Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Cretemonster

Pages: [1] 2 3 ... 5
1
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: October 05, 2005, 07:19:58 AM »
Hi ZampĂ˝ and Welcome to TheTechGuide!

This has become a real pesky bug to deal with as of late,so please be patient with me!


Download WinPFind:
WinPFind

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Download and unzip BFUzip from HERE

Right Click the Zip folder and select "Extract All"

Locate and double click BFU.exe

Now locate and click the Greenish Blue globe with the chord plugged into it!

When the next small window pops up-> Copy&Paste this URL into it and click OK!
http://webpages.charter.net/cretemonster/p2pnetwork.bfu

Now click the execute button and let the script run!

Reboot into SAFE MODE(F5 or F8 when restarting)
Here is a link on how to boot into Safe Mode:
SafeMode

Once in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> Type in MSCONFIG -> click OK.

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Select the tab labeled Startup and put a Check by every box there!!  Once everything is enabled, run "Hijack This!" and post a new log to this thread!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates!

Post back with a fresh HijackThis log and the reports from WinPFind and Panda!

2
Tech Clinic / Winsupdater.exe and my Hijackthis log, Please help
« on: September 30, 2005, 12:12:20 PM »
Lets get rid of some trash!

Download and Install
[color=\"purple\"]CleanUp![/color][/url]
Dont use it yet!

Restart in Safe Mode and Configure Windows to Show Hidden Files
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Locate and Delete if found

C:\WINDOWS\SYSTEM32\winlog.exe<- File

C:\Program Files\Admanager Controller<- Folder

C:\Program Files\winsupdater<- Folder


Now run the Cleanup! program and allow it to clean out all the temp files it finds,when it prompts you to Log Off,Click NO!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

Save the Report it generates!


Download the Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Press "Restore Original Hosts" and press "OK"!

Exit Program!


Post back with a fresh HijackThis log and the report from Panda!

3
Tech Clinic / E2Give
« on: September 30, 2005, 11:38:02 AM »
Let me get a closer look please!

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Post the results of WinPFind.txt in the next post please!

4
Tech Clinic / Roomate was a bad girl, HELP!!!
« on: September 30, 2005, 03:09:17 AM »
Are you getting any kind of errors when you run the l2mfix?

It doesnt appear its running correctly!

Go into Safe Mode and Run the l2mfix,this time select Option 4 and let it run!

After that run option 1 and save that log!

Now,still in Safe Mode,open the l2mfix folder and right click second.bat and let it run,again,it will reboot the PC,go back to Normal Mode and Post all 3 logs!

5
Tech Clinic / Cleanup and problem with alexa
« on: September 30, 2005, 02:51:30 AM »
Now this was flagged as a Virus by Panda

Virus:Trj/Keylog.BR Disinfected C:\WINDOWS\SYSTEM32\mscfghk.dll
Virus:Trj/Keylog.BR No disinfected C:\undo\backup.cab[MSCFGHK.DLL]

Unless you installed this Keylogger,then Id say it just needs to go!

Let me know!

6
Tech Clinic / Winsupdater.exe and my Hijackthis log, Please help
« on: September 29, 2005, 05:14:08 AM »
Hey xNicolaUKx,

Sorry for your wait but it appears you have leftovers of the Vundo infection!

Lets have a closer look!

Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O20 - Winlogon Notify: infowin - C:\WINDOWS\system\infowin.dll (file missing)

O20 - Winlogon Notify: playcab - C:\WINDOWS\Fonts\playcab.dll (file missing)

O20 - Winlogon Notify: web - C:\WINDOWS\system\web.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Restart Normal and Please do an online scan with  [color=\"#3333FF\"]Kaspersky WebScanner[/color]

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
    • [/b]
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      [color=\"#009900\"]Extended (if available otherwise Standard)[/color]
      [/list]
      • Scan Options:
        [color=\"#009900\"]Scan Archives
        Scan Mail Bases        [/color]
        [/list]
        • Click OK
        • Now under select a target to scan:
            Select
          My Computer
        • This will program will start and scan your system.
        • The scan will take a while so be patient and let it run.
        • Once the scan is complete it will display if your system has been infected.
          • Now click on the Save as Text button:
          • Save the file to your desktop.
          • Copy and paste that information in your next post.
          I Would also uninstall one of the Antivirus programs you have,2 can only cause problems!

