|
Stu try using Microsofts spyware program, its in beta format and free...for me it's been the most effective in handling these problems. I use a combo of Avast and MS Spyware and I haven't been infected with a virus or adware in a long time.
I guess you couldn't use firefox to review as these things as they would slip by the review process? |
Quote:
|
Quote:
|
Well normally if you reinstall windows the only thing you will lose is your emails.
|
Quote:
|
Quote:
I do a backup of my emails once a week just incase my computer dies on me. |
Quote:
|
Stu - make sure that when you run those programs like cwshredder and hijackthis as well as spysweeper and your antivirus that you do it from safe mode (just start your computer and tap F8 a few times to get to the menu to choose safe mode) and make sure you are not connected to your net connection - if you have more than one user account on your computer you will also need to run those programs as the admin first and then each user
After you have removed everything (I sure wish you could post exactly what type of symptoms you are having besides being slow like any popups, or any particular virus/trojan being identified) I would run the hijackthis and post a copy of the log here or you can pm it to me I would not recommend a system restore unless you are sure you have a good clean version - most of the good trojans these days attach themselves to the backup files first to ensure they stick around after a restore |
virtual machines are better than real ones
Quote:
Might I suggest an alternative to a whole other box? http://www.microsoft.com/windows/virtualpc/default.mspx or http://www.vmware.com/products/desktop/ws_features.html Burn an ISO of your Windows CD to your box and you can (re)load a virtual machine in no time. Better than buying a whole freakin other box and faster to reload. |headbang| |
Scuse me, Would yo kindly keep youre language down please. There are children that read the boards.
|
Stu,
wish I could help but I have an old Fruit too... I hope keeping my fingers crossed for you is a little help. |
Quote:
Describing the problem a bit more would also be good...I have a feeling you haven't cleared all the virus / adware that's present. |
If you know the name of the file a few things you might want to try
1) go to control panel/admin tools/ local policy. once that is up and running create a new software restriction policy in the addtional rules section. make a new rule based on path. put in the path to the file and disallow. if you know of any other files that are related to this file is using create rule for them also. 2) go to start/ run/ type msconfig go to services and check off hide all microsoft service. now uncheck everything. this is going to stop anything you might need running but this part is only a tempory thing to do. IE if you have a remote desktop service that is not MS software it will not run after you do this part. next in the same msconfig go to start up and uncheck everything except explorer. look in the command tab this will tell you the location of the a file that will run on system start up. if you are not sure what it is then leave it alone. but anything you know of ie (adobe update service) and shit like that. make sure the checks are removed. you dont need this crap hammering down your boxes resources. once you apply this then you will be asked to restart. DONT RESTART. make note of the location of that software. restart your computer in safemode. and go to the directories where they are to be siting. IE c:\program files\shithead software. And delete all the crap you can. You should be able to delete the whole thing. now also check your local administrators group. IE right click my computer and go to manage. Any user in that group other then you and administrator should be removed. now restart the box normally. and see if you can get to where you need to go on the internet. if all is ok, this next process could take some time. you have to go into msconfig again and re-enable every service you shut off one at a time and restart the box every time. Bring the box to a full shut down and wait about 10 seconds for the drives to stop spinning. turn the box back on and keep turning on your services that you had shut off one at a time until everything is ok. if you find you are not able to get out to the internet sites after you reenable one then that is the fucker. Find its location and remove it. if you need software to remove the service let me know you can get them off of any windows resource kits. I'll throw up the service removal one for you. hope this helps. Just in my opinon I would just dump the box and rebuild it. I dont bother with any spyware or any filter software anymore. it ruins my internet experiance. i just run a virus protection and rebuild my boxes every 3 months nice and clean. shit xp load a new box in 20 minutes, all this time you have spent today trying ti fix this, and you could have been up and running clean and new. jugg..... |
Ouch...so sorry to hear about this Stu :( Farging iceholes installing this crap should be rolled in honey and tied to a fire ant mound |angry|
Looks like a lot of good ideas have already been proferred...hope you get it fixed soon! I'm doing site reviews in FF. I have found that FF is less forgiving of bad code than IE. So, I made that one of the rules on my list...make sure your code is FF compliant. Haven't noticed any real problems or had any resistance from submitters...yet... Good luck Stu! |
linkster, i have done all that, i have no pop up no virus , but it seems with removing the bad stuff, i re moved alot of my ie .lol. so my internet exlporer doesnt work anymore ad i cant reinstal it to, and my system restore dont work anymore, na i will reinstal xp today
|
you might be able to install firefox, which would then let you get the MSIE 6.0 downloader.
|
Sorry I am late to the party Stu. We have been reconfiguring our life again.
