MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 01-29-06, 21:27
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Long time reader, first time poster...Big time problem...

Hello, folks.

I'd just like to say that I have been coming here for quite some time and never even needed to make a single post because you had all the answers waiting for me, and I should thank you all a great deal for that. One of the finest communities on the web, and I'm proud to say I've linked at least a couple of dozen people to these boards, if not more. They all have recieved great help as well.

This time, however, I don't think I am capable of helping myself, and I think I require the assistance of a pro. I myself, while having been able to help myself before, really have very little knowledge of this stuff. Now, I did almost everything in the READ ME AND RUN ME FIRST thread, a few things I was not able to do. I think I know which malware problems I have, I am just unsure of how to rid myself of them, and I'd rather not take a chance and delete something important.

Anyway, I have attached my HiJack This log file, hopefully someone can find the time to help me as this site has many many times before.

Thanks, all the best...

-Eric

Last edited by Sting36e; 01-30-06 at 05:20..
Reply With Quote
Sponsored links
  #2  
Old 01-29-06, 21:30
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

I need the logs from the two online scans listed in the READ ME.

Quote:
6: Online Virus And Trojan Scanning

Please run the below two online scanning tools and make sure you save and attach the logs later to any request for help that you post. From step 5 you should already be in safe mode but you will need to reconnect your cable now and possibly reboot and choose Safe Mode with Networking Support. If you cannot connect in safe mode for any reason (like dial-up users), run the online scanners in normal boot mode. You will need to use Internet Explorer to run these online scans.

*** MAKE SURE YOU RUN BITDEFENDER BEFORE PANDA ACTIVE SCAN ***
  • Bitdefender agree to the license and then select Scan. Once Bitdefender completes the scan:

    Click-on Click here to view the report

    When the window comes up with the report. Click File, Save As.... and then change the Save as type to Text File (*.txt)

    Change the file name to something short like bdscan1.txt

    Then save it to your Desktop or anywhere else you can find it to upload here as an attachment.

    Post the bdscan1.txt file as an ATTACHMENT.
  • Panda ActiveScan It will only fix certain viruses and trojans. Most items found will not be fixed. When it finishes the scan click on See Report . Then in the next window click Save Report. The default report name is Activescan.txt. Just save it where you can find it so you can attach to your message when you begin a thread with a request for help.

Then, please see the below thread on running the L2MeFix Tool.
Reply With Quote
  #3  
Old 01-29-06, 21:40
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

I wasn't able to run either unfortunately. In the BitDefender case, it just didn't allow me to click on the button to begin the scan. It was as if it wasn't a link to something, just a picture on the page. In the Panda case, once it got to the part where it told me to choose a device, I would, and nothing happened. The Int. Explorer stat us bar would say Error. I don't know what to do about either.
Reply With Quote
  #4  
Old 01-29-06, 21:41
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

Quote:
Originally Posted by Sting36e
I wasn't able to run either unfortunately. In the BitDefender case, it just didn't allow me to click on the button to begin the scan. It was as if it wasn't a link to something, just a picture on the page. In the Panda case, once it got to the part where it told me to choose a device, I would, and nothing happened. The Int. Explorer stat us bar would say Error. I don't know what to do about either.
Okay, just run the Look2Me VX2 Removal thread then post a fresh HJT log.
Reply With Quote
  #5  
Old 01-29-06, 21:57
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

All right, first, here are my two logs after the Look2Me VX2 Removal thread...I hope I did this correctly.

Last edited by Sting36e; 01-30-06 at 05:20..
Reply With Quote
Sponsored links
  #6  
Old 01-29-06, 21:58
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

Next, see the below threads on how to install and run Spy Sweeper and Ewido Anti-Malware. After you ran both programs, attach the logs to your next post along with a fresh HJT log from normal mode.
Reply With Quote
  #7  
Old 01-29-06, 21:59
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

...And here is a fresh copy of the HJT log

Something tells me I made a mistake.

Last edited by Sting36e; 01-30-06 at 05:20..
Reply With Quote
  #8  
Old 01-29-06, 22:00
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

Quote:
Originally Posted by Sting36e
...And here is a fresh copy of the HJT log

Something tells me I made a mistake.
Looks as if it were removed but you have other issues we need to address as well. Go ahead and run the two programs in my previous post and attach those logs and we will go from there.
Reply With Quote
  #9  
Old 01-30-06, 05:22
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

I was unable to post these until now, but here they are. Nothing else was done to the computer except as instructed in those two threads.
Attached Files
File Type: txt Scanreport20060130.txt (4.2 KB, 5 views)
File Type: txt SpySweeperLog.txt (8.0 KB, 4 views)
File Type: log hijackthis.log (6.6 KB, 2 views)
Reply With Quote
  #10  
Old 01-30-06, 14:56
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

Bump.
Reply With Quote
Sponsored links
  #11  
Old 01-31-06, 01:49
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

Download AproposFix© by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.
Reply With Quote
  #12  
Old 02-05-06, 01:30
Sting36e Sting36e is offline
Private E-2
 
Join Date: Jan 2006
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Long time reader, first time poster...Big time problem...

I'm sorry, I had to go away suddenly for a few days. Anyway, here are the two logs. Hope there isn't much more, if anything, that needs to be done.

Thanks again.
Attached Files
File Type: txt log.txt (400 Bytes, 2 views)
File Type: log hijackthis.log (6.6 KB, 2 views)
Reply With Quote
  #13  
Old 02-05-06, 01:36
bjgarrick's Avatar
bjgarrick bjgarrick is offline
MajorGeeks Admin - Malware Expert
 
Join Date: Oct 2004
Location: Southern Alabama
Posts: 16,069
Thanks: 0
Thanked 224 Times in 221 Posts
Default Re: Long time reader, first time poster...Big time problem...

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spy Sweeper


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:[/FONT][/B]

eee2.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R3 - URLSearchHook: (no name) - {62F67E15-99DA-CD09-A669-EB2B5B9DD897} - C:\WINDOWS\System32\ivosr.dll (file missing)

O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKCU\..\Run: [Obme] "C:\Program Files\imat\oaao.exe" -vt mt

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\f4l0le3m1h.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\imat Delete this whole folder if it exist!

C:\WINDOWS\eee2.exe

Next, run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.

Note: Remember to get all updates before doing the scans.



Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
  • Temporary Files
  • Temporary Internet Files
  • Recycle Bin
And Click OK.


After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

  • Disable and Re-enable System Restore

  • Turn OFF System Restore to flush any bad Restore Points.

  • Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.
After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 04:03.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger