Results of 8 Steps
- Thread starter seanpaulz
- Start date
- Status
im no pro but im bored and ive had a vudo thing before i used kaspersky in safe mode and di a deep scan then i used cc cleaner to remove stuff i think once the deep scanned finished my pc worked fine again for a little while but then i had to reinstall windows because it came back.
and if im right root kit is a lot of virus and Trojans and stuff all working together and very hard to remove but don't take my word im no pro
and if im right root kit is a lot of virus and Trojans and stuff all working together and very hard to remove but don't take my word im no pro
touch
Posts: 976 +0
Hello Sean
You should remove one of your antivirus programs - Avast or Norton/Symantec from add/remove programs in controlpanel.
Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html
Choose one of the servers at Majorgeeks....save the file on your desktop
Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Reboot, attach new new hijackthis log, and tell how your computer are behaving
You should remove one of your antivirus programs - Avast or Norton/Symantec from add/remove programs in controlpanel.
Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html
Choose one of the servers at Majorgeeks....save the file on your desktop
Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Reboot, attach new new hijackthis log, and tell how your computer are behaving
touch
Posts: 976 +0
Great.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...a/key_features/ext360_dcab.html?noreloadredir
The following are not spyware/malware, but I suggest you place a check mark next to the following entries and hit 'Fix checked', as these programs may be taking up system resources.
O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
Reboot, post fresh hijackthis log and tell how things are running ?
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...a/key_features/ext360_dcab.html?noreloadredir
The following are not spyware/malware, but I suggest you place a check mark next to the following entries and hit 'Fix checked', as these programs may be taking up system resources.
O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
(Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
Reboot, post fresh hijackthis log and tell how things are running ?
Ok, I checked and fixed all of the files that you suggested.
Attached is the new log.
A quick note, everything seems to be running fine now. The only thing that still worries me is when I log in to safe mode, there are two log in options; Admin and my profile. The Admin is password protected and I cant get in to it.
When I log in normally, only my profile exists and it shows that I am the Admin.
Any advice on that?
Thank again!
Attached is the new log.
A quick note, everything seems to be running fine now. The only thing that still worries me is when I log in to safe mode, there are two log in options; Admin and my profile. The Admin is password protected and I cant get in to it.
When I log in normally, only my profile exists and it shows that I am the Admin.
Any advice on that?
Thank again!
- Status
