To PhilliePhan

Thanks for replying my message that fast. I´ll do what you told me to and i´ll let you know. I´ll keep in touch with you through this thread. I hope i can help you in some way.Thanks.

 

Okay!

I'll keep an eye on this thread for further posts.

PP

 

Hey PhilliePhan , i hope you´re doing pretty good. I really want to thank you because with the steps you gave to me i could actually destroy the aklsp.dll file installed on my system32 folder. You are a master. I offered you my help at anything you might need but probaly you dont need any help at all in anything as u seem to be very intelligent. The only thing i can do is what u asked me to: to post my results and maybe this will help other users in here.

The main problem was that my Internet Explorer didn´t display any page i wanted to browse despite the fact that i was connected to my internet service provider. Long ago my system suddenly rebooted while i was browsing but i didn´t pay much attention to it. My lap had not any other symptoms but this one. I ran my Mcaffe antivirus and discovered this file and could not do anything to delete it. I read your tutorial and followed the steps you described (except the online scan in step 1) and ran ad-aware, spybot,ccleaner,hsremover, spywareblaster, windows update and my default antivirus. After that i was able tere o browse again and here i am writing to thank u.

Despite all these, i only have one thing missing. The AD aware discovered VX2 malware items and could not delete theme although i already downloaded the add-on VX2 cleaner, ad-aware cannot delete them and right now, while I´m writing you i have been attacked with some pop ups and icons from unknown websites have been created in my desktop in just 1 minute. I would like u to help me with these final problem.

Thank you and i look forward for your reply

Carlos

 

Hi Carlos,

I think you have the popular VX2 variant malware that has been going around.

How many User Accounts are on your computer?


Please send me a HijackThis Log from Normal Windows boot. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HijackThis Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I will check back Friday evening and we'll see what needs to be fixed.

PP

 

One thing i forgot to tell you in my last post is that i am getting back to use my own computer (from where im writing you) and when i try to open your tutorial from here it appears a message on the screen :

You are still on the old forums server. If you reading this, please try to clear your DNS cache with "ipconfig /flushdns" or add "70.85.60.244 forums.majorgeeks.com" to your hosts file.

You are going to hate me, Im not an expert and i dont know how to do what majorgeeks.com is asking me to do in the message above. They should tell the users exactly how to do what they ask us because, as you could see,in my firsts messages to you i didnt know that there were thread available to write and all that stuff. I am learning a lot from you. I apologize for my ignorance. And i thank you again.

PhiliePhan:

Bless to you and to your whole family

Carlos

 

About the number of accounts in my computer the answer is 3 accounts, but i only use one and the other ones are just in case my mom wants to connect or something.

I attach you my hijackthis logfile. I am surprised that american people are just like you, you hear all kind of comments from many people of the world and i just dont agree with them, you guys are really great people.

Thanks

Carlos

 

We may have to check ALL 3 of them if just fixing your account doesn't solve the problem.

There are good and bad apples in every country/culture. Generally, the bad ones won't be found volunteering their time and offering free advice in a support forum

OKAY, on to your problem!

It looks like you are running 2 different Anti-virus apps (McAfee & Bit Defender). Please uninstall 1 so they do not conflict with each other.

Also, please get the new version of HijackThis HERE: HijackThis v1.99.1
Note that your McAfee AV may detect a problem with this file and not allow download. If it does, either get the latest update for McAfee which corrects this error or turn McAfee off for the download.

THEN:
Please extract HijackThis from the ZIP File to a safe folder - C:\Program Files\HijackThis. Here is how to do that:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, RightClick your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder (C:\Program Files\HijackThis)and click Next.

Once HijackThis has been extracted to the safe folder, please scan again and attach that log.

ALSO:
Please download this tool: Generic Detection Tool - NT/2000/XP
Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Please attach that Log along with a Fresh HijackThis Log and we’ll see what we need to fix.

I will check back when time permits.

