Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

  • Country

    United Kingdom

Everything posted by coltm4carbine

  1. Oh shoot, missed something (harmless though...so don't panic). Open HJT and fix the following: O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing) Show hidden files and delete (if it's still there - it should be gone anyway - just incase): C:\WINDOWS\SYSTEM32\winhoo32.dll Reboot. I also suggest you remove all your versions of Java and install a new one here. I have also noticed that you have both ad-aware personal and pro. You might want to remove one. Also I think there's a newer version of adobe acrobat reader... (I am not sure, I use foxit) I'll leave your firefox issue with the other people who knows a lot more about computers than me, but a suggestion. do you have an ad blocker? sounds like online adverts to me.
  2. Go to add/remove program and remove: McAfee personal firewall Although I do suggest you keep the firewall... ...Apart from that... Clean! Congratulations. Let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading UNSELECT Show hidden files and folders. * CHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ==================== Vundofix is a tool that finds vundo and removes it. Freeware... Because of this tool the creator was awarded the Microsoft MVP for windows security... It's used all over the antispyware community... It worked on the OP and the other people I've used it on... Can you also remind me what the firefox problem? Although I may not be able to help I'm sure some of the brains on here will be able to help...
  3. In that case can you also do this: * Start HijackThis and click on Open Misc Tools section * Look for and click on Open Uninstall Manager... * Look to the right and click on Save As.. * Save it to your desktop and copy the contents of that to me It'll give me a list of your add/remove programs. You should be able to uninstall McAfee and Yahoo from there (add/remove programs)... Also make a list of things from the list that you don't recognise or don't want and post a reply here.
  4. Wow..thats a lot more Dlls than I was expecting.. I was expecting like 3 or 4 max.... Sorry for making you stay up all night , never would of guessed it would of taken that long.. Those are the vundo entries. That's why I said rename HiJackthis to scan.exe.Also How many antivirus(es) do you have installed (that are running)? === Fix === ==== STEP 1 ==== Download AVG Anti-Spyware from HERE and save that file to your desktop. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files. On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. [*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. [*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine". [*]Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. ==== Step 2 ==== You might want to print this set of instructions off or at least save it somewhere in your HD since you'll be going into safemode and deleting some files. If you get stuck or don't understand any part of the instruction, post a reply here. Be VERY careful when deleting the files manually. Let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion. * Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Under the Hidden files and folders heading SELECT Show hidden files and folders. * UNCHECK the Hide protected operating system files (recommended) option. * Click Yes to confirm. * Click OK. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: (no name) - {0AFEA888-B97B-4EDE-AC47-1FEE31D5CEE5} - C:\WINDOWS\system32\wvuspmm.dll (file missing) O2 - BHO: (no name) - {3A90860B-8474-961B-998A-0430C13EFEB8} - C:\WINDOWS\system32\ulsgsgb.dll O2 - BHO: (no name) - {42C40336-ED1A-4A3D-A0AD-4C5F3CD3F11F} - C:\WINDOWS\system32\ddccc.dll (file missing) O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\hhxgallc.dll",setvm O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode. Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present): C:\WINDOWS\system32\wvuspmm.dll C:\WINDOWS\system32\ulsgsgb.dll C:\WINDOWS\system32\ddccc.dll C:\WINDOWS\system32\hhxgallc.dll IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: [*]Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. [*]Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". [*]AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: [*]If you have any infections you will prompted, then select "Apply all actions" [*]Next select the "Reports" icon at the top. [*]Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). [*]Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Also provide an update as to how your computer's running (how's the pop-ups..). In your next reply include the following: How your computer's running (how's the pop-ups) A new HJT log AVG antispyware report EDIT: Ok, good to know that IE is getting better. Try fixing the entries I said and run the AVG antispyware scan. That will pick up anything that HJT didn't see or anything that I've missed.
  5. <Removed..OP has replied...> As for adding vundofix to the malware package it's not going to be a good idea, since it's a specific tool. It's just like adding smitfraudfix and haxfix to the malware package (there are a lot more tools)... If you don't know how to use it then it'll break your computer. Vundo fix might take over 10 minutes to run fully. I'll wait for another 5 min to see the log before I leave (I've got school so I have to go soon)
