animemanga
Posts: 92 +0
hi
ihave pros with an annoying adware.sheriff. my norton anti virus doen not detect it. any 1 help.
ihave pros with an annoying adware.sheriff. my norton anti virus doen not detect it. any 1 help.
need help with adware.sheriff
- Thread starter animemanga
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
Hi Tedster.
animemanga doesn`t have the spysheriff infection. Instead he has one of the new variants of the Smitfraud infection. I think it`s probably the W32.Myzor.FK@yf infection.
Regards Howard
animemanga doesn`t have the spysheriff infection. Instead he has one of the new variants of the Smitfraud infection. I think it`s probably the W32.Myzor.FK@yf infection.
Regards Howard
Tedster
Posts: 5,746 +14
hmmm. must be a variant..... this is new.... interesting....howard_hopkinso said:Hi Tedster.
animemanga doesn`t have the spysheriff infection. Instead he has one of the new variants of the Smitfraud infection. I think it`s probably the W32.Myzor.FK@yf infection.
Regards Howard
animemanga
Posts: 92 +0
hi
like u told me i went to the first place. but there is a problem i downloaded
smitfraudfix. but it wont open. i extract the folder like told. but when i try to open. its say that another programme is currently using it. i felt my pc on the whole night waiting for a change but nothing. rebooted but still nothing
i dnt get wat is going on
like u told me i went to the first place. but there is a problem i downloaded
smitfraudfix. but it wont open. i extract the folder like told. but when i try to open. its say that another programme is currently using it. i felt my pc on the whole night waiting for a change but nothing. rebooted but still nothing
i dnt get wat is going on
howard_hopkinso
Posts: 21,238 +17
Ok, skip that for now and follow the instructions in the second link I gave you.
Regards Howard
Regards Howard
animemanga
Posts: 92 +0
i retried the first link with safe mode and i managed to get it through. i aslo did wat was needed for the second link.so far so good.i regained my home page. but weirdly ewido found 1085 infected files is that normal or my pc is way too sick. here are both the new hjk log and the ewido report.
wat i am not allowed to post my ewido report as txt format cause it's 2 big. am in a hurry now. so can any 1 answer wats going on i will just post my hjk log for now
wat i am not allowed to post my ewido report as txt format cause it's 2 big. am in a hurry now. so can any 1 answer wats going on i will just post my hjk log for now
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Goto add remove programmes in your control panel and uninstall anything to do with(if there).
ULi5287
Close contol panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RecoverFromReboot.exe
ULi5287.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80<Fix this, if you don`t know what it is, or you have not set this yourself.
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
Fix all 016-DPF entries.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\Program Files\ULi5287\ULi5287.exe
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT log.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Goto add remove programmes in your control panel and uninstall anything to do with(if there).
ULi5287
Close contol panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RecoverFromReboot.exe
ULi5287.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80<Fix this, if you don`t know what it is, or you have not set this yourself.
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
Fix all 016-DPF entries.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\Program Files\ULi5287\ULi5287.exe
Reboot into normal mode and turn system restore back on.
Please post a fresh HJT log.
Regards Howard
animemanga
Posts: 92 +0
chattin to howard.
hi
thanx for everything. am on what u told me. but just few question.
why do i uninstall. ULI5287, and everthing involved with it.? i don't even know what it does but, u know its just one of those thing that i never messed wiv and probably never messed wiv me. I FOUND ULI LAN DRIVER AND ULI SATA DRIVER.
I GOT THE PROXY1@EQUINXSOLUTIONS FROM SOMEONE COZ MY PC SEEMED TO NOT CONNECTED.
thanx alot howard. so far so gooooooooood. i got mi home page n i dnt see silly pop ups no more.
hi
thanx for everything. am on what u told me. but just few question.
why do i uninstall. ULI5287, and everthing involved with it.? i don't even know what it does but, u know its just one of those thing that i never messed wiv and probably never messed wiv me. I FOUND ULI LAN DRIVER AND ULI SATA DRIVER.
I GOT THE PROXY1@EQUINXSOLUTIONS FROM SOMEONE COZ MY PC SEEMED TO NOT CONNECTED.
thanx alot howard. so far so gooooooooood. i got mi home page n i dnt see silly pop ups no more.
howard_hopkinso
Posts: 21,238 +17
I can find very little info for ULi5287.exe. If you know what it is and think it`s safe, then by all means keep it.
If you don`t want to uninstall it, then maybe you should just let HJT fix the entries. If it causes any problems, you can always restore them.
Regards Howard
If you don`t want to uninstall it, then maybe you should just let HJT fix the entries. If it causes any problems, you can always restore them.
Regards Howard
animemanga
Posts: 92 +0
ok
sounds great to me. so i will just follow the instruction you posted ealier.
does ULI seem to be disturbing my system ???
sounds great to me. so i will just follow the instruction you posted ealier.
does ULI seem to be disturbing my system ???
howard_hopkinso
Posts: 21,238 +17
Because I can find very little info for the process, I don`t know if it`s safe or nasty. If in doubt get rid of it.
Regards Howard
animemanga
Posts: 92 +0
aaah!
i have been told that ULI is used to propaly store drives. or something. i almost never use it. but my mate doesn't want me to mess wiv it. so i don't know what to do know. your earlier instructions involve deleting ULI raid.
any other thing i need to do
thanx for all
i have been told that ULI is used to propaly store drives. or something. i almost never use it. but my mate doesn't want me to mess wiv it. so i don't know what to do know. your earlier instructions involve deleting ULI raid.
any other thing i need to do
thanx for all
howard_hopkinso
Posts: 21,238 +17
If you`re not having anymore problems, then keep the ULi5287 programme.
Regards Howard
Regards Howard
animemanga
Posts: 92 +0
ok i will keep it for now thanx so much.
since infected by the virus my pc started to sound like a vacuum(almost)
i don't understand why it's giving that horrible sound. and it doesn't seem to coop with UTORRENt no more(it's a programme used by my roomate to download music.) i can't do a simple task why that programme is running. is there any explanation??? . it seemed to go well before i was infected. thanx again
since infected by the virus my pc started to sound like a vacuum(almost)
i don't understand why it's giving that horrible sound. and it doesn't seem to coop with UTORRENt no more(it's a programme used by my roomate to download music.) i can't do a simple task why that programme is running. is there any explanation??? . it seemed to go well before i was infected. thanx again
howard_hopkinso
Posts: 21,238 +17
Mmm strange. It could just be a coincidence. However, I`d like you to post a fresh HJT log please.
Regards Howard
Regards Howard
animemanga
Posts: 92 +0
it's indeed very starnge...
Utorrent worked good before infection but now goes very slow and makes everything slow as well. the weird sound comes sometimes and is like a vacuum
anyway here's the fresh hjk log
Utorrent worked good before infection but now goes very slow and makes everything slow as well. the weird sound comes sometimes and is like a vacuum
anyway here's the fresh hjk log
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RecoverFromReboot.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
Fix all 016-DPF entries
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\Temp\RecoverFromReboot.exe
Reboot into normal mode and turn system restore back on.
I`m still suspicious of C:\Program Files\ULi5287\ULi5287.exe and also this entry as well. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
RecoverFromReboot.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: Shell=
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_03\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
Fix all 016-DPF entries
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\Temp\RecoverFromReboot.exe
Reboot into normal mode and turn system restore back on.
I`m still suspicious of C:\Program Files\ULi5287\ULi5287.exe and also this entry as well. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1@equinxsolution.com:80
Regards Howard
animemanga
Posts: 92 +0
if the expert say he's suspicious, then there must be wrong with that programm.
i dnt need proxy1@eqiun........
but what about uli raid. if i delete it will i be able to recover it. if the deleting doesn't make any change???
i dnt need proxy1@eqiun........
but what about uli raid. if i delete it will i be able to recover it. if the deleting doesn't make any change???
howard_hopkinso
Posts: 21,238 +17
Don`t uninstall the uli programme, just let HJT fix the uli entries. If you then have problems, you can always restore the HJT entries for that programme.
Regards Howard
Regards Howard
- Status
Latest posts
-
How to build a Wii the size of a deck of cards- Daniel Sims replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
