540.filost.com, mirar and possibly other problems...

I started out noticing the 540.filost pop up, then I managed to find Mirar, but I can't seem to get rid of any of it. Here is my HJT log, and attached Bitdefender log, and Activescan log.

• Edit by bjgarrick: Unrequested, Inline, Out dated HJT log removed!

 

Your HJT version is extremely out dated, please update the the latest version and atatch a fresh log.

• Hijack This 1.99.1

 

Sorry 'bout that. thought I had downloaded the latest version. Here is the latest Log

Inline log attached!

 

Please attach ALL logs as attachments to your post.

Please see the below thread on how to install and run Ewido Security Suite.

• Running Ewido Security Suite ...

 

View attachment hijackthis.log

View attachment Scan report_20060107.txt.txt

Here they are. pop up for 540.filost still popped when I first opened browser in normal mode.

 

Your using that stupid paper clip, attach your logs using the Manage Attachment feature.

 

won't let me re-attach to a new post. Says they are already attached to precious post. And I don't see anyway to edit my previous post.

 

Rename the logs and attach them, if you still cant paste them inline and I will convert them to attachments for you.

 

renaming doesnt work so here they are inline

Inline logs attached!

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)

O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\vbsys2.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, procede with the below...

I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete this fix, reboot and attach a fresh HJT log and let me know how things are running.

 

looks like it is all clean. Just a few problems with my connection not happening on startup, but I can work on that myself. I have attached the new HJT log.

 

Your HJT log is clean, about your connection problem, can you elaborate on this?

 

nothing major. I encountered a c++ runtime error after I rebooted the first time, now it won't connect on startup. I just have to manually connect it now. I will figure it out. I might re-install my isp's software.

 

Got it. It just cleared the ip addy I had entered into the local lan. It was trying to find an IP auto and holding up the process.

 

Glad you got it fixed up, you should now see this article on How to Protect yourself from malware!

Surf Safely!

 

I am usually very careful, had this comp over 2 years and this is the first time I have had a problem, don't know how I ended up with this one.

 

Follow the "How To Protect" thread, surf wisely and you'll be fine.