  6. It's shaded to make your life easier without having to read more than the basics. The reason why none of the guys told you to run vundofix was because most of them haven't heard of them, since you'll most likely only see it in Specialized Malware Removal forums where I can assure you that some people on this forum aren't allowed to post in (Geekstogo, Atribune.org, Spywareinfo etc.). Some people may be very smart on here on some parts of computing but they don't know everything. That link I gave you was a direct download anyway, so you'll be asked to download it straight away. This is to save some noobs from downloading the wrong thing and breaking their computers and expecting the helper to be responsible. You like the pop-ups fine by me, I'm just trying to correct people here and help them learn a bit more, so they wont make the same mistake twice (2nd time I've seen someone miss vundo - that's why I've posted. Otherwise I would of just left it - it doesn't affect me so why should I spend my time trying to help when I can be playing games). You don't like my instructions fine by me go off an uninstall IE. Do whatever you want. Click on it if you trust me. Get a mod to remove my post or get an admin to ban me if you don't. Your choice. I don't really care since this is not my computer and this is not a place I'd be expecting to have to post a HJT log anyway. I would of expected at least 1 person to find vundo in the log but I was wrong. Sorry to sound childish (I am only 14) but that's how I feel. Just cos I'm a noob on here doesn't mean I'll spam you with malware infested links. Just cos I ain't well known doesn't mean you can't trust me over 1 link. ==== NOTE ==== If I do get banned here's the reason for using vundofix anyway: His HJT log lacks ANY o2 Entries. If he gives me a new HJT log after renaming the program, you'll all see the entries responsible for his pop-ups. If a HJT log has no o2 entries, get the user to rename HJT and scan again.
  7. Ok, Perfect, you've still got the trojan (not that perfect, but now I can show everyone where he went wrong). Ok, Let's do this...my way. ===== STEP 1 ===== Rename hijackthis to scan.exe. (optional post the log if you want to show everyone where they went wrong [it'll help them learn from their mistakes]) ===== Step 2 ===== Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YESs Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. ==== Step 3 ==== Post a new hijackthis log This is NOT optional - I need to see it. ============ Also don't remove IE yet..It's not worth it just because of some pop-ups. EDIT: fixed some format errors.
  8. To make hopefully help the person who said you was clean notice where he went wrong. (P.S I don't mean it in a bad way.. Just a way where I can suggest a few things.) Can you: Post a new HiJackThis log on here? From your old log I have noticed vundo but since the log might have changed, I want to check a newer log first.
  9. I think your problem is adware. (EDIT: I had a quick look over your HiJackThis log where someone said you was clean and I can see the cause of your problems). Also Just to add internet explorer is needed for windows update (unless you have IE tabs)
  10. Sorry, Im not sure if I'm allowed to post this, He has the vundo adware. Latest varient. (I can see it from the HJT log so don't flame me) Rename HJT.exe to scan.exe. Run another scan then u'll see the bad entries. EDIT: Just saw the BHO entries. Those are the random ones from vundo that you *should* of seen with HJT.
  11. Things I use AVG antispyware (formaly ewido) HijackThis My professional tech mind...ok so not exactly a pro but if it's works then it's good enough for me.
  12. This might be late now but: CWS - I've got the infected files for the bootconf (I think -I am sure it's one of the CWS varients) LOP, if you haven't got that from messenger plus already Aurora - pain to get rid of The older version of vundo - the symantec removal tool doesn't remove it. ISTbar Horseserver if you can find the d/l for it. Ivideocodec Partypoker Also go to a crack site - they are full of these sorts of crap.
  13. Yeh I tried it out and i actually quite liked it.. i think i missed out URGE because my install was only 26mb... but i do remember selecting everything on it. I like the new look, and the new visual effects.. I haven't tried playing a DVD on it but I might try it later.. So far so good with WMP11, not a single error
  14. I plan to get Vista when it comes out. I am a bit peed off about me not being able to connect to my wireless internet [Might be a driver problem or something like that]... apart from that I think it's ok so far so yeh I'll get it if my mum let's me. First time i installed it it gave me a BSoD [yes they still use it] Second time it worked and now I really cba to get the internet on it... Hopefully it'll be a lot better when it officially comes out edit: typos
  15. I use Ad-aware, spybot s&d, Hijack this, cwshredder and loads of others. Spyware doctor gave me loads of false possitives so I gave up on that. Ad-aware catches most of the stuff but I think it works even better when used with spybot. MSAS did help me a lot when it flagged my Norton AV when I was uninstalling it :thumpsup:. I prefered BETA 1 of it rather than Windows Defender. Rather than preventing it I am one of those who prefers the clean up. Might be my internet surfing habits but none of those programs have actually found anything on my computer for way over 1/2 year now.
  16. I have:- 2x Windows XP home sp2 1x WIndows XP pro 1x Windows 2000 1x Windows 98 1x Windows 95 Ubuntu, SuSE [live CD], knoppix [live cd]. I mainly use my Windows XP home because thats like the operating system that makes me feel "right".
  17. Kaspersky or McAfee. Difficult choice. McAfee haven't let any viruses into my desktop since I had it and Kaspersky has caught over 6 viruses which symantec/norton missed. Norton was preinstalled on my laptop, but i uninstalled it within 2 days because it caused too much trouble [Performance, BSoD, viruses]. lol My cousin uses Nod32 but i haven't tried it myself but from what I heard it's the fastest scanner there is. Avast didn't catch anything on my Windows 98 so i ditched it and swapped it with AVG free.
  18. My first post here so i am really nervous.. on msdn, the download will be an iso image from what i heard...[not sure] Well for a start, personally i don't think using pirated software is going to help M$ much [maybe lose money?]. Also don't you need the key before you can install it (before the license and that)?

  • Create New...