Need some help solving a couple issues.

Discussion in 'Malware Help (A Specialist Will Reply)' started by TAPilant, Jul 12, 2006.

  1. TAPilant

    TAPilant Private E-2

    Well first of all this is my first time posting to this forum. So I hope I did everything correctly and didn't leave anything out.

    I guess this all started when my subscription to Norton was about to run out. I dicided to change over to AVG and ZoneAlarm since I know several people using then with good luck. Hey its cheaper than paying money to Norton.

    Atfer reading several posting in this forum I thought it would be a good idea to run thought the READ & RUN ME FIRST thread and see if Norton had let me down.

    So here's the results of my scans:
    - CCleaner ran successfully and freed up about 130MB.
    - AD-Aware SE run successfully nothing found other than a previous version installed which I uninstalled and than installed the current version.
    - Spybot Serach & Destory fixed 4 items.
    - Windows Defender ran successfully nothing found.
    - Bitdefender see attached
    - Panda see attached ( identified KillApp.b)
    - Hijack see attached

    So now I'm looking for some help to clean up the KillApp.B if that is really a issue and to review the HJT file. Now I know after looking at the HJT file and refering to the HTJ tutorial theres a few items in it that need to be cleaned up.

    Now I have a new issue after running all of these scans. My IE home page is stuck on:
    http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
    and it will not let me change it. Now before some one asks I tried the Rest Web Setting under Internet options but I got "Unable to RESET WEB settings". :confused:

    I plan to change over the FireFox and ThunderBird after I get all of this cleaned up, but I kind of need IE to be work correct for my job.


    Any and all help will be great.

    Thanks
     

    Attached Files:

    TAPilant, Jul 12, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    If you or as you have a HP/Compaq PC then you dont want to remove C:\hp\bin\KillIt.exe a known false positibve for KillApp.B, especially as its located in the place I highlighted in bold, its a comand line program for terminating applications, used in HP recovery process.

    as for the browser home page change, disable Spybot S&D and Zonealarm and try to change homepage?

    You also seem to have Norton Internet Security on your PC as well as AVG and Zonealarm, they will interfear with each other, do please uninstall either NIS or AVG & ZoneAlarm
     
    DavidGP, Jul 13, 2006
    #2
  3. TAPilant

    TAPilant Private E-2

    Well first of all sorry for not including in my original message that this computer was a HP Pavilion, with 2.9 Celeron and 1G of RAM. Its running Windows XP with SP2 and I should have all of current Windows updates.

    So with that said I must have a false positive because the file identifed was C:\hp\bin\Killit.exe. Thanks for pointing out that it deals with the HP recovery.

    Now for NIS. I have done everything I know of to remove it when I installed AVG & ZoneAlarm. So to the best of my knowledge its no longer on my machine. So... what else do I need to do to completly remove NIS from my system?

    Now for my browser home page. It was working fine after I installed ZoneAlarm. So I assuming that it Spybot S&D is the problem. Now you say to disable it. Does that been uninstall it from my machine or to disable something with the app, if so now?
     
    TAPilant, Jul 13, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you still cannot uninstall Norton, try the below tool from Symantec:

    Using the Norton Removal Tool


    If the Symantec Tool does not work, use the below to uninstall all this Symantec software.

    Your Uninstaller! 2006


    Only Spybot's Teatimer would be an issue for locking your Home Page. However ZoneAlarm has a feature for locking it and so does Windows Defender. If you want to change you home page you have to allow it to be changed via these applications which are locking it.

    You do have a piece of malware to remove!

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [links] links.exe

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    c:\windows\system32\links.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.
     
    Last edited: Jul 14, 2006
    chaslang, Jul 14, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds