Inhoster Hijack.. I think. pls help

Discussion in 'Malware Help (A Specialist Will Reply)' started by XSnPX, Jan 15, 2007.

  1. XSnPX

    XSnPX Private E-2

    Hello to all...

    Ok firstly this is what originally happened -

    My PC has been infected and hijacked... I tried numourous scans and searches on the web to help me, but the problem persists...

    I have treid the following:- before getting to your site...

    I have NOD32 running and scans PC full control.. (set up properly.. )

    scanned with ad-aware, error doctor, registry cleaner, The Cleaner professional, and microsoft maiiciious tool... Now it does not find anything, but NOD32 did find the following..

    It quaranteened the W32/hoax.Renos.NAM

    and deleted form the temp folder 5 W32/Trojadownloader.Zlob

    I also had to delete a driver codec and a media player from my program list that was not suppose be there!!!

    The problem is that one of the infections changed my DNS settings in my connections to the values of 85.255.114.126 to 85.255.116.xxx

    These IP's seem to be Malware IP addresses.. Now in google, when i do a search and click on the link I want to go it re-directs me elsewhere, most ennoying, it does it only on the first search, 2 to 3 times.. the IP redirect i have is 85.255.114.126

    I repaired the DNS server and put the normal values in and they have not since changed... but my browser settings were not fixed and the hijack continues..

    I saw somewhere its called "inhoster" and when i click on link in google it goes through this type of URL:-

    http://85.255.114.126/click.php?PHPSESSID=0D121C2F64AB44A387BA3711F6EF9778&qq=aa978f03e9e0d336042e8812d607b044&id=1&qnaes={0D121C2F-64AB-44A3-87BA-3711F6EF9778}

    website i visit are

    keywordgazzett, primosearch, direct.gov.uk, webuyanycar.com.

    It seems depending on what i am originally looking for it will send me to something similar to the keywords...

    I tried system restore and did not help at all... and i am stuck to where to go now

    SECOND STEP:

    I found your website and followed the guide to clean PC before posting error report...

    I used all the scans and guide from step 1 to 7 i am doing now, posting results.

    I will attach all the scan logs as mentioned...

    3 here first.
     

    Attached Files:

    XSnPX, Jan 15, 2007
    #1
  2. XSnPX

    XSnPX Private E-2

    and the following.. with the final hijackthis log.

    I thank you in advance if you can help.

    during the scans it did find a few more trojans.. but the problem persists..

    Thx

    Ben
     

    Attached Files:

    XSnPX, Jan 15, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Run this WareOut Removal and attach the requested log from it. Then continue on to the below.


    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 6

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment



    Now Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
    O3 - Toolbar: (no name) - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - (no file)
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{31867996-C0AF-4D60-BF9D-C10837F78FA3}: NameServer = 85.255.116.162,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B7F5B87-5EFE-4415-B22D-C70868136E2A}: NameServer = 85.255.116.162,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B3F61D41-94F1-4CAE-82B5-B6A997534871}: NameServer = 85.255.116.162,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EC15DF54-BADE-41C5-8F2E-81173D70267A}: NameServer = 62.241.162.200,62.241.163.200
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.92
    O17 - HKLM\System\CS1\Services\Tcpip\..\{31867996-C0AF-4D60-BF9D-C10837F78FA3}: NameServer = 85.255.116.162,85.255.112.92
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.92
    O17 - HKLM\System\CS2\Services\Tcpip\..\{31867996-C0AF-4D60-BF9D-C10837F78FA3}: NameServer = 85.255.116.162,85.255.112.92
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.162 85.255.112.92
    O18 - Protocol: bw+0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {729ABBDC-B7CA-49E1-8B4B-F449A8F84AC8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.
    Now reboot in normal mode

    Now attach the below new logs and tell me how the above steps went.
    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!
     
    chaslang, Jan 16, 2007
    #3
  4. XSnPX

    XSnPX Private E-2

    Thank you very much for the quick reply -

    attached are the new logs..

    as far as i can see the problem has gone..
    however during the wareout scan was not able to connect to internet when i selected obtain all automatically so had to re input values for my ip address -

    Internet seems to work a lot quicker - i think its cured..

    let me know if i need to do anything else..

    many thx once again for your great help and forum!

    btw shownew.txt was empty so was unable to attach it.

    Ben
     

    Attached Files:

    XSnPX, Jan 16, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I think you meant runkeys.txt log from GetRunKey. It is not empty! You did not run it properly this time. You ran it from the ZIP file. Delete the ZIP files and run the .bat file like you did the first time.

    You also did not run ShowNew properly and you also ran HijackThis improperly from the ZIP file too!

    Please run all scans properly like you did the first time and attach new logs.

    You also did not attach the log from FixWareOut as requested! I need to see this log to make sure no other problems exist.
     
    chaslang, Jan 17, 2007
    #5
  6. XSnPX

    XSnPX Private E-2

    totally correct - was in the scans and missed it - i do apologise here they all are below...

    thx for the heads up...
     

    Attached Files:

    XSnPX, Jan 17, 2007
    #6
  7. XSnPX

    XSnPX Private E-2

    thank you again!
     

    Attached Files:

    XSnPX, Jan 17, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's better but you did not install Sun Java from the link I gave you in message # 3. As a result you installed another old version. Uninstall the below:


    J2SE Runtime Environment 5.0 Update 10

    And this time install from the link I gave to you.

    Then delete the below folders:
    C:\Documents and Settings\Mr Benoit Panissie\Local Settings\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software
    C:\Program Files\Viewpoint


    Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Jan 17, 2007
    #8
  9. XSnPX

    XSnPX Private E-2

    WOW
    thank you very much for everything... little buggers they are these infections!!!

    I am at work currently, but will finsih the set-up this evening when i am home.

    as for sun java, did not use the link - just went straight to the website. will start that one again...

    I will also read how to protect myself further...

    should i post the logs again? after this process or is it ok now?

    what is the best program to image your whole HD? might do this as i have a clean system, tehn if anything happened, i could go back to this point in time through the image file - as read the system restore of MS sometime does not really work properly...

    again thank you for everything.

    Ben!
     
    XSnPX, Jan 17, 2007
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No that is not necessary. We are finished. ;)

    That question would be better addressed in the Software Forum where you can get more viewpoints. I would suggest however that you also take a look at the below Back Up file folder with a lot of tools related to this.

    http://www.majorgeeks.com/downloads3.html
     
    chaslang, Jan 17, 2007
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds