More AURORA popups

Status
Not open for further replies.

jluechau

Posts: 20   +0
I need help too!!

Spike,

I saw that you definitely helped this person out and I was wondering if you might be willing to tackle my problem too. I did everything that you previously said to do, but I'm not comfortable enough to go in and use Hijack This. I fixed some stuff, but I would really appreciate it if you could just go through and tell me exactly what is bad. Thank you!!
 
I can't see any definite hijacks in your log, but I can say you are not clean!

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe (Imiserv.A Trojan)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (Trojan.Win32.Stervis.b)

You may wish to uninstall the viewpoint toolbar from add/remove programs if you don't use it, other than that, files I've never seen before (or can get no information on) are...

O4 - HKLM\..\Run: [hwbads] c:\windows\system32\ttdrvs.exe
O4 - HKLM\..\Run: [xtkhsp] c:\windows\system32\tihwtce.exe r

...which you may be able to identify as part of a program, though it's entirely possible that they are randomly named files as a result of infection.

Run a full Virus scan after updating your definitions, and check to see if these files are still there.

Note: For future reference though, HJT logs should be posted in your own thread. It can get very confusing otherwise.
 
Spike,

Ok. I did all of that. They are still here and I'm close to throwing the computer out the window. I'm just scared to go through and start fixing things because I don't know what anything is. If its just a bunch of random letters is it safe to delete it? Also, I want to post my last HJT log, but it says I'm not allowed to post a new thread, so I'm might need a little help figuring that out too. I've never done this kind of thing before...sorry. Thanks for all your help and for putting up with me. You are going to want to throw me out the window when I finally get rid of it. Also, no matter how many times I change my password, someone is always on my AIM screenname. Any thoughts on that? Well thanks again... you are rocking my world right now. This is soooooooo nice of you!
 
Status
Not open for further replies.
Back