loadingwebsite.com problems

Have you run ALL the steps in: -READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal


If so, and you still have a problem, follow the steps below.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Re: IGetNet, Common Hijacker, & Loadingwebsite.com

You already have a thread started for you problem. You need to stay in one thread and follow the directions given in it.

I'm merging you back to the other thread.

 

Please follow the directions in message # 4. You do not even have the proper version of HijackThis. You also ignored the other steps.

 

Also please download LSP - Fix

Now run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the aklsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move aklsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.
Now repeat the above for dolsp.dll

Let me know when you finish this!

 

We seem to be having a problem with directions! You have HijackThis running from:
C:\Documents and Settings\Kevin\My Documents\Virus and Spyware Protection\HijackThis.exe

We specically request that it not be run from any sub-folder that is part of the C:\Documents and Settings folder. Please locate it as request.

Also do not reboot unless requested. Do not run anything unless requested. Just wait for me to give you the next steps.

 

Please download the following tools and save them where you will be able to find them. I save stuff like this to a C:\downloads\Spyware-Stuff folder and I put each in their own subfolder. It makes it easy to find. Make sure you download them from the links below:

L2MeFix Tool

Generic Detection Tool - NT/2000/XP

VX2.BetterInternet Finder XP/2k - Version Msg126

Pocket KillBox

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Please print out these instructions now or save locally so that you can operate with All Browser Windows CLOSED.

Exit Browsers now before continuing


First Step:

Extract all the files from the Generic Detection Tool into its own folder.
Then run find.bat. Post the log it creates back here as an attachment (do it later when we reconnect).

Second Step:
Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log.

NOTE: Please do not run any other options or files in the l2mfix Folder!

Third Step:
Get a new HJT log.

Now reconnect and come back here and post as attachments the l2mfix log the find.bat log (normally already named output.txt) and the new HJT log (this will require two posts as only two attachments can be made in a message).Based on those logs, we will determine the next steps.

Please DO NOT REBOOT after scanning for these logs!! Otherwise problems may mutate and spread. Wait for me to get back to you with the next steps.

 

Okay! You have that right now. But remember to exit browsers before using HijackThis. You had the following running:
C:\Program Files\Internet Explorer\iexplore.exe

Just continue now with the steps in my previous message. You have a nasty L2Me VX2 infection we need to fix

 

Okay! Moving along! Here are the next steps! I know this is tedious but we are making progress and this next step is going to clean up a load of bad stuff.

Step 1:

Print or save these instructions locally now because you will have to be disconnected with no browsers open in the next step.

Please make sure ALL Browser Windows are Closed and also you should physically disconnect from the Internet by unplugging your cable.

Go to the L2MFix Folder on your Desktop and DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go bazonkers (now there's a great technical term!) for a bit, but just let it run. It should eventually spit out another log in Notepad. Please attach that log later when the remaining steps are completed.

Again, don't run any other files in the L2MFix folder.

Step 2:

Run "find.bat" from the Generic Detection Tool again!

Okay after doing the above DO NOT REBOOT. Now reconnect to the internet and come back here and post and attach the find.bat log along with the L2MeFix Log.

 

Okay! That cleaned up quite a bit. Now I just want to note something, your Windows OS and IE versions are way out of date and present a major security risk to you. When we finish the cleanup process you have to go to MS update and download the updates for your system.


What are these next two lines for?
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe


Are you running MS Word at startup for some reason?
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


I forgot to ask for a new HJT log, so we will go from your previous one. Some of these items below may or may not be there anymore.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\o8nsli5718.dll
After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\vmss <--- the whole folder
C:\WINDOWS\System32\wsxsvc <--- the whole folder

This next file I want you to rename to begin with.
C:\WINDOWS\System32\r.dll ====> rename to r.ddd

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and post a new HJT log. And tell me how things are working now.

 

Okay but you know what Maya is! So they could just be part of it! Task Manager does not show all processes that run. This is a rather well known fact to most geeks. If you want a good program to show processes, get ProcessExplorer from SysInternals.

ProcessExplorer for Win NT/2K/XP

 

Your log is clean! Try completing all the steps in the below link (especially for things you do not already have). The first is Windows Update. When you go there, do no select Express Install. Select Custom Install. Then install all except WinXP SP2. Let me know it that works.

How to Protect yourself from malware!

 

You're welcome. If you Win XP is not legit you should look into purchasing a valid copy as you cannot keep running with an outdated OS. It is simply not safe.