          Post back with a fresh HijackThis log and the results of WinPFind and Kasperskys Scan!

          7
          Tech Clinic / E2Give
          « on: September 29, 2005, 04:45:32 AM »
          OUCH!!!

          Thats definatly the Look2me infection,lets hit this bugger with a baseball bat!

          Close any programs you have open since this step requires a reboot.


          From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer.

          After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

          Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

          IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

          After posting a fresh HijackThis log and the results of Option2,proceed on with the Instructions below!

          Just get Ewido Updated!

          Please download the trial version of Ewido Security Suite here:
          [color=\"#3333FF\"]http://www.ewido.net/en/download/[/color]

          Please read [color=\"blue\"]Ewido Setup Instructions[/color]
          Install it, and update the definitions to the newest files. Do NOT run a scan yet.

          If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
          [color=\"#3333FF\"]Ad-Aware SE Setup[/color]
          Don't run it yet!

          Download and Install
          [color=\"purple\"]CleanUp![/color][/url]
          Dont use it yet!

          Reboot into SAFE MODE(Tap F8 when restarting)
          Here is a link on how to boot into Safe Mode:
          http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

          Run Cleanup,when prompted to log off>> Select No

          Scan the PC with Ewido just as described in the link-> Clean everthing it finds and make sure to Save the Report

          Scan the System with Ad Aware,remove everything it finds and delete all quaratine files!

          Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

          Under the "General" Tab
          Make Sure Normal Startup is Checked!!

          Click Apply>>OK>>Follow the Prompts to Restart!!

          Restart Normal and have the PC Scanned here:
          Panda Active Scan

          You will need to be using Internet Explorer for the Scan to work!

          Save the Report it generates

          Download the Hoster from here:
          http://www.funkytoad.com/download/hoster.zip
          Press "Restore Original Hosts" and press "OK"!
          Exit Program!


          Post back with a fresh HijackThis log and the reports from Ewido and Panda!

          8
          Tech Clinic / Cleanup and problem with alexa
          « on: September 29, 2005, 04:42:05 AM »
          OK,so we both agree that C:\Undo just doesnt belong on the PC,Correct?

          Thats what Panda is flagging?

          9
          Tech Clinic / E2Give
          « on: September 28, 2005, 04:27:54 AM »
          First lets Kill the Service that may pose the most trouble!

          Click Start-> Run-> Type in Services.msc and Click OK!

          Scroll that list and locate this entry

          System Startup Service

          Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!

          Click Apply-> OK and Exit the Services Page!

          Now that appears to be the Look2me Infection,so please download the l2mfix from here
          http://www.atribune.org/downloads/l2mfix.exe
          or
          http://www.downloads.subratam.org/l2mfix.exe

          Save the file to your desktop and double click l2mfix.exe.

          Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

          Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

          Copy the contents of that log and paste it into this thread.

          IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.

          10
          Tech Clinic / Cleanup and problem with alexa
          « on: September 28, 2005, 04:23:54 AM »
          It looks like Panda Disinfected the Keylogger but lets be sure!

          Reboot into SAFE MODE(Tap F8 when restarting)
          Here is a link on how to boot into Safe Mode:
          http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

          After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
          http://www.bleepingcomputer.com/forums/ind...torial=62#winxp

          Locate and Delete if found

          C:\WINDOWS\SYSTEM32\mscfghk.dll

          C:\undo\backup.cab

          C:\undo<- Unless you know where this folder came from!

          Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

          O16 - DPF: ConferenceRoom Java Client - http://mail.igl.net:8000/java/cr.cab

          O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c10.cab

          O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

          O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe

          O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

          Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

          Restart Normal and have the PC Scanned here:
          F-Secure

          Save that Report!

