Can't get rid of oldgames.se & 540.filofist.com

Discussion in 'Malware Help (A Specialist Will Reply)' started by speedracergrrl, May 14, 2005.

  1. speedracergrrl

    speedracergrrl Private E-2

    Hope I'm doing this right - need some serious help b/c my computer is running slower and slower and 3/4 of the time I can't get websites to pull up. Also oldgames.se and 540.filofist.com are popping up occasionally.
    Let me know if you need anything else and I'll do my best.

    Edit by chaslang: Unrequested inline log removed
     
    Last edited by a moderator: May 15, 2005
    speedracergrrl, May 14, 2005
    #1
  2. speedracergrrl

    speedracergrrl Private E-2

    I didn't realize I wasn't supposed to post the Hijack THis log and am trying to edit my post but it's not giving me an edit button. New problem as well - windows are popping up (when I'm not connected) saying "You (or a program) have requested information from ________ CLick here to connect" These are the addresses its given me: bearshare.net, g2.instantnetworks.net, gwc.wodi.org, www25.brinkster.com, g2.sbicomputing.com. TIA for any help and sorry about posting the log. If I could get an edit button I would take it off but there isn't one.
     
    speedracergrrl, May 15, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read the announcement and sticky threads. HJT logs should only be posted when requested. HJT should also be run in normal boot mode.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 15, 2005
    #3
  4. speedracergrrl

    speedracergrrl Private E-2

    Re: Can't get rid of oldgames.se & 540.filost.com

    Still need help. Ok, as far as running all the programs and everything, did most of it. The TrendMicro scan wouldn't work because it kept stopping downloading (another symptom of my computer's sickness). And I wasn't able to do the Safe Mode with Networking Support because when I tried to connect to the internet it said "please install a modem" or something like that. And when I clicked on networking in control panel it was just blank. All the other programs basically found nothing, stuff like Alexa and things like that, nothing really malicious I don't think. I think Spybot S&D found a few things and Ad-Aware found a couple of things but nothing to fix my problem. I've seen other threads addressing this particular pop-up and couldn't find the files they said to delete to fix it. So I would appreciate some help, thanks. And it's not filofist, it's www.filost.com, some sex website, and oldgames.se. Thanks
     

    Attached Files:

    speedracergrrl, May 25, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Can't get rid of oldgames.se & 540.filost.com

    Okay the first thing I notice is that your OS and IE versions are way out of date. This represents a major security risk to you. After we fix your current problems, you MUST get updated.

    You must remember to exit browsers ( C:\Program Files\Internet Explorer\IEXPLORE.EXE ) before running HijackThis.

    Is this below dialer.exe program something you know about?
    C:\Program Files\FNBnet Dialup\dialer.exe

    That really seems suspicious to me.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/04dfffd47c8ff5626005/netzip/RdxIE601.cab
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\vbsys2.dll

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, May 25, 2005
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds