One last problem...I think..! (FIRST POST)

Hi All,

This is my first post, so hello, and thanks to everyone who puts themselves out to help us mere Private Geeks.

I have read all the "before posting" notes, so hopefully I am doing everything correctly. I have also run Spybot, Ad-Aware, Microsoft, Spyware Sweeper and removed all the entries identified. These are all now showing clean. I have run HJT and, with the help of various tutorials, gone through that and fixed various entries.

However, I have one last problem (I think) that I cannot get rid of. In the HJT log, it shows a trusted site 015 crazywinnings. I have tried to fix it in HJT but it keeps returning. Also, I am constantly receiving a notification from Spybot about an attempted Search Bar added, with what seems to be a completely random URL.

I cannot go online on the machine in question at the moment (physical reasons - not related to these problems), so have been downloading update files on another machine and applying them.

Finally, I have just noticed that SP2 is not installed, so I am doing that right now, but I don't think that will solve the problem on it's own....?

If anyone can offer any guidance, I would be very grateful.

Thanks for your help.

Mav

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file cwfix.regfix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the cwfix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!



http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Hi bjgarrick,

Thanks very much.

I have followed your instructions, and attached the hjt log.

Thanks again for your help.

Regards
Mav

 

Please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

TeaTimer.exe <-- End this because it will cause problems with this fix!

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKCU\..\Run: [ooze third] C:\DOCUME~1\Owner\APPLIC~1\SIZETH~1\Dale admin upload.exe

O15 - Trusted Zone: *.awmdabest.com (HKLM)


Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Download Pocket KillBox

Now, Copy and Paste C:\DOCUME~1\Owner\APPLIC~1\SIZETH~1\Dale admin upload.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

Now, Allow Killbox to reboot your system. After you have rebooted and windows has loaded procede with the rest of this fix.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After doing ALL of the above, Scan with HijackThis and attach the new log.

 

Thanks.

I have done everything, and attached the hjt log file, but the file for Killbox (Dale admin upload) does not exist. There are, however, about a dozen randomly named exe files in the same directory. Should I do anything with them?

Thanks again for your help.

Mav

 

I have just run a search and found "Dale Admin Upload.exe-00bf1d11.pf in C:\Windows\Prefetch

 

Your HJT log is clean!

For the Prefetch folder, follow the below:

Download Windows XP Prefetch Clean And Control 1.2.0

Run the utility, click the button "Clean Prefetch Folder Now" and then exit.

Are you having any further problems?

 

No, that seems to have sorted everything out. I have had the machine on all day today - no pop ups or warnings from spybot and nothing malicious seems to be going on.

That's fantastic.

Thanks very much for all your help - is there anything I can do to help support the site? Also, I have learnt a great deal over the last couple of days - is there anywhere you can suggest where I can learn more about spyware, host files etc, so that I can help others?

Thanks again bjgarrick.

Mav

 

You're welcome! You can buy a Majorgeeks tee shirt or sweatshirt. Also, an email of appreciation to the owners (see there names and email addresses here: http://www.majorgeeks.com/page.php?id=2 ) is always appreciated. Also send you friends here.

I would now recommend performing the steps in the below thread to help keep you clean:

How to Protect yourself from malware!

 

Will do. Thanks again.

Also, I have learnt a great deal over the last couple of days - is there anywhere you can suggest where I can learn more about spyware, host files etc, so that I can help others?

Regards
Mav

 

Sure, there are many sites around the web that provide this information. The best site for learning more about Malware is right here in our forum. You will see every form of infection come in here, search around the forum and look at some of the threads. You will learn more and more as we do everyday.

Here are some pretty good sites on Malware:

http://www.spywareinfo.com/

http://www.spywareguide.com/