Custom User Title
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline
| Post 329596 posted on 9-4-2008 at 22:23
Please read and action before posting HijackThis logs
IMPORTANT - Read These 3 Steps Before Posting For Malware Removal Help
Please follow these instructions BEFORE posting your log. This will help the cleaning process and make things easier for you. DO NOT FIX ANY ENTRIES
OR DELETE ANY FILES YOURSELF. NOTE THAT IF YOU CHOOSE TO RUN ANY SPECIALISED TOOLS THAT YOU SEE BEING USED IN OTHER THREADS, WITHOUT SUPERVISION, THIS
WEBSITE CANNOT BE HELD RESPONSIBLE FOR ANY SYSTEM DAMAGE CAUSED. You may end up with a useless system. A trained Analyst will review your log and
provide detailed instructions thereafter.
It is appreciated that the level of infection may not allow you to complete all these steps. Therefore, if for some reason you cannot perform one of
the steps, move on to the next step and advise the Analyst accordingly when you post the requested logs.
NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes
time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them,
and choose just one.
Uninstall Malware from Windows Add/Remove Program Tab
Go to Start > Control Panel > Add / Remove Programs and uninstall any of the following malware/spyware/adware programs if you find them
180 Search Assistant
Freeze Clip Art
Hotbar Outlook Tools
Hotbar Web Tools
MyWay Search Bar
NavExcel Search Toolbar
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Software Update Manager
Viewpoint Media Player
Web Search Toolbar (WinTools)
WhenU (any entry)
WinTools Easy Installer
These are Optional removals but it is recommended you remove them as well.
Download Accelerator Plus
*Note* If you're unsure about ANY entry then leave it alone and the Analyst will advise you in the fix later.
Search for Rogue and Suspect Programs
Please visit the following site and REMOVE/UNINSTALL any program you have that is listed on the Spywarewarrior site.
This site has a list of known "Rogue" and "Suspect" programs. These programs cannot be trusted as they either don't do what they say, are poorly
designed, or take advantage of the user in an effort to get YOU to spend money on buying their products. Several of these programs actually install
"Spyware/Adware" on your system!
Run an Online scan - Windows 2000 and XP only - Vista users see below
Perform an online scan with Internet Explorer with Panda ActiveScan http://www.pandasoftware.com/activescan/activescan/ascan_2.asp
Click on 'Scan your PC' located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting 'My Computer'
If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on 'See Report then click 'Save Report'
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Add the Panda log to your first post after you’ve completed the remaining steps.
Users of Avast AntiVirus, please note:
Continue with the online scan at Panda. It is a false positive from Avast http://www.avast.com/eng/virus_detection_and.html#idt_1554 because Panda Online scan does not encrypt its
virus definitions database.
Panda ActiveScan is not currently compatible with Windows Vista.
Please follow these instructions to run an alternative online scan.
Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Answer Yes, when prompted to install an ActiveX component.
The program will then begin downloading the latest definition
files. Once the files have been downloaded click on NEXT Locate the Scan Settings button &
configure to:* Turn off the real time scanner of any existing antivirus program while performing the online scan
Scan using the following Anti-Virus database:Scan Options: Click OK & have it
scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to
clean/disinfect. We only require a report from it.
Scan ArchivesScan Mail Bases
[bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif[/bad img]
[bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif[/bad img]
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
For users running Windows 2000, XP or Vista
Preparing to get a log with Deckard's System Scanner (formerly Comboscan)
Download Deckard's System Scanner (DSS) to your Desktop.http://www.techsupportforum.com/sectools/Deckard/dss.exe.
Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt
<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txtin your thread in the Help Forum.
Please copy and paste main.txt and extra.txtto your post.
What DSS will do:
Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also
install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
For users running Windows 95, 98 or ME
Please download HijackThis to your desktop..
Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Upon install, HijackThis should open for you.
Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
If not, run a scan and save the log file.
Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the Virus help and InfoSec http://www.karlsforums.com/forums/forumdisplay.php?fid=68
Do not fix any entries in HijackThis since they may be harmless.
Make sure to include the System information at the top of the log as well.
Posting the Log
1. Be specific about YOUR issue.
The more information you can provide the easier it will be for us to ascertain your problem. If you receive a warning about a specific
virus/trojan/worm then include the name of the infection in the thread header. For example, if your Antivirus picks up Alcra.B worm then your thread
header would be something like
”Constant pop ups – Alcra.B worm”
2. Describe your issue/problem in DETAIL!
DO NOT use something like "Help Me" or "Here's My Log"...etc. This tells us nothing and is a waste of our time and yours. We cannot guess as to
what may be your problem. Please provide as much detail as possible, including virus/trojan/worm names and locations if available. The more
information you can give us the better we can help.
When posting the log please observe the following:
DO NOT Attach the logs unless specifically requested. (Post it as text in the thread).
DO NOT Wrap the log using Quote or Code tags. (DO make sure notepad word-wrap is OFF)
DO NOT Post another Program’s log (Unless we specifically ask for it)
DO NOT Cut off the header of any log (It contains important information for the Analyst)
DO NOT Private Message the Analyst unless asked to do so.
TICK THE check box "Turn BB code off" either to the right or below the mesage box
3. Once you have posted, Subscribe to your thread by going to Thread Tools (at the top of the thread) > Subscribe. Make sure it is
set to Instant Notification, then click Add Subscription.so that you are notified when you receive a reply.
This concludes the basic steps required before posting your log. Everything listed here is an effort from us to help you help yourself. The Analyst
will cover many of these procedures again when reviewing your logs so please follow their instructions. And yes, you may be asked to run a tool again,
even if you’ve already advised that you’ve run it previously. Once your issue is resolved the Analyst will provide links to programs and advice to
help you prevent further infections in the future. Thank you for taking the time to read this.
When all done post you log/s here... http://www.karlsforums.com/forums/forumdisplay.php?fid=68