Google redirect
- Thread starter Theodore
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
It sounds like your system is infected with malware. I have therefore moved your thread to our Security and the Web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
It sounds like your system is infected with malware. I have therefore moved your thread to our Security and the Web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard :wave: :wave:
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Cleaning your computer of malware does not guarantee 100% that the system is free of malware, nor does it guarantee it`s safe to use for online banking/credit card use etc.
Regards Howard
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
momok
Posts: 2,127 +6
Hi,
(Please back up your registry before you do the next step)
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Run the antirootkit and fix that entry that you had listed.
Go to Start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Video Access ActiveX Object
PestCapture }
SystemDoctor Free } These 4 are rogue anti-malware programs that will actually harm your system rather than protect or fix it.
DriveCleaner Free }
Spwarelocked }
Go to start > run and type services.msc. Press the enter key.
Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
rare
user32.dll
Salestart
Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
isamntr.exe
pmsnrr.exe
dcpasmon.exe
iun6002.exe
After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://MDASBS:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
Fix all O17 entries.
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - (no file)
Close HJT.
Navigate in Windows Explorer and delete the following files and folders in bold.
c:\windows\system32\kdizz.exe
C:\Program Files\Video Access ActiveX Object\
C:\WINDOWS\iun6002.exe
C:\Program Files\PestCapture\
C:\Program Files\Gay-Lesbian-Photo\
C:\Program Files\Common Files\DriveCleaner Free
C:\DOCUME~1\FButera\APPLIC~1\DriveCleaner Free
C:\DOCUME~1\FButera\APPLIC~1\SystemDoctor Free
C:\Program Files\Common Files\SystemDoctor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\Program Files\SpywareLocked
Go to Start > Run and type regedit. Press Enter.
Press ctrl + F and search for all instances of the following and delete them.
Video Access ActiveX Object
kdizz.exe
PestCapture
Gay-Lesbian-Photo
Close the program.
Reboot into normal mode and rehide your protected OS files.
When you have been done with all the above, may I suggest that you patch your windows to XP Service Pack 2. It will help make your system much safer to external threats and infections.
Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.
Regards,
Your friendly Momok =)
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
(Please back up your registry before you do the next step)
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Run the antirootkit and fix that entry that you had listed.
Go to Start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Video Access ActiveX Object
PestCapture }
SystemDoctor Free } These 4 are rogue anti-malware programs that will actually harm your system rather than protect or fix it.
DriveCleaner Free }
Spwarelocked }
Go to start > run and type services.msc. Press the enter key.
Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
rare
user32.dll
Salestart
Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:
isamntr.exe
pmsnrr.exe
dcpasmon.exe
iun6002.exe
After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://MDASBS:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing)
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video Access ActiveX Object\isamntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = ?
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
Fix all O17 entries.
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - (no file)
Close HJT.
Navigate in Windows Explorer and delete the following files and folders in bold.
c:\windows\system32\kdizz.exe
C:\Program Files\Video Access ActiveX Object\
C:\WINDOWS\iun6002.exe
C:\Program Files\PestCapture\
C:\Program Files\Gay-Lesbian-Photo\
C:\Program Files\Common Files\DriveCleaner Free
C:\DOCUME~1\FButera\APPLIC~1\DriveCleaner Free
C:\DOCUME~1\FButera\APPLIC~1\SystemDoctor Free
C:\Program Files\Common Files\SystemDoctor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
C:\Program Files\SpywareLocked
Go to Start > Run and type regedit. Press Enter.
Press ctrl + F and search for all instances of the following and delete them.
Video Access ActiveX Object
kdizz.exe
PestCapture
Gay-Lesbian-Photo
Close the program.
Reboot into normal mode and rehide your protected OS files.
When you have been done with all the above, may I suggest that you patch your windows to XP Service Pack 2. It will help make your system much safer to external threats and infections.
Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.
Regards,
Your friendly Momok =)
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Edit:I have removed my instructions, which are more or less a duplicate of momok`s. Our posts obviously crossed lol.
Momok will continue to give you instructions until your system is clean.
Regards Howard
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Momok will continue to give you instructions until your system is clean.
Regards Howard
This thread is for the use of Theodore only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Guys,
thanks for your help thus far.
I've followed momok instructions from the start, however, I can't logon in safe mode. When I enter as a normal user name the password no longer works, which is a bit odd becuase when I logon in normal mode it works. I understand I need to move on from this stage to complete your instruction. Any suggestions?
theodore.
thanks for your help thus far.
I've followed momok instructions from the start, however, I can't logon in safe mode. When I enter as a normal user name the password no longer works, which is a bit odd becuase when I logon in normal mode it works. I understand I need to move on from this stage to complete your instruction. Any suggestions?
theodore.
momok
Posts: 2,127 +6
Hi,
In that case try your administrator account then. Are you by any chance using a laptop? (I've personally encountered the same problem before on my laptop, although I must admit I'm not fully sure why this happens)
Regards,
Your friendly Momok =)
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
In that case try your administrator account then. Are you by any chance using a laptop? (I've personally encountered the same problem before on my laptop, although I must admit I'm not fully sure why this happens)
Regards,
Your friendly Momok =)
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Try following the instructions from normal mode, then post the requested logfiles.
Regards Howard
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Theodore only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
