About:Blank - Removal

Leezza · Mar 12, 2005

Good Morning,

I've just printd out all your instructions from the Generic Solution to "Only the Best" and I'm now reading through them before I start.

First problem...I can not get into "My Computer" each time I try the system crashes (freezes) and my only option is to restart.

So, is there another way to 'enable viewing of hidden' files.

In the meantime, I'm off to download some more of the programs needed and will be back for more help.

To me this is VERY technical and the last thing I want to do is make my computer worse or delete a file I need, so I'm going to take it VERY slowly.

Leezza · Mar 12, 2005

UPDATE:

I downloaded the programs (i.e. HiJackthis, Process Explorer, etc)., and saved them into Program files, as suggested.

MAJOR PROBLEM:

I can NOT open: Windows Explorer, My Computer, My Documents and on and on and on....so I can't even get into these files now to run them.

I can open IE (opens to about:blank, of course) and then manage to use my favorities to get here. I can use my email and I can open word, but I can't do much of anything else without the system "Freezing"!

Needless to say, I've had to use Control-Alt-Delete about 100 times today already just to get back into anything.

Also, when I boot into safe mode "my user name" doesn't show, I can log on as "Administrator", but that's it. Also can't run Norton Antivirus in safe mode etc.

NOW WHAT! HELP ME PLEASE!

Can I try downloading and running from the desktop, I know you said not too, but what other choice do I have.

If I look in "Start" programs, the new downloads are not there!

THANX!
Leezza

webyourbusiness · Mar 12, 2005

Leezza said:

First problem...I can not get into "My Computer" each time I try the system crashes (freezes) and my only option is to restart.

So, is there another way to 'enable viewing of hidden' files.
Click to expand...

did you reboot into safe mode, or are you doing this in "normal" windows mode?

Leezza · Mar 12, 2005

Ok....I can get into "My Computer" and Windows Explorer in 'Safe Mode' and now have fixed the view to show all files.

Next - The only way I've found to be able to run the HiJack program was from the Desktop (I know I'm not suppossed to, but since I can't open My Documents, Programs or Windows Explorer I could not figure out any way to do it).

Needless to say, it may be wrong, but I able at last to create a hijack logfile that I saved in notepad.

Now what?

chaslang · Mar 12, 2005

Are you sure you have the type of about:Blank covered in the Generic Procedure. Can you follow the steps in the Generic Procedure or are your problems preventing that.

You do not need Windows Explorer to open HijackThis.exe and you can put a shortcut on your Desktop which will run the EXE from the correct location (which will not be the Desktop). Putting the EXE on your Desktop is what we do not want.

Have you tried the standard cleanup procedures:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Leezza · Mar 12, 2005

I have run Lavasoft Adware, Spybot, and even Microsoft's beta verison. All find spyware and delete it, but it comes back over and over.

When I start the computer, it loads IE to about:blank as a home page and shows several pop-ups - Also has added four links to my favorites called: Only Sex Website, Search the web, Seven days of Free Porn and a folder called Sites about.

The about:blank page, looks like a phony msn type search page. Everything I've read on your site sure makes me believe this is what I have, although as you can tell I'm not a techie...so this is my best guess.

I'm able to do very little with the system currently because of the freezes and crashes. I did run the hijack program, can't say where it unzipped to, because I can not get into "explorer" to look and it did not ask me where to unzip it to, so I'm not sure.

That was step one, so that is where I'm kind of stuck already, but would appreciate your help!

PS: Also Run Norton Internet Security 2005 and have it up to date at all time. Somehow, I think my son inadvertantly let this monster in, despite "Parental Controls". I thought my computer was safe and secure...I can see now it was NOT!

Thank you again....and please understand I'm trying to follow each step specifically, but having so many crashes/freezes is making it very difficult to say the least.

chaslang · Mar 12, 2005

See if you can do the following and get me the HijackThis log. Make sure you are in normal boot mode.
Do not reboot or shutdown after posting because that can cause mutation of the problems.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Leezza · Mar 12, 2005

Ok....I tried again to download and save HiJack this to Program Files, but then because I can't us Explorer, My computer etc., I can't get to it.