Without more information, I can't fully help you. Here is the link to re-install IE: http://www.theeldergeek.com/repair_r...e_and_oe_6.htm ... The odds are you still have adware on your system. If you can get to this URL: http://housecall60.trendmicro.com/en...rp.asp?id=scan ...Run that scan. The full one, spyware and virus. If you cannot start hijackthis, just rename the file to something else and run it. If you can download the Microsoft anti-spyware beta: http://www.microsoft.com/athome/secu...e/default.mspx ... then go ahead and install that. Do a search in your C:\windows folder for *.com anything that shows up as being 1k files size, go ahead and delete it. This puts files in the directory called regedit.com, ping.com, etc... This is for discouraging a fixable solution. You see windows will always run the .com before the .exe if there are two files of the same name with different extensions. If you post your hijackthis log, I can tell you what probably doesn't belong. I would advise you to install: http://www.javacoolsoftware.com/spywareblaster.html ...and : Spybot Search and Destroy: http://www.safer-networking.org/en/download/ ... Make sure you turn on the S&D resident scanner. "TeaTimer" This will alery you to attempted changes to your registry. This way you know exactly which site you were reviewing when the bad stuff happened, and... Who to blame. I also run: http://www.mlin.net/StartupMonitor.shtml ... which has largely the same functions as the tea-timer, but catches things it might miss. I have been running a TGP since 1999, and have been dosed with everything ever put out before the detectors would detect it. Formatting your hard drive should be your last option. This way, if you beat the little bastard out of your system, you will be setup to repel future invaders. I will wait to see your hijackthis log. 23 years in computer repair and it has come to chasing bugs. |angry| Mr. H. |
wowwwwwwwwwwww Mrhackula :D i am wokrking on it thanks
|
Logfile of HijackThis v1.99.1
Scan saved at 13:46:57, on 24-5-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE C:\PROGRA~1\QUICKH~1\QHONSVC.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\QUICKH~1\QHM32.EXE C:\PROGRA~1\QUICKH~1\MailSvr.exe C:\PROGRA~1\QUICKH~1\UPSCHD.EXE C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\system.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\QUICKH~1\QHONLINE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\locator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\hopeloos\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /LOADRUN O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\MailSvr.exe O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /Check O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /check O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096750544656 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE O23 - Service: Quick Heal Online Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE |
I agree with Mr Blue, the MS anti-sypware program works very well. Only thing, it usually takes a good number of scans before it gets rid of everything. Last time I had some nasty stuff it took about 7-8 scans, but it did get rid of it. Many other programs never even found what I had.
ronnie |
http://www.hijackthis.de/en use this or similar for a quick analyse of your hijackthislog!
Great to see how helpful people are! |
Quote:
Stever, I have found that declining all sites with scripts, iframes, and other outside sources has certainly decreased the amount of junk I am forced to deal with (and that my surfers have to deal with too). As I determine new methods for adding stuff on pages, I add that to the bot filter so that my surfers are not subject to this crap. If more TGPs and such spent a few minutes actually pre-checking stuff, there would be much less crap out there in the world. Oh yeah, firefox instead of IE is a HUGE help... not a total fix, but moves me from 99% to 1% pretty much directly! Alex |
mmm i did the housecal mirotrend thing he found 4 infected files, after that one i did the spysweeper i have myself and that one found Mitglieder_trojan, housecall didnt catch that,
Raw alex was it you who said that time to ban all the people who use fmous names, like the Phil Collins guy? well from his site i got this shit, i was doing some of the reviews at pimplinks and that ones had the coolwwwweb shit in filled my puter with virusses, even my virus scanner catch most |
hi Stu
in your hijackthis log "C:\WINDOWS\System32\system.exe" may be the problem go here to read about this before you delete this as I am not 100% sure http://www.answersthatwork.com/Taskl...tasklist_s.htm Fred |
Quote:
|
| All times are GMT -4. The time now is 08:38 PM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc