hi, i had a badly infected machine just wondering if i missed anything
It looks like you´ve got an old and rare (AboutBlank) infection ->
Please download AboutBuster
Unzip to a convenient location such as C:\AboutBuster
Start –Run, type services.msc (or copy/paste) in 'run' box. Click OK. When the services window opens, scroll down to:
Network Security Service ( 6QÔõ 'ª´ÆÐ8)
Right click on it and choose 'properties. You will see a little drop down bar with an arrow. Click on that and change it to ”Deactivate”
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
Run About:Buster now. Hit OK, Start, OK. Save the log file. Run it again for the second time (OK, Start, OK). Save that log file. Post both log files here.
Reboot into Safe Mode (hit F8 key until menu shows up). Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.
Go to EVERY profile (C:\Documents and Settings\every_profile_listed\Local Settings\Temp & also
C:\Documents and Settings\every_profile_listed\Local Settings\Temporary Internet Files) and delete all the contents in their folders.
Attach a new HJT log file along with log files from aboutbuster
Will do thanks
Thanks for your help, i have attached the logs you have asked me to, however i wasent able to follow your instrustions exactly as far as
but i did run it twice and attached the logs all else was completed successfully as far as emptying the temp folders.
I´m not sure if AboutBuster have removed what it found -> C:\WINDOWS\system32\cvxmj.dat.
I´ll therefore suggest you run a scan with combofix.
Please download Combofix:
And save to the desktop.
Open notepad and copy/paste the text in the quotebox below into it:
Name the file as CFScript
and Save it on the desktop
Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, Attach the contents of that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
combo fix says that the script is incorrect, also it says the current date is 4\12\09 it is going to run in reduced functionality mode, would it be ok to delete that file in safemode?
Edit: I had the wrong name for the script, DOH. Im running combo fix in safe mode now
alright, downloaded an updated version of combofix, used it in safemode, lookes like it got rid of the about infection and a bunch of other stuff
updated logs attached
can i assume im clean?
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
in msconfig. Look here, how to:
reboot, and tell how things are running ?
all those have been unchecked prior to cleaning everything out, it running good much better then in the beginning, in fact i only have 3 startup programs running (checked) as all the other crap is unnecessary
thank you for your help
Now your computer problems are solved, it is time for the clean-up procedure.
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place