So even though you said not to, the only way I can seem to run it was from the desktop, sorry but I am unable to figure out any other way to do it without freezing the computer.

I've attached the log, I hope you get it and I hope you can help!

VERY FRUSTRATED AND CONFUSED!

Thanks

chaslang · Mar 12, 2005

You don't need explorer to save it to that directory. You can do all of that right from WinZip that I see you have running. It allows you to choose where to extract files to and even allows you to browse and create new folders. I looking at you log now. You definitely have an HSA hijacker.

Leezza · Mar 12, 2005

Well thank you for that news....I'll check back first thing in the morning for an update from you. I'm exhausted with a migraine....been trying to fix this 'darn' thing since it first popped up on Wednesday. Thanks a million for all your help. I'll look forward to more updates in the morning..

Just too burnt out tonight to go any further...!

Good Night...and again....many, many thanx...see you tomorrow!!

chaslang · Mar 12, 2005

Are you loading IE at startup on purpose?
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

I will be suggesting to remove that item from startup unless it is required for some reason.

Leezza · Mar 12, 2005

No...I'm not....at least that is one thing I know how to do, so before I signed off - I'll use msconfig and get the IE out of the startup!

Leezza · Mar 12, 2005

Back again, after another freeze and crash....but am I right to disable it under the startup tab on msconfig??

chaslang · Mar 12, 2005

Don't use msconfig anymore as a fix for things like that?

Make sure you have both about:Buster and HSremove downloaded from the READ ME FIRST. And make sure you have UPDATED the database for about:buster. I believe it is up to number 25.

You need to print or save these instructions locally because after this reading this sentence you will need to physically unplug your connection from your cable, ADSL, or dial-up modem to your PC and then you MUST exit all browsers and DO NOT run any again until requested.

Okay, unplug your internet connection and exit browsers now!!!!

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\winqh32.exe
C:\WINDOWS\system32\apizu32.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now (DO NOT OPEN ANOTHER BROWSER UNTIL AFTER POWER DOWN AND POWER UP, see below):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mhnan.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {04F5DB37-A709-7E2A-A8A2-49B31757F0DC} - C:\WINDOWS\system32\apioz32.dll
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apizu32.exe] C:\WINDOWS\system32\apizu32.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94837F90-A2CA-4A8A-9DA0-B5438EC563EA} - http://install.wildtangent.com/activelauncher/activelaunchersetup.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/blasterball2Remix/install.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.14.22/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/player/Install3.0/Installer.exe

Then exit HJT after clicking FIX

Run Windows Explorer and look for and try to delete (sort the listing in windows explorer by Modification dates and look for possibly other similarly name files from the same date - let me know if you find others):
C:\WINDOWS\mhnan.dll
C:\WINDOWS\system32\apioz32.dll
C:\WINDOWS\winqh32.exe
C:\WINDOWS\system32\apizu32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If you cannot find or delete them, note which ones and continue (tell me the results when you come back here).

- Run about:Buster and save the log to ab1.log (make sure you let it do the second scan).

- NOW PULL THE POWER PLUG TO YOUR PC! Yes, you read that correctly. This is very important! I do not want you to power down the normal way.

- After that wait a minute or two and then power up into safe mode (still with no internet connection available and do not open any browsers). Only run what I request.

- Empty your Recycle Bin and delete all files in the c:\windows\prefetch folder. In fact as an additional measure do the following, run Ccleaner that you installed while running the READ ME FIRST.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

- Run HSremove and then run about:Buster again and save the log to ab2.log (let it do second scan)!

- Immediately after about:buster completes, reboot in normal mode. (you do not need to pull the powser plug here. Just reboot.)

- Plug your cable to the internet back in now.

- Open and close a couple of IE sessions and then with IE closed get a new HJT log.

- Now come back here and post both about:Buster logs and the new HJT log. And tell me what happened during the procedure.

Let me know anything else that you notice.

Leezza · Mar 12, 2005

Ok.....will work on this task and write again in the morning....obviously I've been very misinformed on using msconfig for disabling startup options.

