Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: Please read and action before posting HijackThis logs
Pancake
Custom User Title
*******


Avatar


Posts: 537
Registered: 17-4-2006
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 329596 posted on 9-4-2008 at 22:23
Please read and action before posting HijackThis logs



IMPORTANT - Read These 3 Steps Before Posting For Malware Removal Help

--------------------------------------------------------------------------------

Please follow these instructions BEFORE posting your log. This will help the cleaning process and make things easier for you. DO NOT FIX ANY ENTRIES OR DELETE ANY FILES YOURSELF. NOTE THAT IF YOU CHOOSE TO RUN ANY SPECIALISED TOOLS THAT YOU SEE BEING USED IN OTHER THREADS, WITHOUT SUPERVISION, THIS WEBSITE CANNOT BE HELD RESPONSIBLE FOR ANY SYSTEM DAMAGE CAUSED. You may end up with a useless system. A trained Analyst will review your log and provide detailed instructions thereafter.


It is appreciated that the level of infection may not allow you to complete all these steps. Therefore, if for some reason you cannot perform one of the steps, move on to the next step and advise the Analyst accordingly when you post the requested logs.


NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.



STEP 1

Uninstall Malware from Windows Add/Remove Program Tab

Go to Start > Control Panel > Add / Remove Programs and uninstall any of the following malware/spyware/adware programs if you find them listed.

180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
ISTbar
ISTSvc
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update

These are Optional removals but it is recommended you remove them as well.

Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent

*Note* If you're unsure about ANY entry then leave it alone and the Analyst will advise you in the fix later.



Search for Rogue and Suspect Programs

Please visit the following site and REMOVE/UNINSTALL any program you have that is listed on the Spywarewarrior site.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

This site has a list of known "Rogue" and "Suspect" programs. These programs cannot be trusted as they either don't do what they say, are poorly designed, or take advantage of the user in an effort to get YOU to spend money on buying their products. Several of these programs actually install "Spyware/Adware" on your system!

========================================

Step 2


Run an Online scan - Windows 2000 and XP only - Vista users see below

Perform an online scan with Internet Explorer with Panda ActiveScan http://www.pandasoftware.com/activescan/activescan/ascan_2.asp
Click on 'Scan your PC' located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting 'My Computer'
If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on 'See Report then click 'Save Report'
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Add the Panda log to your first post after you’ve completed the remaining steps.

Users of Avast AntiVirus, please note:

Continue with the online scan at Panda. It is a false positive from Avast http://www.avast.com/eng/virus_detection_and.html#idt_1554 because Panda Online scan does not encrypt its virus definitions database.


Vista Users:

Panda ActiveScan is not currently compatible with Windows Vista.

Please follow these instructions to run an alternative online scan.

Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif[/bad img]

    [bad img]http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif[/bad img]


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


STEP 3

For users running Windows 2000, XP or Vista

Preparing to get a log with Deckard's System Scanner (formerly Comboscan)

Download Deckard's System Scanner (DSS) to your Desktop.http://www.techsupportforum.com/sectools/Deckard/dss.exe.
Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txtin your thread in the Help Forum.
Please copy and paste main.txt and extra.txtto your post.


What DSS will do:
Create a new System Restore point in Windows XP and Vista.
Clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
Check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


For users running Windows 95, 98 or ME

Please download HijackThis to your desktop..

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Alternate link
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe


Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.

Double-click on the file you just downloaded.
Click on the "Install" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe


If it gives you an intro screen, just choose 'Do a system scan and save a log file'.
If not, run a scan and save the log file.

Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the Virus help and InfoSec http://www.karlsforums.com/forums/forumdisplay.php?fid=68

Do not fix any entries in HijackThis since they may be harmless.
Make sure to include the System information at the top of the log as well.


Posting the Log

Important:

1. Be specific about YOUR issue.

The more information you can provide the easier it will be for us to ascertain your problem. If you receive a warning about a specific virus/trojan/worm then include the name of the infection in the thread header. For example, if your Antivirus picks up Alcra.B worm then your thread header would be something like

”Constant pop ups – Alcra.B worm”


2. Describe your issue/problem in DETAIL!

DO NOT use something like "Help Me" or "Here's My Log"...etc. This tells us nothing and is a waste of our time and yours. We cannot guess as to what may be your problem. Please provide as much detail as possible, including virus/trojan/worm names and locations if available. The more information you can give us the better we can help.

When posting the log please observe the following:

DO NOT Attach the logs unless specifically requested. (Post it as text in the thread).
DO NOT Wrap the log using Quote or Code tags. (DO make sure notepad word-wrap is OFF)
DO NOT Post another Program’s log (Unless we specifically ask for it)
DO NOT Cut off the header of any log (It contains important information for the Analyst)
DO NOT Private Message the Analyst unless asked to do so.
TICK THE check box "Turn BB code off"
either to the right or below the mesage box

3. Once you have posted, Subscribe to your thread by going to Thread Tools (at the top of the thread) > Subscribe. Make sure it is set to Instant Notification, then click Add Subscription.so that you are notified when you receive a reply.


This concludes the basic steps required before posting your log. Everything listed here is an effort from us to help you help yourself. The Analyst will cover many of these procedures again when reviewing your logs so please follow their instructions. And yes, you may be asked to run a tool again, even if you’ve already advised that you’ve run it previously. Once your issue is resolved the Analyst will provide links to programs and advice to help you prevent further infections in the future. Thank you for taking the time to read this.


When all done post you log/s here... http://www.karlsforums.com/forums/forumdisplay.php?fid=68
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.