TechSpot

Trouble with 8 steps

By Mikekeys
Mar 12, 2009
  1. I'm having trouble with step 4. I'm using your embedded links, and it says that it can't find the web site, and the link is broken. Any suggestions?

    By the way, when I tried to download the earlier programs, I was getting redirected from those sites, I had to cut and paste the url to make it work.

    Thanks
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Still trouble

    If I try to connect to the Malware, Hijackthis, or super anti spy sites, I get a page load error. Other sites work fine. Is it possible that the malware is preventing a connection?
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Try this and then try re downloading them,

    Delete Domains

    Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

    Hosts File Corrupted

    Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program.
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
    • Click on Make ReadOnly to secure it against further infection.
    • Exit the program.
    Visit the Website for more information.
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  6. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Already did Kritius instructions

    Sorry, I was too quick. I followed Kritius' instructions, then saw your post. What to do now? (I haven't tried to download any of the files yet.)
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    From restoring the hosts file (as per kritius post)
    You should now be able to click on the links above (any), and continue the 8-Step process

    You may need to restart first
     
  8. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Update

    Only your (kimsland) links work, even after kritius' instructions. In addition, Malware install freezes at the "extracting files" portion (no buttons are active in window). Super anti installed fine.
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thanks for the update, that does help me in future :grinthumb

    As for your issue, you will need to extract and install the programs in Safe Mode with Networking
    Accessed by pressing F8 key before Windows starts loading
     
  10. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Still problems with malware program

    I started in safe mode, and installed both without a problem, but Mlaware will not run, either in safe mode or regular. Am I missing something else? It seemed to take a long time to install.
    Thanks.
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  12. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Finaaly! 8 steps complete, logs attached

    ...and there was much rejoicing.

    I hope this works. Thanks again for the help.
     
  13. kritius

    kritius TS Guru Posts: 2,084

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below


    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_3066200.exe
    O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\Desktop Alert

    Rename HijackThis.exe to Mikekeys.exe by doing the following;



    • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
    • Right-click on the HijackThis.exe
    • Choose from the pull-down menu; "Rename"
    • And now Rename HijackThis.exe to Mikekeys.exe
    • When you've renamed HijackThis, open HijackThis again.
    • Take a fresh HijackThis log (click Do a system scan and save a log file)
    • Post the fresh HijackThis log here.

    [​IMG]Download and Run ComboFix

    • Download this file to your desktop from either HERE
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply

    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  14. Mikekeys

    Mikekeys TS Rookie Topic Starter

    New logs attached

    As requested, new Hijack this and Combofix logs.
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below


    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)


    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,







    Go to Start > Run and copy/paste or type: taskmgr

    • Under the Processes tab find the following tasks or processes:

      ViewpointService.exe

      ViewMgr.exe

    • Highlight and click "End Process".
    • Exit Task Manager.

    Click on Start > Run and type: services.msc

    • Press "OK".
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.

    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.



    Finally, delete the following folders if they still exist:

    C:\Program Files\ViewManager\ <-- and delete this folder

    C:\Program Files\Viewpoint\ <-- and delete this folder

    You should get a firewall as well, either,


    Go to add/remove programs and unistall

    SpywareStop

    Then delete the following folder,
    c:\program files\SpywareStop\

    Please download ATF Cleaner by Atribune.



    • Double-click ATF-Cleaner.exe to run the program.

      Under Main choose: Select All

      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.
     
  16. Mikekeys

    Mikekeys TS Rookie Topic Starter

    Done

    Thanks for all your help. It all seems good now!
     
  17. kritius

    kritius TS Guru Posts: 2,084

    Lets just make sure.

    To get an Uninstall List from HijackThis:

    • Open HijackThis, click Config, click Misc Tools
    • Click "Open Uninstall Manager"
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, attach in your next post.

    I would like you to do an online scan so that we can what else may be in your system,

    Run Kaspersky online scanner

    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed

    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.

    Do not go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.




    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      o Extended (If available, otherwise use standard)

      o Scan Options:

      o Scan Archives

      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)



      [​IMG]


    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)



      [​IMG]


    • Include the report in your next post.
     
  18. Mikekeys

    Mikekeys TS Rookie Topic Starter

    I've left that computer

    Sorry, but I'm no longer at that computer, it was my mothers, and I was working on it while I was visiting. Thanks for your help, and I think it's ok now. I'll check it next time i'm there.
     
  19. kritius

    kritius TS Guru Posts: 2,084

    Fair do's.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...