TechSpot

System acting up

By Treeman
Jul 30, 2006
  1. Hi all,

    My system has been acting odd for the last few days. I followed the instructions but Im still getting pop-ups and IE will not always load and require a reboot to do so. I'm also having a hard time booting into safe mode... most of the time it just hangs. I've attached my logs. Thanks in advance for the help!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

    O16 - DPF: Win32 Classes -

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    It appears you`re not using any antivirus or firewall software. This is a hugh security risk. Get the FREE AVG antivirus and the free Zonealarm or the free Kerio firewall(google for these).

    Once you have AVG installed and updated, run a full system scan and delete whatever it finds.


    Regards Howard :wave: :wave:

    This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Treeman

    Treeman TS Rookie Topic Starter

    Ok, I did that and here's my new log.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You have still not installed any antivirus or firewall software, despite my drawing your attention to the fact in my last post.

    If you have any further problems, that require you to post a HJT log, I won`t help, unless you have installed the above software.

    Without the above software, your system is open to attack from all kinds of stuff.

    You should also go HERE and follow the instructions exactly.

    Regards Howard :)

    This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Treeman

    Treeman TS Rookie Topic Starter

    I've installed AVG, Kerio and Spybot S&D. Ran AVG and SB, deleted/fixed what came up. I keep getting hits on winlogon.exe and pop-ups. Attached is my HJT log.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You have a variant of the Virtumundo infection.

    Go and run this tool HERE. Follow the onscreen instructions.

    Post a fresh HJT log after doing the above.

    Regards Howard :)
     
  7. Treeman

    Treeman TS Rookie Topic Starter

    Program run. Here's the new log.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s got it. Your HJT log is now clean.

    Just have HJT fix this inactive entry.

    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Treeman

    Treeman TS Rookie Topic Starter

    Excellent! Thanks for all your help. Much appreciated!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...