Talk with you tomorrow...I'm sure!! Have an nice night and again thank you.

I've saved all these posts to my desktop and am printing them out currently to hopefully resolve this!

Bye and Goodnight!

chaslang · Mar 12, 2005

Leezza said:

Ok.....will work on this task and write again in the morning....obviously I've been very misinformed on using msconfig for disabling startup options.

Talk with you tomorrow...I'm sure!! Have an nice night and again thank you.

I've saved all these posts to my desktop and am printing them out currently to hopefully resolve this!

Bye and Goodnight!
Click to expand...

No you can use msconfig to disable startups, but it is just not a good method to use permanently. There are startup managers that are better suited for this. Also many times things that people stop from loading at startup, they never need. So it is best to fix it so they do not load ever (without even using msconfig).

Leezza · Mar 13, 2005

Good Morning!

I believe I have now completed all the tasks you gave me.

Couple of notes:

When I first ran Hijack This - Process Manager, None of the four that you mentioned to Kill where there?

I did successfully delete (FIX) all the lines you have given me to delete. Then when I went to delete the files you mentioned in Window Explorer the only one I could find was C:\Windows\mhnan.dll, I deleted that one but could not find the others.

Then I ran the about:buster and a log file was saved...(will be attached) and pulled the plug and continued the next steps in "Safe" mode.

I emptied Recycle, deleted all files in windows/prefetch etc.,

Ran HS remove and Ran about:buster again....when it got to the point to save log, it saved into one log but shows both scans.

Then I rebooted and reconnected my internet etc. and now I'm back.

The New HJT Log and the About Blaster logs are attached.

PS: Things are somewhat better, but it's not totally gone....my web page is trying to back to about:blank, but the Microsoft Antispyware program is "blocking" it thankfully.

Also, computer is still freezing...because of Dr. Watson, which was unable to be stopped.

Please advise what to do next! Thank You!

geekwithafirewall · Mar 13, 2005

hey where can I get a good reliable free fire wall? email It to me because I dont come here alot

Leezza · Mar 13, 2005

UPDATE:
I think things are improving.....I ran the entire process again and so far, everything is better. My Microsoft Antispyware (which runs at all times), is telling me that about:blank is trying to reset itself as the home page, but I'm not allowing it and it's blocked. So big improvements.

I do think there are still some "fishy" looking files so I'm attaching most UPDATED
HiJack and About:Buster logs.

Please let me know what else I should do to keep this from coming back and which files I should still fix in the HiJack log, if any!

THANKS A MILLION FOR YOUR HELP!
Ooops forgot to attach the logs the first time, but here there are:

chaslang · Mar 13, 2005

You only posted one AB log. I really needed to see both. Was the one you posted the first one or second one. There was a load of bad stuff shown. You still have problems visible in you HJT log. If you have powered down or rebooted since posting it, the problems could have mutated. Either way, please do the following. Run About:Buster in normal boot mode (and let it do second pass scan) save the log (ab3.txt). Immediately reboot to safe mode and run About:Buster again (and let it do second pass scan) save the log (ab4.txt). Now reboot into normal mode and post a HJT log and do not reboot or power down. Wait for a fix. You can disconnect from the Internet (even unplug the internet connection cable to be safe) but no reboots.

Leezza · Mar 13, 2005

Hi again,

About the Logs....when the program finishes the scans the program seems to save the log into the original log files, at the end of the logs, it seems to shows all the scan from today, but the last is at the end of the log file. I can't figure out how to save it under another file, as it does not give me the option to "Save As" setc...in the meantime, all was well and then I went into my another user (My Son's) who is the culprit in the case and the foolish thing was back in his profile.

So I ran all the steps again under his profile and all seems well again.

I'll attach the latest log (the last scans are at the bottom), as of this moment everything seems good under all the "users"...I done the task you showed my under each user account and I think (or I hope that solved my problem).

Please let me know....and if I do need to save do this again and save another log, how can I do it, since the program saves it automatically to the same log?

Thank you again.