PP

 

Thanks for the good wishes! Happy to try to help

To Flush DNS Cache, do this:

Go to Start > Run > enter cmd > OK

Then, type: ipconfig /flushdns & hit ENTER.

See if that helps.

This problem should not interfere with the instructions in my last post.

PP

 

Hey PhilliePhan, i hope you´re doing pretty good!. Thanks for replying my post.

About my problem, windows has been automatically rebooting when im browsing in the web, it happened 3 times since last wednesday. The first and the second time it happened, windows displayed a message that had written down on it that WINLOGON had to restart the computer due to errors system:

szAppName : winlogon.exe szAppVer : 0.0.0.0 szModName : fp0003dme.dll
szModVer : 0.0.0.0 offset : 000096b0

And the third time nothing was displayed at all and just rebooted automatically. Then i did what you told me to and scanned with HiJackThis and the find.bat files.

I attach you the files needed waiting for your next directions. The first HiJackThis log is made before the find. bat scan and the second file log of HiJack This is made after.

Take Care and THANK YOU

Carlos

 

Here is the log of the find.bat scan

 

Hi Carlos,

Here are the first few cleanup steps. Your English is far better than my Spanish But, I’ll do my best! If I ask you to delete an item that you know you really want to keep, leave it alone and let me know.


Please download the following tools and have them handy (Perhaps create an Anti-Spyware Folder for them). Make sure to get them from the links below:

L2MeFix Tool

VX2.BetterInternet Finder XP/2k - Version Msg126

Pocket KillBox



NOW:
Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.


Now scan with HijackThis and Check the Boxes for the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mercadolibre.com.mx/
Are these 2 R0 items the desired settings? If so, leave them alone.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O9 - Extra button: www.visa.com.mx - {2D351523-E52B-40ef-98A2-9424250AF8EA} - http://www.visa.com.mx/ (file missing)

O15 - Trusted IP range: 206.161.125.149
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB

O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\i0nmla511d.dll

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


NEXT:
Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go crazy for a bit, but just let it run. It should eventually produce a l2mfix log in Notepad.

NOTE:Please do not run any other options or files in the l2mfix Folder!

Please attach the l2mfix log along with a fresh Find.bat Log (Generic Detection Tool) and we’ll see what is left to be fixed. There will still be a few more steps that we need to run! I will try to check back as time permits, probably Sunday Evening.

Best Luck
PP

 

¡Hola! Hi there, jaja, don´t worry if you don´t know how to speak spanish. You don´t need it!. With the amazing skills you have it´s like for Bill Gates not to have a Jaguar. You would learn spanish very fast. I can teach you your first words in spanish if you will.

I fixed the items you told me to with HiJackThis except for the 2 R0 items. I followed the steps in your last reply and here are the logs.

If its easier for you i could translate the spanish words in the logs if that way its easier for you. Just let me know.

I look forward for the next directions

Thank you

Carlos

 

Hi Carlos,

I think I can navigate a log in Spanish well enough - Your's isn't the first I have seen. I recently helped someone in Santiago, Chile who had the same problem as you did I say "did" because your problem should be pretty much fixed now! All that is left to do is the following:


FIRST:
Check your Recycle Bin to make sure that no problems remain.
If all is NOT well with Recycle Bin, please run Pocket KillBox and Copy & Paste the Following into the box: C:\RECYCLER\Desktop.ini - Click Red X to delete it using Standard File Kill.


After checking on your Recycle Bin:
Open VX2.BetterInternet Finder XP/2k and Click on the "Find Vx2.Betterinternet" button.

Then click on these buttons in the right pane unless they are not enabled:

UserAgent$ Button

Guardian.reg

Restore Policy

Allow Machine to Reboot.


THEN:
Please download HOSTER and open it, select Restore Original Hosts > Press OK and then exit program.


Then, please reboot and give me another HijackThis Log and tell me how things are running now. Are there still problems? I will try to check back Monday evening.

PP

 

Hi PP: , i guess we are about to finish!

