a new HijackThis log as well as the ActiveScan log. Danny
  15. Hi, That's a toolbar entry which isn't there anymore. You can check those. (Only with the BHOs and Toolbars). The MCRG is legit. I don't know what it is related too, but yes it is legit. Ok..Open HJT Click the Scan button and check the following items: O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) Close all windows except HJT and click the Fix Checked button. Reboot and post a new log. Danny
  16. Hi, Please click "Start --> Find" and search for the file "MCRG.*". If it finds anything, right-click on it and choose "Properties", then click on the "Version" tab at the top. Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each. dk
  17. Cookies!?!!!?! I want some!!!! /me takes all of the cookies from mac and eats them
  18. Wow..I haven't been in this thread for a while, and this is what it comes to... Talking about our pet rocks and smurfs..but as long as mac is here, who knows what to expect!!!! BTW, Merry Xmas! Danny
  19. Dan

    Merry Xmas!

    Merry Xmas everyone! I got a copy of Spysweeper from my mom. I also got $145, and an Ipod Danny
  20. Dan

    Xbox 360

    I can't wait untill the Nintendo Revolution comes out! I'm a big nintendo fan, so yeah. Danny
  21. Hi, Please take a look at this post: http://www.besttechie.net/forums/index.php?showtopic=5672 And post a HijackThis log. An expert will look at it shortly. Danny
  22. You know what I want to request Jeff? Some Broadband so I can listen But great Idea Jeff Get your mic hooked up like the last time you had it up Danny