Author Topic: Can't get rid of some sites from my computer (Read 2185 times)

joy · « **on:** January 26, 2006, 04:18:51 AM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

I find out on my Desktop and on my Documents a link to explorer that takes me to a porn page,or other pages that I don't know (advertisment, dialer...), so I did the Hijack, I cancelled them, but every time I close the computer and then I open it...all these pages appears again every where. They also took the place of my personal MSN main page!

Please help me...Thanks
now I send you my Hijack logfile....

Logfile of HijackThis v1.99.1
Scan saved at 10.15.04, on 26/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\winoxhp.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\dosw.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4878
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: TChkBHO Class - {93ADDE69-80FD-4EF8-83EC-EB354830CEF7} - C:\WINDOWS\system32\qotiu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\System32\winoxhp.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows DOS] C:\WINDOWS\System32\dosw.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: KVG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130251960698
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

guestolo · « **Reply #1 on:** January 27, 2006, 12:43:34 AM »

Can you do the following please

=Download and Install
Windows Cleanup! 4.0
Don't run it yet

==Download Killbox
From one of these loactions
http://www.downloads.subratam.org/KillBox.exe
http://www.atribune.org/downloads/KillBox.exe
and save it too your desktop or folder

If you don't have Ad-Aware SE personal 1.06
==Download and Install Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Please save these below instructions to a Notepad file and save it to your Desktop for reference

This is important, some instructions must have you copy and paste entries from a text file
Go to start>>run>>type in notepad
Hit OK to open a blank notepad file

RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter

Open Killbox.exe
Leave "Standard Kill file" selected
In the "Full path of File to Delete" copy and paste the full entry below in bold

C:\WINDOWS\System32\winoxhp.exe

Then click the Red Circle with the White X
Allow to make a backup and delete the file
Don't worry about no file found messages

Carry on with the same instructions in killbox with the rest of these

C:\WINDOWS\System32\dosw.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KVG.exe
C:\WINDOWS\system32\qotiu.dll
additionally, for the last entry, can you also select "Unregister .dll before deleting" please

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections

Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Do a "System scan only" with Hijackthis and put a check next to these entries: (if found)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.skymasters.biz?4878

O2 - BHO: TChkBHO Class - {93ADDE69-80FD-4EF8-83EC-EB354830CEF7} - C:\WINDOWS\system32\qotiu.dll
O4 - HKLM\..\Run: [WinDSNX] C:\WINDOWS\System32\winoxhp.exe
O4 - HKLM\..\Run: [Windows DOS] C:\WINDOWS\System32\dosw.exe
O4 - Global Startup: KVG.exe

O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz

After you have ticked the above entries, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Back in Windows
Can I see the following

1. Run Hijackthis again and post a fresh log
2. Post the report you saved earlier with Ewidos

joy · « **Reply #2 on:** January 27, 2006, 05:47:25 AM »

these are my new fresh logs from Hijack and Ewido

Logfile of HijackThis v1.99.1
Scan saved at 11.45.58, on 27/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmi\FSI\F-Prot\F-StopW.EXE
C:\Programmi\FSI\F-Prot\F-Sched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-StopW] C:\Programmi\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmi\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmi\File comuni\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by15fd.bay15.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130251960698
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe

ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il:         11.22.05, 27/01/2006
+ Report-Checksum:      ECE4637C

+ Risultati scansione:

   HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Pulito con Backup
   HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Pulito con Backup
   HKLM\SOFTWARE\Classes\Interface\{491BE5B7-A7F8-40EC-AAD4-CBA11FDFD814} -> Dialer.Generic : Pulito con Backup
   HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Pulito con Backup
   HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Pulito con Backup
   HKLM\SOFTWARE\Classes\TypeLib\{29358AA6-679D-44EA-8A51-59A3C6E6F811} -> Dialer.Generic : Pulito con Backup
   HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Pulito con Backup
   HKLM\SOFTWARE\FENX -> Dialer.Generic : Pulito con Backup
   HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Pulito con Backup
   HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Pulito con Backup
   HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Pulito con Backup
   HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Pulito con Backup
   HKU\S-1-5-21-861567501-920026266-854245398-1003\Software\Need2Find -> Spyware.Need2Find : Pulito con Backup
   HKU\S-1-5-21-861567501-920026266-854245398-1003\Software\Need2Find\bar -> Spyware.Need2Find : Pulito con Backup
   C:\!KillBox\dosw.exe -> Worm.Delf.w : Pulito con Backup
   C:\!KillBox\qotiu.dll -> Spyware.WurldMedia : Pulito con Backup
   C:\Appoggio\a.exe -> Backdoor.SdBot.xm : Pulito con Backup
   C:\Appoggio\arun.exe -> Trojan.Zapchast : Pulito con Backup
   C:\Appoggio\atapidrv.exe -> Backdoor.Agobot : Pulito con Backup
   C:\Appoggio\gandj.exe -> Backdoor.Agobot.nq : Pulito con Backup
   C:\Appoggio\he3.exe -> Backdoor.SdBot.xm : Pulito con Backup
   C:\Appoggio\hmlsvc32.exe -> Backdoor.Agobot.adg : Pulito con Backup
   C:\Appoggio\install.exe -> Backdoor.IRCBot.lp : Pulito con Backup
   C:\Appoggio\ip.exe -> Backdoor.SdBot.xm : Pulito con Backup
   C:\Appoggio\mssfox32.exe -> Backdoor.Agobot.nq : Pulito con Backup
   C:\Appoggio\mssqlXP16.exe -> Backdoor.Agobot.nq : Pulito con Backup
   C:\Appoggio\Setup.exe -> Worm.Delf.w : Pulito con Backup
   C:\Appoggio\stone.exe -> Backdoor.SdBot.xm : Pulito con Backup
   C:\Appoggio\Sys33.exe -> Backdoor.SdBot.xm : Pulito con Backup
   C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\KVG.exe -> Dialer.Generic : Pulito con Backup
   C:\Programmi\Need2Find -> Spyware.Need2Find : Pulito con Backup
   C:\Programmi\Need2Find\bar -> Spyware.Need2Find : Pulito con Backup
   C:\Programmi\Need2Find\bar\History -> Spyware.Need2Find : Pulito con Backup
   C:\Programmi\Need2Find\bar\History\search -> Spyware.Need2Find : Pulito con Backup
   C:\Programmi\Need2Find\bar\Settings -> Spyware.Need2Find : Pulito con Backup
   C:\WINDOWS\sasent.dll -> Dialer.Generic : Pulito con Backup
   C:\WINDOWS\system32\zero.exe -> Backdoor.SdBot.xm : Pulito con Backup

::Fine Rapporto

guestolo · « **Reply #3 on:** January 28, 2006, 01:08:37 AM »

Sorry for the delay, It's important that you keep me up to date on
how everything is going
So How is everything going?

joy · « **Reply #4 on:** January 29, 2006, 11:30:57 AM »

Everything is working well....Thank you so much...
Sorry me too for the delay, but usually i'm not connected when you answer!
Sorry...and sorry for my english(i'm italian)

guestolo · « **Reply #5 on:** January 29, 2006, 01:14:17 PM »

We just have some final cleanup to do
Can you let me know what this means please, sorry, my Italian is not that good

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

C:\Appoggio

joy · « **Reply #6 on:** January 30, 2006, 11:11:32 AM »

Appoggio means Support

guestolo · « **Reply #7 on:** January 30, 2006, 08:55:39 PM »

Thanks for letting me know about "support"

A few bad files like to mess with the Hosts file
==Download Hoster.zip and save it to your Desktop.
UNZIP the contents to your desktop or folder
Locate the Hoster folder , open it and double click on Hoster.exe
Click on Restore Original Hosts
In the confirmation window, click on OK.

Although you have F-Prot installed, can we get a second opinion please
Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

Can you post this whole report please

joy · « **Reply #8 on:** January 31, 2006, 07:02:33 AM »

this is my panda active scan report

Incident Status Location

Dialer:dialer.cos Not disinfected C:\Documents and Settings\Giorgia\Menu Avvio\exsplorer.lnk
Virus:Eicar.Mod Not disinfected C:\Programmi\FSI\F-Prot\fpav-help.chm[prob-scan-ok.html]
Possible Virus. Not disinfected C:\Programmi\FSI\F-Prot\fpcmd.exe
Virus:Eicar.Mod Not disinfected C:\Programmi\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[prob-scan-ok.html]
Possible Virus. Not disinfected C:\Programmi\InstallShield Installation Information\{9FD12630-1991-46F5-8479-92DE1EAE87DA}\data1.cab[fpcmd.exe]
Dialer:Dialer.ANF Not disinfected C:\Programmi\Telecom Italia\ADSLWizzy\Driver\ArescomND220\data1.cab[adiras.exe]
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\inf\farmmext.inf
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\mstasks1.exe
Adware:adware/transponder Not disinfected C:\WINDOWS\Pynix.dll
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Dialer:dialer.bb Not disinfected C:\WINDOWS\system32\dktibs.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.msn
Adware:Adware/ShoppingCommunity Not disinfected C:\WINDOWS\system32\moconfig.exe
Adware:Adware/WurldMedia Not disinfected C:\WINDOWS\system32\s4Setp.exe

sorry....there's another little problem...I lost my PowerPoint Viewer...I can't find it, I can't read pps files...I don't know why, but this programm is desappeared from my Microsoft Office packaging....
Thank you!

