your computer is infected
- Thread starter Jerimi
- Start date
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
I have deleted your other thread for this. It will save any confusion.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly, including HJT placement and renaming.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I have deleted your other thread for this. It will save any confusion.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly, including HJT placement and renaming.
Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
i am unable to get the pages
http://www.bleepingcomputer.com/forums/tutorial61.html
http://www.bleepingcomputer.com/forums/tutorial62.html
or bleepingcomputer.com site to open.
I did run avg and spy bot along with the other programs you listed on the page in safe mode, but i am listed as the administrator. I don't know how to change it.
http://www.bleepingcomputer.com/forums/tutorial61.html
http://www.bleepingcomputer.com/forums/tutorial62.html
or bleepingcomputer.com site to open.
I did run avg and spy bot along with the other programs you listed on the page in safe mode, but i am listed as the administrator. I don't know how to change it.
howard_hopkinso
Posts: 21,238 +17
I`ve just checked your links and they work fine for me. Try again and see what happens.
If you still can`t access Bleeping computer, please post fresh HJT and AVG Antispyware logs and we`ll go from there.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you still can`t access Bleeping computer, please post fresh HJT and AVG Antispyware logs and we`ll go from there.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your AVG Antispyware log says all results have No Action Taken. This is due to the fact that you have not changed the recommended action to quarantine. For a pictorial guide to AVG Antispyware, see this thread HERE. Do a fresh AVG Antispyware scan as per the instructions and post a fresh log in your next reply.
# Print out these instructions as we will need to close every window that is open later in the fix.
# Download SmitfraudFix.exe from the link below and save it to your desktop:
SmitFraudFix.exe
Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:
# Next, please reboot your computer into Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
5. When you are at the logon prompt, log in as the user your normally log in as.
# When your computer has started in safe mode and you see the desktop.
# Close all open Windows.
# Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:
# When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
# You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
# The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.
# When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
# When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
# Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.
Post a fresh HJT log as well as the SmitFraud log and an AVG Antispyware log.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
# Print out these instructions as we will need to close every window that is open later in the fix.
# Download SmitfraudFix.exe from the link below and save it to your desktop:
SmitFraudFix.exe
Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:
# Next, please reboot your computer into Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
5. When you are at the logon prompt, log in as the user your normally log in as.
# When your computer has started in safe mode and you see the desktop.
# Close all open Windows.
# Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:
# When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.
# You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
# The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.
This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.
# When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.
# When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
# Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.
Post a fresh HJT log as well as the SmitFraud log and an AVG Antispyware log.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
PrismXL
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PRISMXL.SYS
Adobe_Photoshop_CS_V8_by_ChLanKBooT.exe
wallpaper.exe
forkelseglue.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [Deletesize] C:\DOCUME~1\OWNER~1.JER\APPLIC~1\BOLTRO~1\forkelseglue.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\Owner.Jerimi\My Documents\Cracks<Delete the entire folder.
C:\Documents and Settings\Owner.Jerimi\My Documents\Palm Stuff\Adobe_Photoshop_CS_V8_Time_Limit_by_ChLanKBooT.zip<Delete the entire folder.
C:\DOCUME~1\OWNER~1.JER\APPLIC~1\BOLTRO~1<Delete the entire folder.
wallpaper.exe<Search your system for this file and delete all instances found.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Delete all files in AVG Antispyware quarantine.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
PrismXL
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
PRISMXL.SYS
Adobe_Photoshop_CS_V8_by_ChLanKBooT.exe
wallpaper.exe
forkelseglue.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [Deletesize] C:\DOCUME~1\OWNER~1.JER\APPLIC~1\BOLTRO~1\forkelseglue.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Documents and Settings\Owner.Jerimi\My Documents\Cracks<Delete the entire folder.
C:\Documents and Settings\Owner.Jerimi\My Documents\Palm Stuff\Adobe_Photoshop_CS_V8_Time_Limit_by_ChLanKBooT.zip<Delete the entire folder.
C:\DOCUME~1\OWNER~1.JER\APPLIC~1\BOLTRO~1<Delete the entire folder.
wallpaper.exe<Search your system for this file and delete all instances found.
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your HJT log looks clean. However, I have concerns over this file wallpaper.exe. Do you know what it is and are you sure that it`s safe?
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Please search your system for this file and let me know it`s exact filepath. wallpaper.exe
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Please search your system for this file and let me know it`s exact filepath. wallpaper.exe
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Empty your recycle bin.
The Advances System Optimizer software is classed as safe, so no worries there.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The Advances System Optimizer software is classed as safe, so no worries there.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Jerimi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Similar threads
Latest posts
-
Scientists develop plastic that dissolves in seawater within hours
- bclaymiles replied
