TechSpot

After following instructions - problem still exists...

By OisinT
Jul 21, 2006
  1. Lots of popups trying to get me to buy anti-spyware programs, and a "security alert" on the tray.
    I followed all 3 pages of instructions (here http://www.techspot.com/vb/topic50981.html) and after reboot the problem seemed gone for like 10 mins then came back.

    Here's the HJT log:
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  3. OisinT

    OisinT TS Rookie Topic Starter

    done. here's the new log.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s looking much better now.

    However, we still have some things to do in order to clean your system.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    cmd.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [Udqphi] C:\DOCUME~1\Oisin\MYDOCU~1\YMBOLS~1\cmd.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\Oisin\MYDOCU~1\YMBOLS~1\cmd.exe

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT and let us know how your system is running.

    Regards Howard :)
     
  5. OisinT

    OisinT TS Rookie Topic Starter

    ok, done :)

    here's the updated log


    thanks again
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    It appears you`re not running any firewall software.

    This is a huge security risk.

    You should consider installing a firewall, such as the free Zonalarm or the free Kerio firewall.

    You can get them HERE and HERE.

    If you have any further spyware/virus problems, please post in this thread.

    Regards Howard :)
     
  7. OisinT

    OisinT TS Rookie Topic Starter

    ok since the problem has been fixed... my computer is way slower and crashes a lot when I try to open control panel.
    Also, I cant get it to switch back to the usual "show welcome screen" version of logging on or switching accounts.
    And I cant get the User Accounts window to show in classic view so I can find the advanced tab to check things out in there.
    Also occasionally AVG pops up and tells me it blocked a Trojan.
    I dont know if all this could be involved in the problem I was having before.
    I'll post a new HJT log just in case you need one.
    Another weird thing is that when I downloaded ZoneAlarm it told me to turn off Google Desktop. Could this be because my version of Google Desktop isn't real?

    thanks
     
  8. OisinT

    OisinT TS Rookie Topic Starter

    i had another question but i figured it out :)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, you should delete this file.

    C:\Documents and Settings\Oisin\Desktop\zlsSetup_65_731_000_en.exe

    This is because for whatever reason the zlsSetup_65_731_000_en.exe file is still running and it shouldn`t be. This may be responsible for slowing your system down.

    I don`t think your Google desktop if fake, but maybe it`s conflicting with the Zonealarm installation.

    Turn off the Google desktop and reninstall Zonealarm, then turn your Google desktop back on.

    Can you give me the filepath to the trojan that AVG is reporting?

    Regards Howard :)
     
  10. OisinT

    OisinT TS Rookie Topic Starter

    I deleted the virus vault accidentally when opening it...... oops..
    If it comes again I will post it here.

    Any theory on why I cant get my login screen back to the usual welcome screen instead of the window popping up?
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go to your control panel and double click user accounts. Click change the way users log on or off. Make sure the use the welcome screen option is checked, click apply options. Reboot your computer and see if that helps.

    Regards Howard :)
     
  12. OisinT

    OisinT TS Rookie Topic Starter

    tried it with just the welcome screen option and with both welcome screen option and fast user switching...

    neither works.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Mmm that`s a strange one.

    I must admit I`m not really sure what would cause that, other than some corrupt OS files.

    Try clicking start/run and type sfc /scannow into the run box and hit the enter key. You will need your Windows cd handy. This will check your system files and replace any that are corrupt or missing. Note the space between the sfc and the forward slash.

    If that doesn`t help, maybe you should open a new thread in the Windows OS forum.

    Regards Howard :)
     
  14. OisinT

    OisinT TS Rookie Topic Starter

  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Having never used Google Earth, I have no idea if that website is legit or not.

    I have clicked on your link, but got the following message. Firefox can't establish a connection to the server at 127.0.0.1:4664.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...