Double check

Status
Not open for further replies.

Pc Noob4life

Posts: 18   +0
Hey,
I recently sent in a log of HJT last week and had been badly infected with trojan and worms. did all the things u instructed me to do such as format etc. So now just to double check that im in the clear can u have a look at me log plz. thanks
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

INS3DT.EXE

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Ins3DT] D:\INSTALL4\INS3DT.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{57F85FE7-7631-4F20-A197-408F96BA21B3}: NameServer = 194.72.0.98 194.74.65.68 Only fix this entry, if it doesn`t belong to your ISP.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold file(if there).

D:\INSTALL4\INS3DT.EXE

Reboot into normal mode and turn system restore back on.

I see that you have installed AVG antivirus. You should also install a firewall programme, such as Zonealarm free. You can get it HERE.

Regards Howard :)
 
Unsure about ISP

Hey Howard, what if:

O17 - HKLM\System\CCS\Services\Tcpip\..\{57F85FE7-7631-4F20-A197-408F96BA21B3}: NameServer = 194.72.0.98 194.74.65.68

Is something to do with my ISP as i am unsure about it. Im with BT and i didnt set up any ISP server stuff. Thanks
 
In that case, go ahead and let HJT fix it. If your internet then doesn`t work just restore that entry by doing the following.

Run HJT and click on the config button. Click on the Backups button. Tick the little box next to the entry you wish to restore and click on the restore button.

Reboot your computer.

Regards Howard :)
 
HJT log again....

hey howard, Ive done your instructions and i think its all running ok now. the O17 HKLM i think is something to do with my ISP cause i couldnt go online after removing it so ihad to reinstall and its come back. Can u take a quick look at the HJT log plz and let me know how it is. Thanks
 
You should`ve posted this in the thread you already had running, rather than opening a new thread.


Your HJT log Is clean.

Regards Howard :)

Edit: I have merged this thread with your existing one.
 
Status
Not open for further replies.
Back