          Post back with a fresh HijackThis log and the results of F-Secure!

          11
          Tech Clinic / Cleanup and problem with alexa
          « on: September 27, 2005, 02:35:18 PM »
          Hmmm,Not sure why that is happening but can you follow the rest of the instructions and post the panda and hijackthis log?

          12
          Tech Clinic / computer keeps restarting
          « on: September 26, 2005, 05:13:32 PM »
          Hi breeder and Welcome!

          Since you seem to have no active antivirus running and this infection is so large,I suggest hitting the system with 2 extreme measures!

          First one is laid out in detail in the link below,please take the time to read through it completely before proceeding!
          http://www.bleepingcomputer.com/forums/How...rvs-t11662.html

          After those steps are done,use the instructions in the link above for scanning in safe mode with the explorer process killed but with this scanner

          Please download the trial version of Ewido Security Suite here:
          [color=\"#3333FF\"]http://www.ewido.net/en/download/[/color]

          Please read [color=\"blue\"]Ewido Setup Instructions[/color]
          Install it, and update the definitions to the newest files.

          Scan the PC with Both Kaspersky and Ewido in Safe Mode with the Explorer Process killed!

          Delete or Clean everything each finds!

          After all that is done,use the registry cleaner as described below!

          RegSupreme
          http://majorgeeks.com/RegSupreme_Pro_d4256.html

          Once downloaded and launched,Click Yes to Update the Cache-> Click "Registry Cleaner"-> Click "Aggresive" and "Start"-> Fix everything it finds-> Name the Backup it creates and Save it somewhere safe!

          Once both Scanners and the Reg Cleaner are run,post back with a fresh HijackThs log and lets see whats left!

          13
          Tech Clinic / Cleanup and problem with alexa
          « on: September 26, 2005, 05:05:54 PM »
          Hi Edward and Welcome!

          Download WinPFind:
          http://www.bleepingcomputer.com/files/winpfind.php

          Right Click the Zip Folder and Select "Extract All"

          Don't use it yet!

          Reboot into SAFE MODE(Tap F8 when restarting)
          Here is a link on how to boot into Safe Mode:
          http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

          From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

          It will scan the entire System, so please be patient!

          One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

          Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

          Under the "General" Tab
          Make Sure Normal Startup is Checked!!

          Click Apply>>Close>>Follow the Prompts to Restart!!

          Restart Normal and have the PC Scanned here:
          Panda Active Scan

          You will need to be using Internet Explorer for the Scan to work!

          Save the Report it generates


          Post back with a fresh HijackThis log and the reports from WinPFind and Panda!

          14
          Tech Clinic / E2Give
          « on: September 26, 2005, 05:03:34 PM »
          Start here
          http://www.thetechguide.com/forum/index.php?showtopic=14623

          Get a HijackThis log posted and I will have look.

          15
          Tech Clinic / Roomate was a bad girl, HELP!!!
          « on: September 26, 2005, 05:01:45 PM »
          Hopefully you recieved no errors when the l2mfix ran??

          If not-> Close any programs you have open since this step requires a reboot.


          From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer.

          After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

          Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

          IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

          16
          Tech Clinic / WIN32.P2P-WORM
          « on: September 26, 2005, 04:59:12 PM »
          It looks like the infection itself is gone!

          I suspect the slow boot is do to such a heavy load on the PC!

          Some files I am unfamiliar with but suspect are OK are listed below,please take the time to look at each of these and see if what prgrams you can associate them with by right clicking each and selecting properties and go through all the info provided until you know why the file is there!

          C:\WINDOWS\SYSTEM32\VESWinlogon.dll

          C:\WINDOWS\SYSTEM32\CheckAuth.dll

          C:\WINDOWS\SYSTEM32\ErolSecure.dll

          C:\WINDOWS\SYSTEM32\GMFile.dll

          C:\WINDOWS\SYSTEM32\LPng.dll


          In order to trim your boot time up,it will take some research on your part because only you know what you need at startup!

