rootvetwife
Posts: 12 +0
How am I supposed to put my hijackthis file in here if it keeps telling me it's too long?
Major problems but can't enter the log file here.
- Thread starter rootvetwife
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
rootvetwife
Posts: 12 +0
Okay, will do. Thank you 
rootvetwife
Posts: 12 +0
OK here is updated log after running ewido
howard_hopkinso
Posts: 21,238 +17
You still need to follow the instructions.
Then post a fresh HJT log.
Regards Howard
Then post a fresh HJT log.
Regards Howard
rootvetwife
Posts: 12 +0
ok taking over for my wife, So do you want me to run HJT after cleaning right? I will be right back.
howard_hopkinso
Posts: 21,238 +17
Yes please.
Follow the instructions exactly, then post a fresh HJT log.
Regards Howard
Follow the instructions exactly, then post a fresh HJT log.
Regards Howard
rootvetwife
Posts: 12 +0
I have run HJT, but I ran housecall first then this log. What she did before I got here I am not sure. But I am trying to clean this up so we can fix the computer.
I thank you for understanding.
Steve
I thank you for understanding.
Steve
howard_hopkinso
Posts: 21,238 +17
rootvetwife
Posts: 12 +0
see you in a few hours thanks
thankshoward_hopkinso
Posts: 21,238 +17
No problem Steve.
Just take your time and try not to miss any of the steps.
BTW. Hello and welcome to Techspot.
Regards Howard :wave: :wave:
Just take your time and try not to miss any of the steps.
BTW. Hello and welcome to Techspot.
Regards Howard :wave: :wave:
rootvetwife
Posts: 12 +0
Thanks for the welcome, finished two scans, wont do anything to the worms and trojans. going to do a third from your step one list, then maybe all of them and on to step two. Do you want to see the ewido log? or wait till I am done and send you the HJT?
Peace,
Steve
Peace,
Steve
howard_hopkinso
Posts: 21,238 +17
When you`ve completed the instructions, post fresh Ewido and HJT logs.
Regards Howard
Regards Howard
rootvetwife
Posts: 12 +0
Ok, finished step 2 and am on to three but as the instructions say I am going to post the ewido log. The minute I finished the scan and cleaning I was hijacked to red orbit and intelliton. I cant win.
Peace,
Steve
Peace,
Steve
rootvetwife
Posts: 12 +0
OK I have finished all the steps, here is the final HJT log. now when I reboot it pops up explorer and tries to go to iesettings page. I have no idea what that is about but I am going to find out why.
I hope it looks clean to you it has taken over 9 hours of sitting and staring. I do appreciate all your time.
Right after I posted this my trend micro spyware monitor caught 124 attempts to redirect the url zone and they were blocked, so I can safely say there is still something in here. I dont see it, I hope you do. I am running more scans.
Peace,
Steve
I hope it looks clean to you it has taken over 9 hours of sitting and staring. I do appreciate all your time.
Right after I posted this my trend micro spyware monitor caught 124 attempts to redirect the url zone and they were blocked, so I can safely say there is still something in here. I dont see it, I hope you do. I am running more scans.
Peace,
Steve
howard_hopkinso
Posts: 21,238 +17
You`ve done a good job so far. However, there are a few more things to do.
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ms050766818888.exe
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [ms050766818888] C:\WINDOWS\ms050766818888.exe
O15 - Trusted Zone: .trymedia.com[/url] (HKLM)
Fix all 016-DPF entries.
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\ms050766818888.exe
C:\WINDOWS\ALCXMNTR.EXE
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
ms050766818888.exe
ALCXMNTR.EXE
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [adstart] iexplore.exe http://iesettingsupdate
O4 - HKLM\..\Run: [ms050766818888] C:\WINDOWS\ms050766818888.exe
O15 - Trusted Zone: .trymedia.com[/url] (HKLM)
Fix all 016-DPF entries.
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\WINDOWS\ms050766818888.exe
C:\WINDOWS\ALCXMNTR.EXE
Reboot into normal mode and turn system restore back on.
Post a fresh HJT log.
Regards Howard
rootvetwife
Posts: 12 +0
Thanks will do this in a bit, wifes birthday and all I will post a new log soon and I really appreciate what you have done to help.
Peace,
Steve
Ezula mean anything to you? I keep finding that one but cant get rid of it, I googled it and of course I read it is not easily removed.
I will post a new log soon and I really appreciate what you have done to help.Peace,
Steve
Ezula mean anything to you? I keep finding that one but cant get rid of it, I googled it and of course I read it is not easily removed.
howard_hopkinso
Posts: 21,238 +17
C:\WINDOWS\ms050766818888.exe Is the real nasty entry as far as I`m concerned. I can find no info for this file, but it looks highly suspicious to me.
Once you`ve followed the above instructions, your system should to all intents and purposes be clean.
However, I won`t be sure untill I see a fresh HJT log.
Regards Howard
Once you`ve followed the above instructions, your system should to all intents and purposes be clean.
However, I won`t be sure untill I see a fresh HJT log.
Regards Howard
rootvetwife
Posts: 12 +0
OK I hope it is clean. As far the file you mentioned I googled it lastnight and found nothing anywhere. I found files close which were malware and such but not that one exactly. Anyway here is the new HJT and again I thank you for your time. I used to build computers but when I lost DOS I got behind and I miss DOS systems and I like Mozilla but this is my wifes computer and she hates it so I deal with IE and all the problems that go along with it.
Peace,
Steve
Peace,
Steve
howard_hopkinso
Posts: 21,238 +17
Well done, your HJT log is clean.
Ask your wife, to stop using IE, except for windows updates. Ask her to get either Firefox, or Opera.
Her system will be a lot more secure, by not using that IE crap lol.
You might want to ask your wife to read this thread HERE. It will give her lots of info on how to keep her system more secure.
Regards Howard
Ask your wife, to stop using IE, except for windows updates. Ask her to get either Firefox, or Opera.
Her system will be a lot more secure, by not using that IE crap lol.
You might want to ask your wife to read this thread HERE. It will give her lots of info on how to keep her system more secure.
Regards Howard
rootvetwife
Posts: 12 +0
Thanks again. I have tried. I run firewalls and she hates having to train them so she or my daughter shuts them off. I just grin and fix. I have all of the info you have supplied me and now if I post an hjt for help it will be after all of these have been checked for.
Peace,
Steve
I just grin and fix. I have all of the info you have supplied me and now if I post an hjt for help it will be after all of these have been checked for. Peace,
Steve
- Status
