SKYNET - yikes! - Page 2 - Safer-Networking Forums

tech108 · 2009-08-30, 00:50

Ken,

Thank you for your help. I need to leave for a few hours, but I'll check in when I get back. I've just visited your website and I really appreciate your sense of community.

Stay cool.

**ken545** · 2009-08-30, 01:10

Hello,

Quote:

I'd like to do fresh installs of firefox and IE - is that recommended?

By all means. The version your running now is very outdated , you need to download and install Internet Explorer 8.

You can do that by running windows updates.
Open IE and go to Tools> Windows Updates and download any critical updates.

You should update Firefox as well. The latest version is 3.5.2. When you open Firefox , go to Help> Check for Updates and it should download and install the latest version.

Here are the links if you need them

http://www.microsoft.com/windows/int...ide-sites.aspx

http://www.mozilla.com/en-US/firefox/all.html

As a final scan, I always like to run a free online virus scanner as a doublecheck.

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

How are things running now ??

tech108 · 2009-08-30, 23:59

Hello Ken.

I have updated both firefox and IX - but I still have a problem.

I can't run the last online tool. The css (something is broken - there are no background images or colors) in both firefox and IX is still broken.

I am not able to get to a button in ESET to click "YES"

tech108 · 2009-08-31, 00:37

Running ESET now - by hunting and pecking I found all the buttons to get it to run.

Win32/TrojanClicker.Agent.NHH - found

ESET did not provide a log.

**ken545** · 2009-08-31, 01:00

It will be found here
C:\Program Files\EsetOnlineScanner\log.txt

tech108 · 2009-08-31, 01:10

I must have erased it - I am rerunning this.

Originally it found 2 threats.

tech108 · 2009-08-31, 01:31

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=c122f812f8044844b1248bdc66b1c41d
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-30 11:23:29
# local_time=2009-08-30 04:23:29 (-0800, Pacific Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 37 100 100 118333856370
# scanned=57723
# found=0
# cleaned=0
# scan_time=1516

Still not getting background images or colors in IE or firefox. Also, unable to use Microsoft Update.

**ken545** · 2009-08-31, 02:52

HI,

Logs look good, all the malware is gone. As far as not getting color and no windows updates, that may be a windows problem. Why don't you post here and see if they can help you resolve it. You can link them to this thread so they can see what we have done. If you like, link me to the thread so I can follow along and offer any info they may need. This forum is for malware removal only, we do not do any windows support.

Windows Support <-- Our sister site
PcPitStop <-- You can take your system in for a checkup here.

tech108 · 2009-08-31, 02:58

Ken you've been great. Thank you.

The computer now has a bunch of programs loaded, should I uninstall all the malware tools?

Also, do you have a favorite link to what steps I should take to protect future problems?

Again, thanks for all the great help.

**ken545** · 2009-08-31, 03:11

Lets do this.

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Quote:

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

2009-08-31, 01:00	#15
ken545 Security Expert Join Date: Nov 2005 Location: Darien, CT Posts: 8,297	It will be found here C:\Program Files\EsetOnlineScanner\log.txt __________________ Microsoft MVP Consumer Security 2007-2008-2009 ERROR MESSAGE 386 No KeyBoard Detected Press F1 To Continue

2009-08-31, 02:52	#18
ken545 Security Expert Join Date: Nov 2005 Location: Darien, CT Posts: 8,297	HI, Logs look good, all the malware is gone. As far as not getting color and no windows updates, that may be a windows problem. Why don't you post here and see if they can help you resolve it. You can link them to this thread so they can see what we have done. If you like, link me to the thread so I can follow along and offer any info they may need. This forum is for malware removal only, we do not do any windows support. Windows Support <-- Our sister site PcPitStop <-- You can take your system in for a checkup here. __________________ Microsoft MVP Consumer Security 2007-2008-2009 ERROR MESSAGE 386 No KeyBoard Detected Press F1 To Continue

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

2009-08-30, 00:50	#11
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	Ken, Thank you for your help. I need to leave for a few hours, but I'll check in when I get back. I've just visited your website and I really appreciate your sense of community. Stay cool.

2009-08-30, 23:59	#13
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	Hello Ken. I have updated both firefox and IX - but I still have a problem. I can't run the last online tool. The css (something is broken - there are no background images or colors) in both firefox and IX is still broken. I am not able to get to a button in ESET to click "YES"

2009-08-31, 00:37	#14
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	Running ESET now - by hunting and pecking I found all the buttons to get it to run. Win32/TrojanClicker.Agent.NHH - found ESET did not provide a log.

2009-08-31, 01:10	#16
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	I must have erased it - I am rerunning this. Originally it found 2 threats.

2009-08-31, 01:31	#17
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=c122f812f8044844b1248bdc66b1c41d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-08-30 11:23:29 # local_time=2009-08-30 04:23:29 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 118333856370 # scanned=57723 # found=0 # cleaned=0 # scan_time=1516 Still not getting background images or colors in IE or firefox. Also, unable to use Microsoft Update.

2009-08-31, 02:58	#19
tech108 Junior Member Join Date: Aug 2009 Location: california Posts: 12	Ken you've been great. Thank you. The computer now has a bunch of programs loaded, should I uninstall all the malware tools? Also, do you have a favorite link to what steps I should take to protect future problems? Again, thanks for all the great help.