Leezza · Mar 13, 2005

Everything's still good (so far), here is my latest HiJack log, that I just ran!

chaslang · Mar 13, 2005

Is this last log for the same user account as the one in message # 19. This last one does not show the problems in the R0 & R1 lines.

You need to run msconfig and enable Normal Startup so we can see what else would be loading in normal conditions.

Is MS Antispyware still detecting and blocking home page changes. If so, we may need to disable MS Antispyware so we can see and fix the problems. Blocking the problem does not remove and fix it which is the real desired solution.

Leezza · Mar 13, 2005

The last log is under the last my user name and I did delete more RO lines prior to that last log.

Also, as of now the MS antispy is not trying to block any websites from loading, everying is staying on the home page we've set.

All users seem fine. I just ran a lavasoft spyware scan and microsoft scan and NO spyware was found.

Shall I use msconfig and allow all the startups and run another Hijack scan?

chaslang · Mar 13, 2005

Yes! Change msconfig to Normal Startup and then reboot your PC. After reboot open and close one browser. Note if you get any messages. Now post a new HJT log.

Leezza · Mar 13, 2005

Ok.....changed msconig to normal start-up and alot of old things are there again, but good news is IE is working fine and it loaded to my normal home page, no messages, no warnings etc....YEAH! So that seems fine

I'm attaching the latest HJ log that I just ran! Please tell me what I need to delete so all these "old" things won't try to run at start-up.

Also, does it look like the "nasty" thing is finally gone!

chaslang · Mar 13, 2005

See! This is why I don't like people to use msconfig.

First look to see if any of the below are in Add/Remove programs. If they are uninstall them:
WildTangent
SAHBundle
Internet Optimizer
BearShare

If you don't use or don't want QuickTime uninstall it. If you just do not want the qttask.exe file to load (if is not needed) we can fix that line later with HJT. I did not add it below. That's up to you.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Brian\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\WildTangent <--- the whole folder
C:\Program Files\Internet Optimizer <--- the whole folder
C:\Program Files\BearShare <--- the whole folder
c:\temp\salm.exe
C:\Documents and Settings\Brian\Local Settings\Temp\bundle.exe <--- delete all files and subfolders in this Temp folder (note: some will be denied - just skip them and continue)

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

Now run Ccleaner!

Now we need to Reset Web Settings (MS-AS my block or at least intercept this - allow the majorgeeks home page change. I want to see it take effect. You can always change it to something else later).
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

Leezza · Mar 13, 2005

Ok, before I start a few things I know -
Wild Tangent, SAHBunder, Internet Optimizer and Bearshare are not longer showing in ADD/REMOVE PROGRAMS, but I will remove Quicktime.

After that should I be disconneted from the internet before I run and fix the items you've indicated in from the last log? Or, just out of IE?

Leezza · Mar 13, 2005

Ok....I've done all the new tasks and attached is my latest HiJack Log

And again, everything is running smoothly, as least right now.

Couple of questions:
When I boot to "Safe Mode" there are only two users showing (Administrator and Alex (my son), I never see my user account, nor the other two family members.

Is there a way I can make it show all users, so I don't have to go on as Administrator?

Also, what do I need to delete from the HiJack to log to keep the following from startup?

WinZip
Verizon Online Help

Everything else seems good.

THANK YOU VERY MUCH AGAIN!

And lastly, do you have any idea how we ended up with the "nasty" trojan? How can I prevent my kids from getting it again. I tell them over and over not to go to strange websites and not to download things, but obviously they have.

And...why didn't Norton or my spyware or any of my "security" programs keep this from happening? Any idea?

THANKS AGAIN!
Leezza

chaslang · Mar 13, 2005

You're welcome.

Only Administrator accounts can boot in safe mode. If you are not seeing all administrator accounts, make sure the mouse cursor is in the middle of the screen where the account show and either hit the down arrow key or use the mouse wheel (if you have a wheel mouse) to scroll down and see more accounts.

You can have HJT fix the following entries if you do not want them to load:
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

Keep the HJT backup file from this date and you can restore these entries if you ever need them.

