Long time reader, first time poster...Big time problem...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Sting36e, Jan 29, 2006.

  1. Sting36e

    Sting36e Private E-2

    Hello, folks.

    I'd just like to say that I have been coming here for quite some time and never even needed to make a single post because you had all the answers waiting for me, and I should thank you all a great deal for that. One of the finest communities on the web, and I'm proud to say I've linked at least a couple of dozen people to these boards, if not more. They all have recieved great help as well.

    This time, however, I don't think I am capable of helping myself, and I think I require the assistance of a pro. I myself, while having been able to help myself before, really have very little knowledge of this stuff. Now, I did almost everything in the READ ME AND RUN ME FIRST thread, a few things I was not able to do. I think I know which malware problems I have, I am just unsure of how to rid myself of them, and I'd rather not take a chance and delete something important.

    Anyway, I have attached my HiJack This log file, hopefully someone can find the time to help me as this site has many many times before.

    Thanks, all the best...

    -Eric
     
    Last edited: Jan 30, 2006
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I need the logs from the two online scans listed in the READ ME.


    Then, please see the below thread on running the L2MeFix Tool.

     
  3. Sting36e

    Sting36e Private E-2

    I wasn't able to run either unfortunately. In the BitDefender case, it just didn't allow me to click on the button to begin the scan. It was as if it wasn't a link to something, just a picture on the page. In the Panda case, once it got to the part where it told me to choose a device, I would, and nothing happened. The Int. Explorer stat us bar would say Error. I don't know what to do about either.
     
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Okay, just run the Look2Me VX2 Removal thread then post a fresh HJT log.
     
  5. Sting36e

    Sting36e Private E-2

    All right, first, here are my two logs after the Look2Me VX2 Removal thread...I hope I did this correctly.
     
    Last edited: Jan 30, 2006
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

  7. Sting36e

    Sting36e Private E-2

    ...And here is a fresh copy of the HJT log

    Something tells me I made a mistake.
     
    Last edited: Jan 30, 2006
  8. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Looks as if it were removed but you have other issues we need to address as well. Go ahead and run the two programs in my previous post and attach those logs and we will go from there.
     
  9. Sting36e

    Sting36e Private E-2

    I was unable to post these until now, but here they are. Nothing else was done to the computer except as instructed in those two threads.
     

    Attached Files:

  10. Sting36e

    Sting36e Private E-2

  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download AproposFix© by Swandog46

    Save it to your desktop or to another folder of its own, but do NOT run it yet!

    Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

    Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

    When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.
     
  12. Sting36e

    Sting36e Private E-2

    I'm sorry, I had to go away suddenly for a few days. Anyway, here are the two logs. Hope there isn't much more, if anything, that needs to be done.

    Thanks again.
     

    Attached Files:

  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Please look in Add/Remove Programs for the following and uninstall them if found:

    Ewido

    Spy Sweeper


    Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:[/FONT][/B]

    eee2.exe

    Now scan with HijackThis and check the boxes for the following entries:
    ( Make sure ALL browser windows are closed when you click FIX )

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

    R3 - URLSearchHook: (no name) - {62F67E15-99DA-CD09-A669-EB2B5B9DD897} - C:\WINDOWS\System32\ivosr.dll (file missing)

    O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
    O4 - HKCU\..\Run: [Obme] "C:\Program Files\imat\oaao.exe" -vt mt

    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com

    O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\f4l0le3m1h.dll (file missing)

    Again, make sure ALL browser windows are closed when you click FIX.

    Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

    C:\Program Files\imat Delete this whole folder if it exist!

    C:\WINDOWS\eee2.exe

    Next, run CCleaner to clean up cookies and temp files.

    Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.

    Note: Remember to get all updates before doing the scans.



    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    • Temporary Files
    • Temporary Internet Files
    • Recycle Bin
    And Click OK.


    After you complete the above, REBOOT and proceed with the rest of this fix...

    Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:


    • Disable and Re-enable System Restore

    • Turn OFF System Restore to flush any bad Restore Points.

    • Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.
    After you complete the above reboot once more and then scan with HijackThis and attach the new log.

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds