TechSpot

Errorsafe, I don't want to pay to remove it

By Casia01
Dec 1, 2006
  1. Errorsafe has popped up on my computer. Can anyone give me some instructions on how to remove it? thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello again lol.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Once you`ve completed the above, I`ll see what else needs to be done.

    Regards Howard :wave: :wave:


    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    I'll be doing that this afternoon, Howard. Had a family emergency these past few days that have kept me from my computer.
    Thank you in advance for your help
    Casia

    8:53pm CST Louisiana... worked on it for hours, having problem with the machine wanting to freeze up every time you try to run an update... but then again the thing is an emachine, letting it do its thing until the morning and will continue from there

    quick update, 9:49am cst, Finally in the home stretch, conflicting schedules with my mother has limited me to when I can finish everything. Hopefully I will have the logs posted by tonight. I have found that most of your cleaner programmes have corrected several issues. The biggest issue was the desktop never appeared in safe mode, had to ctrl alt del the task manager to appear and use run task, enter c: to pop an error to make everything appear so I could work with it. Noticed that after I ran the virus scan and errorsafe was finally detected for removal that the desktop never dissappeared on me again. I have been working on this computer for close to 16 hours, in broken segments.
    Thank you for your patience.

    Casia
     
  4. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    Update on progress:
    I have been following your instructions to the letter. It has, of course, taken loads of time for me to get this far. The computer in question has finally gotten to running the avg antispyware in the safe mode. at 38 minutes into the scan is was already ovedr 2k infected files found. That is even after all of the other stuff I have done already. Computer is still running the scan, I will go back later to check on it, and continue to follow your instructions from there. Thank God all I have is the HJT left to do in norm mode and post my findings.
    Maybe it will have a clean bill of health.. LOL or you telling me to reformat and be done with it.

    Still here, almost done..
    Thanks for your help
    Casia
     
  5. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    Finally, but with complications. Power outage occurred, we have our computers on nice surge protectors with batt. backups. So mom, thinking its ok, goes ahead and tells avg to delete all infected and saves no log for me.
    Well, ok so that isn't following your instructions to I am doing it over again but in the meantime here is the HJT txt file for you to look through.

    View attachment HJTlog.txt
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system has amongst other things the Sony drm rootkit.

    Download and run this removal tool from HERE. Follow the instructions for using the tool exactly.

    Then, do the following.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint
    Viewpoint Manager
    Viewpoint Toolbar

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr.exe
    CFD.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/redirect.html?redirectID=99103

    F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)

    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

    O4 - Global Startup: Forget Me Not.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

    O9 - Extra button: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)

    O9 - Extra 'Tools' menuitem: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)

    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

    O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.com/member/ocx/WonSearchX.ocx

    O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors.com/member/ocx/WonList.ocx

    O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx

    O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.com/member/ocx/PFMngr.ocx

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Viewpoint<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    hello again. The removal tool claimed that nothing was found, continued anyway with the instructions. decided to try it in safe mode with same results.


    Here is the fresh HJTlog

    finally, here is the log
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    XCP CD Proxy
    Plug and Play Device Manager

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    $sys$DRMServer.exe
    CDProxyServ.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\$sys$filesystem<Delete the entire folder.
    C:\WINDOWS\CDProxyServ.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    I have done as you have commanded :}
     
  10. Rik

    Rik Banned Posts: 3,814

    Your HJT appears to be clean!!

    However, have a read of this - http://www.techspot.com/vb/topic62782.html

    The other thing i would suggest is that you download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is now clean.

    rik has given you some very good advice, but obviously it`s up to you if you take it.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    Mother dearest thinks the sun rises and sets to nortons... the only ed of nortons i care about is corp. ed.

    I will do my best to try and talk her into a change.

    Thanks again for all of your help...

    Now, is there a teaching aid to learn how to discern the HJT log good from bad?
    (I want to be just like Howard ... LOL)
     
  13. Rik

    Rik Banned Posts: 3,814

    Lerning about HJTlogs takes a lot of time and patience, im still learning!!!

    Show your mother this link - http://www.computergripes.com/nortonantivirus2004.html - that should convince her that norton is crap!!!!:)


    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    HJT more that willing to take the time to learn...

    Nortons-- sweet link.. yeah that should convince her!

    Thanks again Rik

    Did I mention that out of my entire family, I'm the one they call when they screw something up?
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There are plenty of HijackThis tutorials on the web. However, the changing nature of viruses and other malware, makes it a constant challenge to work out how best to solve a particular infection. As far as I`m concerned this is the fun, if sometimes the frustrating part lol.

    The way I learned was to read and research as much as possible. I also leaned a hell of a lot from one of our members called Realblackstuff, who used to do all the HJT log stuff before me.

    Yahoo and Google searches help a tremendous amount in working out whether something is good or bad. Once it`s been ascertained that something is bad, then the trick is to find out how to get rid of it. In a lot of cases this is quite easy and really is just a case of manually deleting the infection. However, there are also a lot of infections that require specialist tools and techniques to get rid of them.

    Other spyware forums such as Bleeping Computer/Castle Cops etc are a good source of info.

    It really is a never ending learning experience, but one that`s well worth undertaking.

    Regards Howard :)

    This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. Casia01

    Casia01 TS Rookie Topic Starter Posts: 23

    Thank you for that post Howard. I have decided to start asap
    :D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...