Problems like this can come from any number of methods. Software you download and install, site you go to, having improperly protected systems, etc. Safe surfing starts with the end user. No AV or spyware blocking package (or firewall for that matter) can protect you from everything especially yourself. Be careful what you click on and read license agreements and messages that come on the screen. Quite often they word them tricky to and the answer you want could be the opposite of what you think. (Like click Yes if you do not want this instead of clicking No which would install it.) Malware changes every day and it is not easy to keep up with it.

You should follow all the steps in the below link (or their equivalents) to help avoid future problems (I said avoid because an absolute prevent is not possible):

How to Protect yourself from malware!

Leezza · Mar 14, 2005

Good Morning,

Thank you again for all your help. Without your help and your website I seriously doubt I could have solved my problems....it's a life saver!

It's my kids who are the culprits, all the "crap" was in their folders.....I'm going to disable some more "Active X" items and follow some more of the instructions from the Malware link you provided.

In the interim, I've banned them from the computer, until I can make certain this "nasty" trojan is gone and I can update more secure features.

I've always run a Virus Program, Anti Spyware program and always kept on top of updates to them, as well as Windows..., but like you said, there are new things that pop up everyday.

Now I need to make sure my older son, gets his computer better protected, as he's "always" online and luckily has not run into this problem. It was the younger one this time caused the problem.

Again, many thanks.....I'm keeping this site as my homepage, as it's been of such a great help...and I'll be sure to recommend it to others.

Leezza

chaslang · Mar 14, 2005

You're welcome! Happy to help! You should check out your other son's PC. The are many forms of malware out there that hide themselves. That is they do not show you any visible forms of problems. They just try to work behind the scenes so that you never know they are there.

Leezza · Mar 15, 2005

One quick questions --
During all this "repair" work I rec'd an odd message a couple of times when rebotting.

It was during the "black screen" and said something about IDE configuration....asked to run Set-Up, and then said something about the clock, but then it said something to the effect of restoring IDE config....it all goes fairly quickly so I'm may have not remember this exactly.

Anyway, windows did continue to start (without me doing anything), but when I was finally on, the clock was set back to a date in September 2000 or 2001. So I adjusted the time and date and all seemed fine.

This did NOT happen today and like I said it didn't happen often just a couple of times.

Is there something I need to fix, and/or if it happens again, should I run SETUP and if so, what do I do?

Thanks again.
Leezza

Leezza · Mar 17, 2005

UPDATE!

Computer has been great for the past two days, but this morning at boot up I saw the ID configuration message again...and again Windows loaded, but the clock was set back to September 2001. I re-set the clock again and all seems well, but I'm wondering why this is happening and how/if there is a permanent fix for it?

Thanx

chaslang · Mar 17, 2005

Can you provide more specific information and exact messages ? Also when do you get these messages, as soon as you boot, after BIOS screens but before windows loads, as windows is loading?

Leezza · Mar 18, 2005

Good News...it's not happening any longer, but when it did, it was in the bootup process on the black screen, prior to the "Windows" screen.

One more thing...

We have a computer at our office infected with the VUNDO thing...and I was working on it all day today with "OLD THUG", but had no luck and went home.

I'm home now, but will have to try again on Monday at work because otherwise they want the poor girl to call Dell and reformat her C-Drive - (Small company no network administrators or computer people to do that stuff for us).

Anyway, if you have time could you look through the thread from today and see if you have any suggestions.

THREAD IS NAME: Vundo Trojan - Cannot Remove! By leezza

It's nasty, because it won't let me Kill the Process - You'll see more info in the threads.

It says it's in the WINNI/MSAGENT folder, but when you go into the folder "view hidden files" turned on, there's no file there. Also tried seaching all of C drive for the file and it can't find anything with those names????

Maybe you've seen this...your help to me with my computer was superb, so I'm hoping you may be able to help with this.

THANK YOU AGAIN!

About:Blank - Removal

Leezza Private E-2

Leezza Private E-2

webyourbusiness Private E-2

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Attached Files:

geekwithafirewall Private E-2

Leezza Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Attached Files:

Leezza Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Leezza Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2

Leezza Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Leezza Private E-2