« previous next »
Pages: 1 [2]

Author Topic: Infected - Please Help  (Read 2313 times)

Offline darkimage888

  • Hero Member
  • *****
  • Posts: 534
  • Karma: +0/-0
    • View Profile
    • http://
Infected - Please Help
« Reply #20 on: December 31, 2006, 07:08:36 PM »
Take it to a computer professional right away. They can probably get rid of it, and if it isn't a virus, tell you what it is.
Logged
Msn is: [email protected]



Transactions:

[color=\"#0000ff\"]1.)Raised wordlif_e's wc from 47 to 50(for free!): SUCCESSFUL[/color]

[color=\"#ff0000\"]2.)Transfered over $1,000 USD via paypal for R_U_RLY_FAT: UNSUCCESSFUL(he didn't pay like promised)[/color]

[color=\"#0000ff\"]3.)Berencam transfered ALOT OF CASH for free on accounts without recovs, thats wut i call trusted: SUCCESSFUL

4.)Gave Berencam 2 mming accounts for helping me: SUCCESSFUL

5.)Bought berencam's lvl 94(I went first): SUCCESSFUL

6.)Bought a money making guide for 150k(I went first) from B A L A N C E: SUCCESSFUL[/color]

[color=\"#0000ff\"]7.)Did monkey madness for 750k for Berencam: SUCCESSFUL[/color]

[color=\"#0000ff\"]8.)Bought 2 sms pins from jjgangsta5, berencam mm'ed: SUCCESSFUL[/color]

[color=\"#ff0000\"]9.) Wasnt me trained my strength to 80: UNSUCCESSFUL(he set new recovs and bank pin, lol)[/color]

[color=\"#0000ff\"]10.)Edited stats for Devil Spawn for 50k: SUCCESSFUL[/color]

[color=\"#0000ff\"]11.)Edited more stats for Devil Spawn for 50k: SUCCESSFUL[/color]

[color=\"#0000ff\"]12.)Training Jollyman's pure for 1m: ENDED UP DOING FOR FREE[/color]

[color=\"#0000ff\"]13.)Bought 24m from Jollyman for $110, I went first: SUCCESSFUL

14.)Bought a sms pin from blackhawkdown2 for 1.5m, He went first: SUCCESSFUL[/color]



MM'ing:

[color=\"#0000ff\"]1.)MM'ed 300k and a pure for Oakland Raiders and Daroo425:  SUCCESSFUL[/color]

[color=\"#0000ff\"]2.)MM'ed 500k and paypal cash for Grenade and Bibat: SUCCESSFUL[/color]

[color=\"#0000ff\"]3.)MM'ed for OMFG and Trusted ARyan a pbp and 1m: SUCCESSFUL[/color]

[color=\"#0000ff\"]4.)Transferred over 5m worth of items and cash for ih8scammers: SUCCESSFUL[/color]

[color=\"#0000ff\"]5.)Transferred 700k worth of stuff and cash for Berencam: SUCCESSFUL[/color]

[color=\"#0000ff\"]6.)Transferred 12m for ih8scammers: SUCCESSFUL[/color]

[color=\"#0000ff\"]7.) Transfered over 5m worth of items for ih8scammers: SUCCESSFUL[/color]

[color=\"#0000ff\"]8.)Transfered around 2m items for Berencam: SUCCESSFUL[/color]

[color=\"#ff0000\"]9.)Transfered over $1,000 USD via paypal for R_U_RLY_FAT: UNSUCCESSFUL(he didn't pay like promised)[/color]







Offline godzilly

  • Newbie
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Infected - Please Help
« Reply #21 on: January 02, 2007, 05:53:59 PM »
questelo

I've been logged in at work all day and so far everything is OK. No sign of any problems with virus, popup or connection

Many thanks for all your help

B.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Infected - Please Help
« Reply #22 on: January 02, 2007, 10:03:44 PM »
What about those orphan entries in your log that returned?
Can you try removing them again
You should get a prompt from both or one of SpywareDoctor and/or Spybot TeaTimer
You MUST ensure you are correctly selecting the correct prompt

In TeaTimer case, you may not see the lower buttons fully
The bottom left should be ALLOW
The bottom right should be DENY

I assume you must choose ALLOW to the changes we are doing
You may want to try this again
Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
O16 - DPF: {130F89DC-B772-4E02-AEFA-1BDDD8BD4E96} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {80DC1772-21EF-11D4-B9DE-0008C7CB5F59} -

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Let me know if they remain gone back in Windows
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline godzilly

  • Newbie
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Infected - Please Help
« Reply #23 on: January 04, 2007, 10:37:39 PM »
Deleted the items and Spybot asked for confirmation  for all six which I allowed

Rebooted and they are still there

A full sysmantec scan was done yesterday and nothing was found

There are no signs of any problem anywhere

Thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Infected - Please Help
« Reply #24 on: January 04, 2007, 10:48:45 PM »
Still should get rid of those orphan entries
The best thing to do is disable TeaTimer
Uninstall Spybot from add/remove programs

Reboot the computer
Fix those entries again with Hijackthis
Reboot the computer
Don't forget, Spyware Doctor has similiar protections
You must choose the correct prompt from it also when fixing those entries

Then run Hijackthis, see if those entries are now gone
If they are, I would reboot one more time for safe measure
Then you can go back ahead and reinstall Spybot
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline godzilly

  • Newbie
  • *
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Infected - Please Help
« Reply #25 on: January 08, 2007, 07:08:59 PM »
Done everything you suggested and the 6 items seem to be gone

Thanks
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Infected - Please Help
« Reply #26 on: January 11, 2007, 07:25:42 PM »
Your welcome, I'll lock this topic as your problems appear resolved
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »