1. aviano_2004

    aviano_2004 Private E-2

    OK, where to begin......

    DH is deployed right now. To contact him this time, we have the ability to use a 'portal' which allows a function similar to IMing. Up until 9 days ago, or so, this method worked. It was then that my laptop began booting me off the internet everytime I'd try and connect to that site. Then, after my dd stated that her computer was not letting her log in to talk to her Dad, I sat down to figure out just why this was happening.

    We have 3 computers. One computer is connected directly via DSL to the internet. The other is a laptop, wirelessly (lol, is that a word?) connected to the first computer, and the third is my dd's, and it has a wireless card connected to the first, as well.

    After attempting repeatedly to remedy the situation on DD's computer, I attempted to log in via the other (directly connected) PC. I was surprised to see that I was also not able to log in there, nor was I able to have access via the laptop.

    So....I found this majorgeeks.com site.

    I tried a few fixes on DD's computer, not related to spyware, etc. It hit me that it would make more sense to try to access the site on our newest computer: The laptop. DDs has Windows 98, and has way too much stuff on it that is old and should be removed.

    We run PC-Cillin on all three computers, without any hint of any problems. Prior to now we've had Spybot SD, AdAware, Spyware Doctor and Spyware Blaster. Additionally, we have Toni Arts for the CC type of cleaning.

    I began to follow the steps on the READ THIS etc on this site on our laptop. I realized that for some weird reason, I was missing a TON of updates from Windows/IE. I was even prompted me to verify, and install a program to prove that I was the original owner of the XP operating system. (I did this) UGH. So, at that point, I decided that it was time to go to the source of things: The PC directly connected to the DSL.

    I followed word by word the instructions on the READ THIS post to fix the PC. I began to find multiple trojans (!) viruses, and other malware. I got to the point where I was to delete items off of the Hijack This log....... It was then that I realized that instead of deleting what followed the rundll32 (order may be incorrect) I had actually deleted the rundll32!!!!

    UGH!!!

    OK, so at this point, I began to start troubleshooting things. I go back to the laptop (I haven't, and won't touch DD's computer unless necessary.) After thinking, doing all the windows updates and reading and etc, etc., I think there is a problem with the JAVA. SO, I delete the Windows VM and reinstall Sun's. Still no luck. I get the big X in the upper left hand corner of the Java window. BUT.....this is actually GOOD!!!! Prior to now, I was completely unable to even access the Portal (IM) site. (BTW, I had several people check around the world to verify that they could sign on to this site with my password, and that the site wasn't the problem)

    SO....what do I do now?

    YES, I plan on installing Firefox. YES, I plan on obtaining one of the free firewalls recommended. NO, I do not plan on renewing my subscription on the 14th of this month to PC-Cillin, and will instead go with one of the freebies. (I'm not totally against PC-Cillin', but I have to figure out why it let so many virusae in!!!!!)

    I read that there is a way to use my original XP disc to reinstall the rundll on the standalone PC. But, how do I access the remedy that Java recommends of using proxy ports? OH....I should mention that we are currently stationed in Italy and have an italian internet connection. LOL, yes I looked online to see if they had the proxy settings..

    I thank you in advance for any, and all, replies. I do have my HIJACK THIS logs from yesterday/last night. I can do as many, or as few, of the steps necessary over again to clear the system (s) Since yesterday I've ended up doing other things (normal computer stuff) on these computers when they ended up not working again. So, I might need to re-do everything.

    OH, and btw, is it normal to get the HS removal screen as a home page after running the program? AND, my HIJACK this log is still showing about:blank on the R:O (or R:1).

    Thank you very much for reading this.

    Ciao,
    Cindy
     
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    For the computer with the malware problems, please follow the below:

    [​IMG] Download HijackThis 1.99.1

    [​IMG] Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    [​IMG] Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

    [​IMG]Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    [​IMG]Run HijackThis and save your log file.

    [​IMG] Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

    [​IMG]Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
     
  3. aviano_2004

    aviano_2004 Private E-2

    Thank you for the reply!
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Scan with HijackThis and Check the Boxes for the following:

    Make sure All Browser Windows are Closed when you Click FIX.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    Again, make sure All Browser Windows are Closed when you Click FIX.

    NEXT:
    Run CCleaner to clean up cookies and temp files.

    Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
    Note: Remember to get all updates before doing the scans.

    Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    After you complete the above, reboot and let me know if any problems remain.
     
  5. aviano_2004

    aviano_2004 Private E-2

    Hi there,

    Thank you for the help. Here is what has transpired.

    I did what you recommended w/ HJT, ran CCleaner, then scanned in first safe, then regular modes with Ad-Aware and SS&D. Also, I ran the cleanmgr. I've attached a HJT log that I ran after I did the above items.

    I did bring up my browser page for the first time, the home page was " about:blank " Is that normal? I changed it.

    I attempted to log on to the IM portal site that has been inaccessible to me this past week, and not surprisingly it is still unavailable. At this point should I take this thread over to the software support area?

    I know I'm going to need help with the following on this computer:

    1) Reinstalling the RunSystem32dll (hmm, I know I've put that in the wrong order) possibly using the XP disc???
    2) After reinstalling that, I still need to remove the old Microsoft Virtual Machine and reinstall Sun Java.
    3) Since I'm at this same point on my laptop, I'm pretty certain that I will need help figuring out on both computers why I'm still unable to use the Java to access the site I need to. (the IM portal)

    *whew*!

    I will, however, be back to this thread when I begin the virus/spyware removal and re-removal on the other two computers ;)


    THANK YOU!!!!
    Cindy
     

    Attached Files:

    Last edited: Aug 2, 2005
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Your HJT log looks clean so you should be malware free. Now for the other problems you mentioned, I would post them in the Software Forum. If needed you will be sent back here for further removal.

    Good Luck!:)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds