Log Info
#1
Posted 13 November 2004 - 11:08 AM
Register to Remove
#2
Posted 13 November 2004 - 11:18 AM
CWShredder available from these places :-
http://www.zerosreal...m/downloads.php
Or this as a full download without any unzipping required
http://www.downloads.../CWShredder.exe
We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from here :-
http://service1.syma...001052409420406
Scanning With Ad-Aware SE :
1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan
2.Close ALL windows except Ad-Aware SE
3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window
1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)
Under Definitions:
*Prompt to udate outdated definitions - set the number of days
2) Click on the ‘Scanning’ button on the left and select in green :
Under Driver, Folders & Files:
*Scan Within Archives
Under Select drives & folders to scan -
*choose all hard drives
Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file
3) Click on the ‘Advanced’ button on the left and select in green:
Under Shell Integration:
*Move deleted files to recycle bin
Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information
Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT
4) Click the ‘Tweak’ button and select in green:
Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only
Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot
Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile
5. Click on ‘Proceed’ to save the settings.
6. Click ‘Start’
*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
9. Save the log file when it asks and then click ‘finish’
10. REBOOT to complete the removal of what Ad-Aware SE found
Scanning in Spybot Search and Destroy:
1. Downloaded and Install Spybot S&D, accepting the Default Settings
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ then download and install the Updates.
5. Next click the button ‘Check for Problems’
6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
7. Make certain there is a check mark beside all of the RED entries ONLY.
8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
9.REBOOT to complete the scan and clear memory.
Finally after running both Spybot SD and Ad-Aware SE, RESCAN with HijackThis and POST your logfile in the same thread using ‘Add Reply’.
#3
Posted 13 November 2004 - 01:24 PM
#4
Posted 13 November 2004 - 01:39 PM
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B388} - C:\WINDOWS\System32\CustIE32.dll
O4 - HKLM\..\Run: [Divx Codec WinXP] DIVXC.EXE
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.173.250/all.chm::/all.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
Reboot afterwards in SAFE MODE. If you don't know how click here
Delete the following file(s) listed
C:\WINDOWS\System32\DIVXC.EXE<<<file only
Some of these files and folders might have the hidden atribute
How to show hidden files and folders in Windows Instructions here
Then Download System Security Suite. Extract it from the zip file into a folder.
http://www.igorshpak.../3ssetup104.zip
Under "items to clear" click all. Then click "clear selected items"
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves at the moment.
#5
Posted 13 November 2004 - 03:21 PM
#6
Posted 13 November 2004 - 05:14 PM
#7
Posted 14 November 2004 - 05:53 AM
#8
Posted 14 November 2004 - 08:07 AM
Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2fucked.biz
O15 - Trusted Zone: *.windupdates.com
#9
Posted 14 November 2004 - 09:11 AM
#10
Posted 14 November 2004 - 09:16 AM
Please read through the ideas and free software listed below that will help to keep your computer clean.
Some of these you may already have installed or may have done already.
Install a firewall.ZoneAlarm FREE
Ensure that an Antivirus is updated weekly and running. AVG antivirus from Grisoft is a very good FREE antivirus program. But you only need one AV
Make sure you have the latest critical updates from windows update.
SpywareBlaster will prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
IE-SPYAD puts over 4000 known 'bad' sites into your IE restricted zone so that they cannot install malware on your PC.
Google toolbar has a very good built in popup blocker with a nice search bar. To provide privacy, select disable advanced features when installing.
Check your system for latest virus definitions with an online virus scan every week or two.
TrendMicro HouseCall
eTrust AntiVirus Web Scanner
Panda ActiveScan
Check your system for latest trojan definitions with an Online trojan scan also every week or two.
And also see this link for additional security information.
So how did I get infected in the first place?
Please consider using Firefox
http://texturizer.ne...efox/index.html
Please read this
#11
Posted 14 November 2004 - 12:36 PM
#12
Posted 14 November 2004 - 12:57 PM
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.
If this is not your thread please start a New Topic.
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users