Trouble with 8 steps

Status
Not open for further replies.

Mikekeys

Posts: 10   +0
I'm having trouble with step 4. I'm using your embedded links, and it says that it can't find the web site, and the link is broken. Any suggestions?

By the way, when I tried to download the earlier programs, I was getting redirected from those sites, I had to cut and paste the url to make it work.

Thanks
 
icon48.gif
Direct Download link for CCleaner: http://download.piriform.com/ccsetup218.exe

malwarebytesgc8.png
Direct download link for MalwareBytes: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SASLogo48x48.gif
Direct Download link for SUPERAntiSpyware: http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe

hjtsy1.jpg
Direct Download link for HijackThis: http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
 
Still trouble

If I try to connect to the Malware, Hijackthis, or super anti spy sites, I get a page load error. Other sites work fine. Is it possible that the malware is preventing a connection?
 
Try this and then try re downloading them,

Delete Domains

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Hosts File Corrupted

Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection.
  • Exit the program.
Visit the Website for more information.
 
Already did Kritius instructions

Sorry, I was too quick. I followed Kritius' instructions, then saw your post. What to do now? (I haven't tried to download any of the files yet.)
 
From restoring the hosts file (as per kritius post)
You should now be able to click on the links above (any), and continue the 8-Step process

You may need to restart first
 
Update

Only your (kimsland) links work, even after kritius' instructions. In addition, Malware install freezes at the "extracting files" portion (no buttons are active in window). Super anti installed fine.
 
Thanks for the update, that does help me in future :grinthumb

As for your issue, you will need to extract and install the programs in Safe Mode with Networking
Accessed by pressing F8 key before Windows starts loading
 
Still problems with malware program

I started in safe mode, and installed both without a problem, but Mlaware will not run, either in safe mode or regular. Am I missing something else? It seemed to take a long time to install.
Thanks.
 
Finaaly! 8 steps complete, logs attached

...and there was much rejoicing.

I hope this works. Thanks again for the help.
 
Fix entries using HiJackThis

  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below


O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_3066200.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.localnet.com/


  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Desktop Alert

Rename HijackThis.exe to Mikekeys.exe by doing the following;



  • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
  • Right-click on the HijackThis.exe
  • Choose from the pull-down menu; "Rename"
  • And now Rename HijackThis.exe to Mikekeys.exe
  • When you've renamed HijackThis, open HijackThis again.
  • Take a fresh HijackThis log (click Do a system scan and save a log file)
  • Post the fresh HijackThis log here.

avatar62338_9.gif
Download and Run ComboFix

  • Download this file to your desktop from either HERE
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
 
Fix entries using HiJackThis

  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a check next to the entries listed below


O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)


  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis
  • Reboot HijackThis if necessary

This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,



'To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'





Go to Start > Run and copy/paste or type: taskmgr

  • Under the Processes tab find the following tasks or processes:

    ViewpointService.exe

    ViewMgr.exe

  • Highlight and click "End Process".
  • Exit Task Manager.

Click on Start > Run and type: services.msc

  • Press "OK".
  • Click the "Extended tab".
  • Scroll down the list and find the service called "Viewpoint Manager Service"
  • When you find the service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Disabled".
  • Now click "Apply", then "OK" and close any open windows.

Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Finally, delete the following folders if they still exist:

C:\Program Files\ViewManager\ <-- and delete this folder

C:\Program Files\Viewpoint\ <-- and delete this folder

You should get a firewall as well, either,


Go to add/remove programs and unistall

SpywareStop

Then delete the following folder,
c:\program files\SpywareStop\

Please download ATF Cleaner by Atribune.



  • Double-click ATF-Cleaner.exe to run the program.

    Under Main choose: Select All

    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All

    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All

    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.
 
Lets just make sure.

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, attach in your next post.

I would like you to do an online scan so that we can what else may be in your system,

Run Kaspersky online scanner

With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed

Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.

Do not go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.




Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    o Extended (If available, otherwise use standard)

    o Scan Options:

    o Scan Archives

    o Scan Mail Bases
  • Click OK
  • Under select a target to scan, select My Computer
  • The scan will take a while so be patient and let it run.
  • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As... button (see red arrow below)



    Kas-SaveReport-1.gif



  • In the Save as... prompt, select Desktop
  • In the File name box, name the file
  • In the Save as type prompt, select Text file (see below)



    Kas-Savetxt.gif



  • Include the report in your next post.
 
I've left that computer

Sorry, but I'm no longer at that computer, it was my mothers, and I was working on it while I was visiting. Thanks for your help, and I think it's ok now. I'll check it next time i'm there.
 
Status
Not open for further replies.
Back