branding

Navigation



You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
John_McKennaModerator
HijackThis Helper


Reg'd: Wed
Posts: 7430
Loc: England
Re: viruses, spyware, probably both! please help!
      Thu Jul 07 2005 08:19 PM
Reply to this post Reply   Reply to this post Quote  

Those pesky younger brothers......We'll address some suitable steps once you're clean.


Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Copy the below steps to notepad, close Internet Explorer and disconnect from the internet.


Step 2

I need you to disable some of that real time protection before beginning.

I'm not too familiar with Ewido's inner workings but you should be able to right click on the System Tray icon and select the relevant option to disable the trojan guard.


Please open Microsoft AntiSpyware.
- Click on Tools | Settings.
- In the left pane, click on Real-time Protection.
- Under Startup Options uncheck: Enable the microsoft AntiSpyware Security Agents on startup (recommended).
- Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
- After unchecking these, click on the Save button and close microsoft AntiSpyware.
- Right click on the microsoft AntiSpyware icon on the taskbar and select Shutdown microsoft AntiSpyware.
You'll need to renable the above real-time protections after you get the all clear.


Step 3

Run HJT again and checkmark the boxes next to the following:-

O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nss25.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\system32\PSof1.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\hakukj.exe reg_run
4 - HKLM\..\Run: [335f3Eg] cioadmin.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [gggait] c:\windows\system32\pxoncq.exe r
O4 - HKCU\..\Run: [I0upROMtS] ciaund.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia.com/install/pcs_0029.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked



Step 4

Please now reboot into Safe Mode.

Delete the following files and folder in bold:

C:\WINDOWS\system32\richedtr.dll
C:\WINDOWS\system32\PSof1.exe
C:\WINDOWS\system32\hakukj.exe
C:\WINDOWS\system32\cioadmin.exe <--check in C:\Windows folder if not here
C:\WINDOWS\system32\ciaund.exe <--check in C:\Windows folder if not here
C:\WINDOWS\system32\pxoncq.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe

C:\Program Files\Cas <--folder



Step 5

Then click on Start | Run and type cleanmgr into the run box.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin ONLY are checkmarked and click 'OK'.
Then click on Start | Run, and type %temp% and press the ok button.
This will open up the temp directory that your machine uses.
Please delete all files that are found there.


Step 6

While still in Safe Mode, open Ewido Security Suite.

- Click on Scanner
- Make sure the following boxes are checked before scanning:
-- Binder
-- Crypter
-- Archives
- Click on Start Scan
- Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.

- Click Save report.
- Save the report to your desktop.

Warning: While the scan is in progress, do NOT open any folders or the Windows Control Panel !!


Step 7

Reboot and run an online virus scan at Kasperskey Online

* Save the scan log for posting please.


Step 8

Reboot once more and post a fresh HJT log, Ewido report and Kasperskey scan log.

My help is ALWAYS FREE but if you'd like to donate towards the fight against Spyware click here.

"Learn all there is to be learnt"




Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* viruses, spyware, probably both! please help! milhouse247 Wed Jul 06 2005 04:43 AM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 07 2005 01:02 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Thu Jul 07 2005 02:37 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 07 2005 08:19 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Thu Jul 07 2005 10:15 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 07 2005 10:21 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Wed Jul 13 2005 12:14 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Wed Jul 13 2005 01:51 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Wed Jul 13 2005 02:57 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Wed Jul 13 2005 03:37 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Wed Jul 13 2005 04:37 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Wed Jul 13 2005 05:02 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Wed Jul 13 2005 05:11 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 14 2005 01:22 AM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Thu Jul 14 2005 08:01 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 14 2005 09:45 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Thu Jul 14 2005 10:56 PM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Thu Jul 14 2005 11:01 PM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Fri Jul 15 2005 12:12 AM
. * * Re: viruses, spyware, probably both! please help! John_McKennaModerator   Fri Jul 15 2005 12:21 AM
. * * Re: viruses, spyware, probably both! please help! milhouse247   Thu Jul 07 2005 10:52 PM

Extra information
1 registered and 37 anonymous users are browsing this forum.

Moderator:  putasolutions, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, greysts, TheFatControlleR, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 487

Contact Us | Privacy statement Main website

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts


Search

© Copyright IPC Media Limited 2009, All rights reserved