guestolo · « **Reply #9 on:** January 31, 2006, 06:10:10 PM »

Can you do the following please

Find these files and send them all to the recycle bin
Exact spelling of the files are important

C:\Documents and Settings\Giorgia\Menu Avvio\exsplorer.lnk <-this file
C:\WINDOWS\inf\farmmext.inf <-this file
C:\WINDOWS\mstasks1.exe <-this file
C:\WINDOWS\Pynix.dll <-file
C:\WINDOWS\smdat32a.sys <-file
C:\WINDOWS\system32\dktibs.exe <-file
C:\WINDOWS\system32\moconfig.exe <-file
C:\WINDOWS\system32\s4Setp.exe <-file

Let me know if you were able to remove all those files please

PowerPoint:
Is it just the shortcut missing?
If it is, if you have Office installed to the default location
Navigate to this folder or similiar
C:\Programmi\Microsoft Office\Office10
Open the folder and look for the PowerPnt executable
Right click on it and Send a shortcut to the desktop

OR, maybe the association got messed up
Navigate to a PP file
Right click on the file and select OPEN WITH
Choose PowerPnt from the selections

I'm not sure if PowerPoint got corrupt from the malware you had on your computer or not?
Do you have your Office CD, can you put it in the computer and do a Repair on the installation?
Or you can use the Add/Remove component to reinstall PowerPoint

joy · « **Reply #10 on:** February 01, 2006, 04:19:27 AM »

I was able to delete all the files you told me...I put them all in the recycle bin, can I eliminate them also from there?
I think I have corrupted all the Office programm and the CD for the installation wasn't mine...Well,no problem...I will buy it! This is a secondary problem!
Everything is working well on my pc!
Thank you!

guestolo · « **Reply #11 on:** February 01, 2006, 11:32:10 PM »

yes, go ahead and remove the contents of the recycle bin

*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool[/url]

After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates
You are way behind on your security updates
This is the most important part to keeping your system secure
I would take this oppurtunity and update to Service pack 2
We've partly prepared your computer for this installation
Please take a look at this link
http://www.microsoft.com/windowsxp/sp2/default.mspx
On that page take note of the following link
What to know before you download and install
Before updating to SP2 I also recommend you run CleanUp! beforehand and additionally do a Disk Defragment

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*A Firewall is very important in the protection of your computer
Windows Service pack 2 contains an adequate firewall protection
If you would like to consider a firewall with more controlled protection
Install one of the following
Sunbelt Kerio Personal Firewall

Zone Alarm by Zonelabs

OutPost by Agnitum

Sygate Personal Firewall

It's important to only use one Software firewall protection, this includes the one supplied with XP
More than one can cause a conflict

*Check for updates with your anti-spyware programs and run a scan on a regular basis
A great addition to Ad-Aware
is Spybot 1.4, I recommend installing it if you don't have it
You can download it from HERE
or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check all boxes and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer if any Red entries were fixed
Please Immunize after every update

You may also choose to hold onto Ewido and CleanUp!
Ewido will become a Limited version in a couple weeks
It's still a very good scanner to update and run once a month

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

NOTE: About PowerPoint and other office programs
I assume you never had a legit version installed, not sure why it's not working now
If you would like a free Office program that is compatible with all of Microsoft office
excluding Frontpage
This includes Powerpoint, Word, etc...
Take a look at Open office
http://www.openoffice.org/index.html

joy · « **Reply #12 on:** February 02, 2006, 03:42:42 AM »

Thank you so much....
Everything is working very well!
Thank you!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #13 on:** February 02, 2006, 03:10:30 PM »

Glad to help
I'll lock this topic as your problems are resolved
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: Can't get rid of some sites from my computer (Read 2185 times)

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer

joy

Can't get rid of some sites from my computer

guestolo

Can't get rid of some sites from my computer