Spy-Agent.n

Hi and Welcome


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Please attach all of the logs that Halo requested. Also you skipped step 0 of the READ ME. Viewpoint Manager should have been uninstalled in step 0.

Is your copy of Ewido a paid or free trial version?

You now need to run this: WareOut Removal and attach the requested log.

 

Okay but what about the log from the WareOut Removal procedure I asked you to run.

You also need to follow the directions in step 7 of the READ ME from beginning to end. The version of HijackThis you are using has not been used in two years. Please follow the directions in step 7 and use the proper version and attach a new log.

You also need to get your Sun Java version updated.


First install the current version of Sun Java from: Sun Java Runtime Environment

Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0

 

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [FinishOptions] C:\DOCUME~1\Joe\LOCALS~1\Temp\hpbinxst.exe
O4 - HKLM\..\Run: [de288d13918] C:\WINDOWS\System32\de288d13918.exe
O4 - HKCU\..\Run: [de288d13918] C:\WINDOWS\System32\de288d13918.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Documents and Settings\Joe\Local Settings\hpbinxst.exe
C:\WINDOWS\System32\de288d13918.exe
C:\WINDOWS\SYSTEM32\DMCPL.EXE

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode

Now delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp\
C:\Documents and Settings\Joe\Local Settings\TEMP

Now attach a the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Yes I know that hpbinxst.exe can be related to an HP printer, but it does not belong in the Local Settings folder as far as I'm concerned. In should be in a folder named for HP. Either it was not installed properly or this file is still of questionable origin. Or a third choice is that it was only required during installation and was never cleaned up properly after install. I doubt the file is needed. Do you even know what it is for?

You did not tell me how things are working.

 

Ewido installs some process that run as services. You cannot stop them via Task Manager. You should just uninstall Ewido since it is only the trial version and you do not want it running at the same time as Windows Defender because that would be a big waste of system resources and they will also conflict with each other.

As far as PC performance is concerned, your biggest gain would be observed by uninstalling McAfee and using a couple tools from the How to protect thread (see below) in place of McAfee. What you are running is a massive resource hog.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!