Help, cannot complete Scanning & Cleaning Step 1

Discussion in 'Malware Help (A Specialist Will Reply)' started by gsimerlink, Jun 5, 2005.

  1. gsimerlink

    gsimerlink Private E-2

    Hi,

    I have been infected by some nasty viruses. I treid to run the first step of the Scanning and Cleaning recomendations "Trend Micro's Free Online Virus Scan" and "Symantec Security Check" but at a certain point they cause my browser to crash (IE 6.0.2800.1106IC) I have treid these multiple times in safe mode with similar results.

    I have run Spybot SD and Ad-Aware and they have done the best they can do and say that everything has been cleaned. I ran hijack this and removed everything I was sure of using the tutorial. However, I know something is keeping me out.

    Do you have any suggestions on how to proceed? I do have a log file I can attach is requested.

    Thanks,
    Greg
     
    gsimerlink, Jun 5, 2005
    #1
  2. ProblemChild

    ProblemChild Private E-2

    i dunno im not an expert and im not a normal but im guessing you don't have the service packs for microsoft installed???

    is system restore there?
    New Installation?
    Reformat?
    go to Control Panel>Add and Remove Programs>Remove Windows Components>Check Internet Explorer>ok
    then go to www.microsoft.com and search Internet Explorer 6
    go to the first thing that pops up download it and it should work ok
    not sure as i say again not an expert anyone else gunna answer this???
    (My opinion on what i would do)
     
    ProblemChild, Jun 5, 2005
    #2
  3. gsimerlink

    gsimerlink Private E-2

    Problem Child,

    Thanks for the advice, but I already have the service packs installed. It seems to be hitting a specific file and shutting down. I haven't been able to zero in on the specific file due to it being burried deep in a dircetory and the view window appears to truncate the string.

    Thanks,
    Gsimerlink
     
    gsimerlink, Jun 5, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on you message I'm not sure if you have run ALL of the steps in the Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you have not, please finish running all of them (obviously skipping Trend Micro's online scan).

    After doing that, if you still have problems, make sure you properly follow the steps below to post your HJT log.


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 7, 2005
    #4
  5. gsimerlink

    gsimerlink Private E-2

    chaslang,

    Thank you for the reply and help. I have done as requested and am posting my Hijack This log file.

    I was not able to run "Trend Micro's Free Online Virus Scan", "Symantec Security Check" and "Stinger" due to the programs crashing or locking up my machine. I was able to run the other programs and clear out several problems.

    I still appear to have a few problems which are beyond my current grasp. Any and all help is greatly appreciated.

    Thank you,
    gsimerlink
     

    Attached Files:

    gsimerlink, Jun 12, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Your OS is way out of date and represents a major security risk. After we fix any current problems you must get updated. We will discuss that
    later.

    However the first problems is that you did not follow my directions. Please use the links we give you for all tools. You do not have the proper version of HijackThis. Please download the correct version and post a new log.
     
    chaslang, Jun 12, 2005
    #6
  7. gsimerlink

    gsimerlink Private E-2

    Sorry about that.

    I've downloaded the newer version and have attached a new log file.

    Thanks again,

    gsimerlink
     

    Attached Files:

    gsimerlink, Jun 12, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
    O4 - HKLM\..\Run: [chyhkd] C:\WINNT\chyhkd.exe
    O4 - HKLM\..\Run: [AppMasterCenter] NukeSpan.exe
    O4 - HKLM\..\Run: [mozilla-text] install2.exe
    O4 - HKCU\..\Run: [killall] prgsys0984.exe
    O4 - HKCU\..\Run: [ftbar] cmon14.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINNT\chyhkd.exe
    C:\WINNT\NukeSpan.exe or C:\WINNT\system32\NukeSpan.exe
    C:\WINNT\install2.exe or C:\WINNT\system32\install2.exe
    C:\WINNT\prgsys0984.exe or C:\WINNT\system32\prgsys0984.exe
    C:\WINNT\cmon14.exe or C:\WINNT\system32\cmon14.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jun 12, 2005
    #8
  9. gsimerlink

    gsimerlink Private E-2

    Hi,

    I was able to fix the items using Hijack This that you mentioned. However, I could not find any of the 5 .exe files mentioned in either the C:\WINNT or C:\WINNT\system32 directory. All hidden files were viewable.

    I tried seraching for the files, however my search always seems to crash in some subdirectory of C:\Documents and Settings I have also checked Task Manager and could not find any of those programs running. I was able to run Ccleaner though and it worked fine.

    I have not experienced any pop-ups or oddities as of yet.

    Thanks again for all your help so far,

    gsimerlink
     
    gsimerlink, Jun 13, 2005
    #9
  10. gsimerlink

    gsimerlink Private E-2

    Sorry, I must have forgotten to attach my log.
     

    Attached Files:

    gsimerlink, Jun 13, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're log is clean. Now you MUST do the steps in the below thread. The first of which is to go to Windows Update and get all of your updates and patches. You are way out of date.

    How to Protect yourself from malware!
     
    chaslang, Jun 13, 2005
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds