TechSpot

Major problems but can't enter the log file here.

By rootvetwife
Jun 22, 2006
  1. How am I supposed to put my hijackthis file in here if it keeps telling me it's too long?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Befor attaching your HJT log, go HERE and follow the instructions exactly.

    Then, post a fresh HJT log as an attachment, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. rootvetwife

    rootvetwife TS Rookie Topic Starter

    Okay, will do. Thank you :)
     
  4. rootvetwife

    rootvetwife TS Rookie Topic Starter

    OK here is updated log after running ewido
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You still need to follow the instructions.

    Then post a fresh HJT log.

    Regards Howard :)
     
  6. rootvetwife

    rootvetwife TS Rookie Topic Starter

    ok taking over for my wife, So do you want me to run HJT after cleaning right? I will be right back.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes please.

    Follow the instructions exactly, then post a fresh HJT log.

    Regards Howard :)
     
  8. rootvetwife

    rootvetwife TS Rookie Topic Starter

    I have run HJT, but I ran housecall first then this log. What she did before I got here I am not sure. But I am trying to clean this up so we can fix the computer.

    I thank you for understanding.

    Steve
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok Steve. Your system has quite a few problems.

    Because you haven`t been here from the start, please do the following.

    Go HERE and follow all the instructions exactly.

    Then, post a fresh HJT log, only after doing the above.

    Regards Howard :)
     
  10. rootvetwife

    rootvetwife TS Rookie Topic Starter

    see you in a few hours :) thanks
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem Steve.

    Just take your time and try not to miss any of the steps.

    BTW. Hello and welcome to Techspot.

    Regards Howard :wave: :wave:
     
  12. rootvetwife

    rootvetwife TS Rookie Topic Starter

    Thanks for the welcome, finished two scans, wont do anything to the worms and trojans. going to do a third from your step one list, then maybe all of them and on to step two. Do you want to see the ewido log? or wait till I am done and send you the HJT?

    Peace,
    Steve
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    When you`ve completed the instructions, post fresh Ewido and HJT logs.

    Regards Howard :)
     
  14. rootvetwife

    rootvetwife TS Rookie Topic Starter

    Ok, finished step 2 and am on to three but as the instructions say I am going to post the ewido log. The minute I finished the scan and cleaning I was hijacked to red orbit and intelliton. I cant win.


    Peace,
    Steve
     
  15. rootvetwife

    rootvetwife TS Rookie Topic Starter

    OK I have finished all the steps, here is the final HJT log. now when I reboot it pops up explorer and tries to go to iesettings page. I have no idea what that is about but I am going to find out why.
    I hope it looks clean to you it has taken over 9 hours of sitting and staring. I do appreciate all your time.

    Right after I posted this my trend micro spyware monitor caught 124 attempts to redirect the url zone and they were blocked, so I can safely say there is still something in here. I dont see it, I hope you do. I am running more scans.

    Peace,
    Steve
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`ve done a good job so far. However, there are a few more things to do.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ms050766818888.exe
    ALCXMNTR.EXE

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate

    O4 - HKLM\..\Run: [ms050766818888] C:\WINDOWS\ms050766818888.exe

    O15 - Trusted Zone: http://*.trymedia.com (HKLM)

    Fix all 016-DPF entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\ms050766818888.exe
    C:\WINDOWS\ALCXMNTR.EXE

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)
     
  17. rootvetwife

    rootvetwife TS Rookie Topic Starter

    Thanks will do this in a bit, wifes birthday and all :) I will post a new log soon and I really appreciate what you have done to help.

    Peace,
    Steve


    Ezula mean anything to you? I keep finding that one but cant get rid of it, I googled it and of course I read it is not easily removed.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    C:\WINDOWS\ms050766818888.exe Is the real nasty entry as far as I`m concerned. I can find no info for this file, but it looks highly suspicious to me.

    Once you`ve followed the above instructions, your system should to all intents and purposes be clean.

    However, I won`t be sure untill I see a fresh HJT log.

    Regards Howard :)
     
  19. rootvetwife

    rootvetwife TS Rookie Topic Starter

    OK I hope it is clean. As far the file you mentioned I googled it lastnight and found nothing anywhere. I found files close which were malware and such but not that one exactly. Anyway here is the new HJT and again I thank you for your time. I used to build computers but when I lost DOS I got behind and I miss DOS systems and I like Mozilla but this is my wifes computer and she hates it so I deal with IE and all the problems that go along with it.

    Peace,
    Steve
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done, your HJT log is clean.

    Ask your wife, to stop using IE, except for windows updates. Ask her to get either Firefox, or Opera.

    Her system will be a lot more secure, by not using that IE crap lol.

    You might want to ask your wife to read this thread HERE. It will give her lots of info on how to keep her system more secure.

    Regards Howard :)
     
  21. rootvetwife

    rootvetwife TS Rookie Topic Starter

    Thanks again. I have tried. I run firewalls and she hates having to train them so she or my daughter shuts them off. :) I just grin and fix. I have all of the info you have supplied me and now if I post an hjt for help it will be after all of these have been checked for.

    Peace,
    Steve
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...