Now, I want to ask you two questions:

1.- What can I do to prevent this kind of things happen in my computer besides having Microsoft updates, spywareblaster, spybot, ad-aware and antivirus programs updated?

It seemed that I had a severe virus and spyware trouble. I certainly did not have these tools when I was infected, even the Microsoft updates hadn´t been done. I am aware now, but i´m afraid these actions might be not enough, because of my ignorance in this spyware field.

2.- If another problem appears again (I.E. if my computer reboots again automatically while browsing) , no matter the symptoms, should I follow the steps and use the tools in the exact way you told me to (up to the HOSTER program) these last days? I want to know so I don’t bother you again with some similar thing.


I attach you my log after Hoster. I´ll see what you post to me.

Carlos

 

Yes, we are finished! Your new HijackThis log looks good. How are things running now? Any more problems?

What you have listed are all critical to preventing another infection. The fact that you are now more aware of what sort of baddies are out there trying to get you is good, too. Far too many people are unprepared for a malware attack - So, in that area, you are way ahead of the game!

You should look at Chaslang's Suggestions! for more ideas. You should definitely keep Spyware Blaster and use SpybotSD's "Immunize" Feature! Remember to Internet Update both Windows and your Anti-Spyware tools often!!

A good Firewall is important, as well. Try the FREE Sygate or ZoneAlarm Personal Firewalls that Chaslang mentions. They offer more protection than the built-in Windows Firewall. Remember to turn OFF the Windows Firewall if you choose a different one so that there is no conflict.

Actually, what you had was not too bad and very easy to remove!! (Although, two months ago we did not know how to fix it and it drove us crazy!) There are some real Monsters out there! So, being prepared is very important.

NO - It might be an entirely different baddie! If you have another problem, first scan with your resident Anti-Virus and the tools you now have (SpybotSD / Ad-aware) - Update them first! If that doesn't work, try the steps outlined in the READ ME FIRST Cleanup Tutorial - Especially the Online Scans!
Also, take a look at Understanding, Cleaning And Preventing Spyware for good measure!

If that fails to solve the problem, start a new thread in our Spyware Forum and somebody will be there to help you!

Happy Computing!

PP

 

Well first of all I want to thank for your patience, as a song says, you almost held your hand and the door for me. As I told you in my first message I have no words to thank what you have done for me.

I´ll tell you why: I called AT&T Mexico, my internet service provider and they sent to my home a technical guy from there. The only thing he did was to run my ad-aware and my spybot scanners (things I could have done by myself) and then he told me I had to format my entire computer with a charge of 90USD. I was about to accept but then I tought about it, I decided looking for help in other places, because my lap was not that bad (as the only thing I could not do was to use Internet Explorer). In Mexico there are really few expert people in that and they are not that available to the public. We have no forums and by the hand of God I ended up reading your posts. It was good luck to me, and I got even most luck when you accepted to help me and I am now really grateful.

I hope you don´t get offended or mad by this but I would like to thank you in an active way. Maybe you have some trouble or you would like something from Mexico or I don’t now, maybe it would be better just to hear what could I possibly do for you as you helped me waiting nothing in return.

Maybe it sounds a bit overreacted but the helping systems and the things common in the States and common for you are not common in my country. We certainly don’t live between porks and chickens and we are not all “mojados” (illegal poor Mexicans there) but the underdevelop is reflected on the education and the uninterested help exists, but is rare. Anyway, the most probable is that you don´t need anything but, in anycase, you have earned a friend in Mexico.

Here´s my e-mail in case you might need something:
Edit PP: Removed e-mail so it can not be harvested by spammers

Blessings to you and the ones you love.

THANK YOU

Carlos

 

You're Welcome! Your good words are thanks enough I am happy to try to help anybody in need!

If you really want to thank me, then do a good deed for somebody who really needs your help.

As for finding help here, I think it speaks very well for you that your English is so good that you could receive help in this forum with no problems at all. That should serve you well in the future!

Best Regards

PP