Hi,
Sorry to jump in for a second..
Do you know what program the C:\Program Files\BChanger is?
Did you install it? If so, can you provide us the info and link where you can download it?
If...
Type: Posts; User: miekiemoes; Keyword(s):
Hi,
Sorry to jump in for a second..
Do you know what program the C:\Program Files\BChanger is?
Did you install it? If so, can you provide us the info and link where you can download it?
If...
Good everything is Ok now. Guess the damage was worse than expected.
I just hope you keep in mind not to visit cracksites or other illegal sites anymore.. because that's what I already said in my...
I am sorry to hear that more and more problems appear..
Looks like a lot got corrupted - and I guess this is mainly because services are failing to start - most probably because of a corrupted...
I see you posted in between..
Hmm, just found this thread:
http://www.errorforum.com/security-firewall-error/4684-windows-firewall-system-restore-services-desktop-problems.html
It looks like...
But is the service started? What does it say next to status of the service? It should be started. In case if it's not started, click the start button under it.
Yes, but as I already said, I don't...
And since when did this all happen? Because it's quite confusing since I don't know what other steps you have performed in between. I know you have been fixing entries in HijackThis in between as...
What other problems do you mean here?
Well, the malware is gone here now.
Now it's a matter of restoring getting rid of that error in Internet Explorer after you have been fixing these legitimate entries.
What I suggest is, Uninstall...
Anyway, what I also suggest is, from the computer you're on now - where you can get on the Internet with Internet Explorer, download Firefox: http://www.mozilla-europe.org/nl/products/firefox/
Then...
Also restore these please:
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item:...
Well, actually you did delete some entries I didn't ask to delete though...
From your first HijackThislog:
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program...
This is really strange...
Have you been deleting anything else I didn't ask? Because I see you have been fixing entries in your HijackThislog already while I didn't instructed it yet.
You have...
Ok, since you don't know this SearchTool and I see the folder was created recently, it should go, because that's why I asked a sample in the first place, since it looked suspicious.
There's also...
Sidenote.. Ever wondered why you got infected?
I see you're not afraid of visiting cracksites and other illegal sites, because some cracks are being flagged as malicious.
If you visit cracksites,...
Hi,
Do you have any idea with what this C:\Program Files\SearchTool\SearchTool.dll is related? Did you install it?
It has references to this forum in its strings:...
Hi,
Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:
...
Hi,
Logs still look clean :)
Read here how to defragment: http://helpdesk.its.uiowa.edu/windows/instructions/defrag.htm
In your case, it may take a long time to defragment since you have...
Clean logs again.
Delete the C:\Qoobox folder.
Let me know how things are now. :)
Hi,
Only leftovers here...
Navigate to the following folder:
C:\Program Files\Common Files
In there, there will be a folder called "à?pPatch".
It will most probably look like appPatch....
Hi,
Please delete the version of combofix you are having, because since we are already 3 weeks further, it has been updated and now it should normally run (since I guess it's a FAT32 in your case...
Glad I could help. :)
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take...
Hi,
Your log looks clean again. How are things now?
Looks like we are running around in circles here.
Anyway, Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a...
Hi,
Please reboot your computer, because I see a process is still loaded which is actually "moved" by Combofix. A next reboot should move the file properly.
So reboot your computer.
After...
Hello,
This is much better, but we're not finished yet...
Open notepad and copy/paste the text in the quotebox below into it:
Save this as ComboFix-Do.txt
Hi,
As far as I can see, Avira certainly already deleted a lot of other malware that was present before.
Let's deal with the rest now..
* Start HijackThis, close all open windows leaving only...
Hello,
I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!
Avira,...
Funny things going on there...
Anyway, let's see if Combofix runs in Windows Safe mode, but first, I want you to remove the current Version of Combofix and redownload it again from here:...
Ok, do next please..
Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
(fsbl.exe - graphical user interface)
Double-click...
Hi,
I see from your log that Combofix was still running after reboot. You really have to wait till the logfile opens.
Look on your C:\ if there's a combofix.txt present and copy and paste the...
Glad I could help. :)
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take...
Hello,
Just some leftovers now...
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
O8 - Extra context menu item:...
Hello,
I see you were dealing with a flashdrive infection previously as well, so perform next step first..
* Download next removal tool to your desktop:...
The combofix.txt should be on your F:\ though.
Did you run Combofix.exe from your desktop as instructed? Did it actually run and then rebooted your system?
Anyway, please try again please...
Hello,
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When...
Glad I could help. :)
Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take...
Good to hear.
Yes, it's always better to have your Windows Firewall enabled even though you have a hardware firewall.
Glad I could help. :)
Please read my Prevention page with lots of info...
Hi,
Your logs look clean again.
Just a few more things to do though..
Delete the folder C:\Qoobox
Your version of Java is outdated and needs to be updated to take advantage of fixes that...
Hi,
we'll have to give this another run..
Open the ComboFix-Do.txt you created previously and edit out its contents.
Then modify it with the contents below:
Open notepad and copy/paste the...
Hello,
Let's deal with the rest now...
perform my next steps in the right order please...
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware...
Hi,
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When...
Hi,
If you can't find it, don't worry. This means that it was most probably already uninstalled previously, but registry entries remained.
Just proceed with next steps then.. :)
And I'll read...
Hi,
Please uninstall MyWebSearch via software > add/remove programs.
Then reboot.
After reboot, * Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click...
Hello,
I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!
Avira,...
Hello,
* Go to start > controlpanel > software > Add or Remove Programs and uninstall next if present:
Winpop
DeluxeCommunications
winantispyware 2007
Then reboot. Really important.
It looks like the malware should be gone now.... But as I said previously, especially with this variant of infection, you cannot trust this computer anymore for 100%.
If everything works OK and you...
As far as I can see, the SRENG log looks OK.
C:\WINDOWS\system32\spmsg2.dll is OK as well.
But.. the other two files are related with the malware you were dealing with, so delete next files:
...
Hi,
The good news is, Catchme doesn't list any hidden files anymore.
Check and fix next leftover in HijackThis:
O2 - BHO: (no name) - {2DB59DF5-544D-4A1C-8A74-1FD054950140} - (no file)
...
Hi,
Now only your Temporary Internet Files are hidden... This malware is acting weird and now I cannot see from that log if the infection is still present or not..
First of all, as you said...
Hi,
So you didn't perform the steps with the Avenger yet? No need to do this now. What I guess what happened here is, the haxfix never properly finished its job. So I guess it ran after reboot and...