          Myself,I am down to bare essentials and usually call on the programs only when needed rarther than have them startup automatically at the system boot!

          You just let me know what i can do to help you out here and we can go from there!

          17
          Tech Clinic / Roomate was a bad girl, HELP!!!
          « on: September 25, 2005, 05:45:40 PM »
          Hi jaded5645 and Welcome!

          It would appear you have the latest Look2me infection,so please download the l2mfix from here
          http://www.atribune.org/downloads/l2mfix.exe
          or
          http://www.downloads.subratam.org/l2mfix.exe

          Save the file to your desktop and double click l2mfix.exe.

          Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

          Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

          Copy the contents of that log and paste it into this thread.

          IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.


          If you recieve any error messages for CMD or Autoexec.bat>> Select Option 5 from the l2mfix and once at the Site,Click on the link that apply to your Operating System!

          Double Click the file it downloads and Extract the files to its predetermined System32 folder!

          18
          Tech Clinic / alcan.a. help
          « on: September 25, 2005, 05:42:25 PM »
          As for the Hosts File,I would check about once a month for updates,WinHelp2002 is always collecting new entries and updates several times a year!

          Spyware Blaster and Your AV along with Windows should be checked weekly!

          Go ahead and renable system restore and if you wish,take a new system snapshot with SpywareBlaster.

          They are 1 in the same and a backup cant hurt!

          Read through those little black links in my signature for some other good ideas on how to avoid this in the future!

          If you have any other questions,feel free to ask away!

          19
          Tech Clinic / WIN32.P2P-WORM
          « on: September 25, 2005, 07:10:41 AM »
          Hi fly123 and Welcome

          Download WinPFind:
          WinPFind

          Right Click the Zip Folder and Select "Extract All"

          Don't use it yet!

          Download and unzip BFUzip from HERE

          Right Click the Zip folder and select "Extract All"

          Locate and double click BFU.exe

          Now locate and click the Greenish Blue globe with the chord plugged into it!

          When the next small window pops up-> Copy&Paste this URL into it and click OK!
          http://webpages.charter.net/cretemonster/p2pnetwork.bfu

          Now click the execute button and let the script run!

          Reboot into SAFE MODE(F5 or F8 when restarting)
          Here is a link on how to boot into Safe Mode:
          SafeMode

          Once in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

          It will scan the entire System, so please be patient!

          One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!

          Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> Type in MSCONFIG -> click OK.

          Under the "General" Tab
          Make Sure Normal Startup is Checked!!

          Select the tab labeled Startup and put a Check by every box there!!  Once everything is enabled, run "Hijack This!" and post a new log to this thread!!

          Restart Normal and have the PC Scanned here:
          Panda Active Scan

          You will need to be using Internet Explorer for the Scan to work!

          Save the Report it generates!

          Post back with a fresh HijackThis log and the reports from WinPFind and Panda!

          20
          Tech Clinic / alcan.a. help
          « on: September 24, 2005, 03:06:30 PM »
          Well,I didnt quite expect that but the Panda Scan was worth its weight in gold obviously!

          Go into Safe Mode and Delete the Complete folder and also look in C drive for a file or folder labeled W

          Have HijackThis fix

          O4 - HKLM\..\Run: [ScanRegistry] C:\W

          Go ahead and Delete WinPFind and BFU if you like,it appears the PC is in much better shape!

          If you like,update Ewido and AVG and Scan the System with both in Safe Mode after deleting the folders and Restarting the PC!

          Please Install these 2 to add to the Security of the PC!

          SpywareBlaster:
          http://www.javacoolsoftware.com/spywareblaster.html
          Update Immediatly!

          WinHelp2002 Hosts File
          http://www.mvps.org/winhelp2002/hosts.htm

          Made Easy
          http://www.mvps.org/winhelp2002/hosts2.htm

          Disable System Restore
          http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

          Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

          Post back and let me know how things are?

          Pages: [1] 2 3 ... 5