Page 5 of 5 FirstFirst 12345
Results 41 to 43 of 43

Thread: can't get rid of hldrrr.exe, srosa.sys, wintems.exe

  1. #41
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Ok we are nearly done

    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\drivers\down

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.



    You also have two anti-viruses, Avast and AVG, you need to remove one of these or it will cause a lot of problems. They are both good, so it is up to you. So go to Add or Remove Programs to remove one.


    Can you also tell me how your PC is running now.


    Also, sorry to ask again, can I get a screenshot of the Processes section of IceSword
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  2. #42
    Junior Member
    Join Date
    Jan 2008
    Posts
    29

    Default

    Done. Here's MoveIt report:

    C:\WINDOWS\system32\drivers\down moved successfully.

    Created on 01/10/2008 13:09:22
    Quote Originally Posted by Rorschach112 View Post
    Also, sorry to ask again, can I get a screenshot of the Processes section of IceSword
    Sure. I posted a log before, but here's the screenshot: is-processes.jpg

    The PC seems to be running normally.

    I will uninstall one of the antivirus. I thought that double protection would reduce the probabilitiy of infection in a multiplicative way (say, if prob. of infection with any of them is 0.001, with both it would be 0.001^2=0.000001, but then, I am a theoretical physicist, not a computer safety guru...).

    Rorschach, I thank you so much for your help with this problem. If you ever come to Bariloche, Argentina, come pay me a visit. I will cook you a good "asado". You already have my webpage address.

    I hope I could pay back to the forum some of the help I received from you.

    Guillermo

  3. #43
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Hello Guillermo

    Sure. I posted a log before,
    I am just doing some research so those screenshots will come in very handy, thanks

    I thought that double protection would reduce the probabilitiy of infection
    Running two anti-virus programs or two firewalls means they will have problems conflicting with each other. So you can have major slow down and blue screens of deaths. Theoretically you are right though

    Rorschach, I thank you so much for your help with this problem. If you ever come to Bariloche, Argentina, come pay me a visit. I will cook you a good "asado".
    I can't take all the credit, it was a joint effort Asado sounds nice !


    Just a few things to do to make sure you don't get infected in the future.

    It is very important that you delete IceSword.exe


    Some clean up :

    Please double-click OTMoveIt.exe to run it.
    Click the Clean up button
    Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
    Click Yes to the reboot


    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •