TechSpot

Help malware, lop, ads.dns-look-up

By Revman
Aug 20, 2007
  1. Hello:

    Same problem as Justinvk6 Can you please help
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Revman

    Revman TS Rookie Topic Starter

    ran all the programs

    Hi all

    Ran all the programs. Norton still picking up the intrusion. Here are the files

    Thank you
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You didn`t attach an AVG Antispyware log. Please do so in your next reply.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    osCheck.exe
    cake 2.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [close surf mail dupe] C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf\Extra Shim.exe

    O4 - HKCU\..\Run: [copycoal] C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1\cake 2.exe

    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n033p/EN/install/gtdownlr.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1<Delete the entire folder.

    C:\Documents and Settings\All Users\Application Data\Tick Find Close Surf<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Revman

    Revman TS Rookie Topic Starter

    malware

    So far so good, thank you very much

    I could not find the file c:\docume~1\ . . . though, please let me know how to do it

    attatched are the files
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your log files are now clean.

    C:\DOCUME~1\E8948~1.JOH\APPLIC~1\COOLPH~1 translates as:
    C:\Documents and Settings\E8948~1.JOH\Application Data\COOLPH~1

    Delete the bold folder if you can find it.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Revman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...