Errorsafe has popped up on my computer. Can anyone give me some instructions on how to remove it? thanks

Hello again lol.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Once you`ve completed the above, I`ll see what else needs to be done.

Regards Howard :wave: :wave:


This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I'll be doing that this afternoon, Howard. Had a family emergency these past few days that have kept me from my computer.
Thank you in advance for your help
Casia

8:53pm CST Louisiana... worked on it for hours, having problem with the machine wanting to freeze up every time you try to run an update... but then again the thing is an emachine, letting it do its thing until the morning and will continue from there

quick update, 9:49am cst, Finally in the home stretch, conflicting schedules with my mother has limited me to when I can finish everything. Hopefully I will have the logs posted by tonight. I have found that most of your cleaner programmes have corrected several issues. The biggest issue was the desktop never appeared in safe mode, had to ctrl alt del the task manager to appear and use run task, enter c: to pop an error to make everything appear so I could work with it. Noticed that after I ran the virus scan and errorsafe was finally detected for removal that the desktop never dissappeared on me again. I have been working on this computer for close to 16 hours, in broken segments.
Thank you for your patience.

Casia

Update on progress:
I have been following your instructions to the letter. It has, of course, taken loads of time for me to get this far. The computer in question has finally gotten to running the avg antispyware in the safe mode. at 38 minutes into the scan is was already ovedr 2k infected files found. That is even after all of the other stuff I have done already. Computer is still running the scan, I will go back later to check on it, and continue to follow your instructions from there. Thank God all I have is the HJT left to do in norm mode and post my findings.
Maybe it will have a clean bill of health.. LOL or you telling me to reformat and be done with it.

Still here, almost done..
Thanks for your help
Casia

Finally, but with complications. Power outage occurred, we have our computers on nice surge protectors with batt. backups. So mom, thinking its ok, goes ahead and tells avg to delete all infected and saves no log for me.
Well, ok so that isn't following your instructions to I am doing it over again but in the meantime here is the HJT txt file for you to look through.

View attachment HJTlog.txt

Your system has amongst other things the Sony drm rootkit.

Download and run this removal tool from HERE. Follow the instructions for using the tool exactly.

Then, do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
Viewpoint Manager
Viewpoint Toolbar

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
CFD.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/redirect.html?redirectID=99103

F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE

O4 - Global Startup: Forget Me Not.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)

O9 - Extra 'Tools' menuitem: Leopard Search Toolbar - {E828EC21-EAA9-44B3-8021-EE89101C6ACD} - (no file)

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {1DD81666-F3AD-11D3-BA86-00500487B4EC} (WonSearchX Control) - http://www.investors.com/member/ocx/WonSearchX.ocx

O16 - DPF: {78267546-F2AC-11D2-A278-005004676C44} (WonList Control) - http://www.investors.com/member/ocx/WonList.ocx

O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx

O16 - DPF: {EE3CD402-69EB-4B53-819D-0CA2F95AD7DA} (PFMngr Control) - http://www.investors.com/member/ocx/PFMngr.ocx

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

hello again. The removal tool claimed that nothing was found, continued anyway with the instructions. decided to try it in safe mode with same results.


Here is the fresh HJTlog

finally, here is the log

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

XCP CD Proxy
Plug and Play Device Manager

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

$sys$DRMServer.exe
CDProxyServ.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\$sys$filesystem<Delete the entire folder.
C:\WINDOWS\CDProxyServ.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I have done as you have commanded :}

Your HJT appears to be clean!!

However, have a read of this - http://www.techspot.com/vb/topic62782.html

The other thing i would suggest is that you download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.

Well done, your HJT log is now clean.

rik has given you some very good advice, but obviously it`s up to you if you take it.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Mother dearest thinks the sun rises and sets to nortons... the only ed of nortons i care about is corp. ed.

I will do my best to try and talk her into a change.

Thanks again for all of your help...

Now, is there a teaching aid to learn how to discern the HJT log good from bad?
(I want to be just like Howard ... LOL)

Lerning about HJTlogs takes a lot of time and patience, im still learning!!!

Show your mother this link - http://www.computergripes.com/nortonantivirus2004.html - that should convince her that norton is crap!!!!


This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

HJT more that willing to take the time to learn...

Nortons-- sweet link.. yeah that should convince her!

Thanks again Rik

Did I mention that out of my entire family, I'm the one they call when they screw something up?

There are plenty of HijackThis tutorials on the web. However, the changing nature of viruses and other malware, makes it a constant challenge to work out how best to solve a particular infection. As far as I`m concerned this is the fun, if sometimes the frustrating part lol.

The way I learned was to read and research as much as possible. I also leaned a hell of a lot from one of our members called Realblackstuff, who used to do all the HJT log stuff before me.

Yahoo and Google searches help a tremendous amount in working out whether something is good or bad. Once it`s been ascertained that something is bad, then the trick is to find out how to get rid of it. In a lot of cases this is quite easy and really is just a case of manually deleting the infection. However, there are also a lot of infections that require specialist tools and techniques to get rid of them.

Other spyware forums such as Bleeping Computer/Castle Cops etc are a good source of info.

It really is a never ending learning experience, but one that`s well worth undertaking.

Regards Howard

This thread is for the use of Casia01 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Thank you for that post Howard. I have decided to start asap