Webmaster Forum Marketing Forums
 

Go Back   Webmaster Forum Marketing Forums > Techie Corner > Hijack This
Welcome to ToolBlast Media Playground
Existing users click the login button above.
New user? Become a member for free!
Click here.
Reply
 
Thread Tools Display Modes
Old 05-19-2005, 06:45 PM   #1
4900gamma
LimitedPass Member
Regular User
 
Join Date: Mar 2005
Posts: 62
Post My Hjt Log As Suggested By Usasma: greyknight17 (HijackThis Logs)

There's still a lot of infections here. I highly recommend getting rid of BearShare since it's one of the P2P programs that have spyware in it. Don't ask for more information on P2P, I will always say stay away from them since they contribute to these problems.

Download Ewido Security Suite at http://www.ewido.net/en/download/[/url] and install it. Update to the newest definitions. Do NOT run it yet.

Please download nailfix at http://users.pandora.be/bluepatchy/nailfix.zip[/url] (for Windows XP) or http://users.pandora.be/bluepatchy/nailfix2k.zip[/url] (for Windows 2000) Unzip it to the desktop but do NOT run it yet.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/[/url] (Alternate Link if main link don't work - http://www.greyknight17.com/spy/Cleanup.exe[/url] ) and install it. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Once in Safe Mode, please double-click on nailfix.cmd (or nailfix2k.bat if you have Windows 2000). Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next run a full scan in Ewido. Post the log from the Ewido scan here.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Windows media service] crvss.exe
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\Run: [Windows Update] inetinf.exe
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [Video Drivers] C:\WINDOWS\system\cunt\bleeding\anus\ms.exe mstask32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Service Manager] C:\WINDOWS\userint32.exe
O4 - HKLM\..\Run: [RtqYB] C:\documents and settings\margarita\local settings\temp\RtqYB.exe
O4 - HKLM\..\Run: [sA] C:\windows\system32\sA.exe
O4 - HKLM\..\RunServices: [Windows media service] crvss.exe
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [Windows Update] inetinf.exe
O4 - HKCU\..\Run: [Windows Update] inetinf.exe
O4 - Startup: PowerReg Scheduler V3.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Do you know what the following program(s) are for? If not, uninstall it from Add/Remove panel and fix it in HijackThis:

O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll


Close all open windows except for HijackThis and click Fix Checked.

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\avserve2.exe
C:\windows\system32\sA.exe
C:\WINDOWS\userint32.exe
C:\WINDOWS\svcproc.exe
crvss.exe
C:\WINDOWS\system\cunt\
inetinf.exe
winmplayer.exe

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Restart your computer in normal mode and post a new HijackThis log, as well as the log from the Ewido scan.
4900gamma is offline   Reply With Quote
Old 04-15-2010, 06:27 AM   #2
williamsmith
LimitedPass Member
No awards.
 
Join Date: Apr 2010
Posts: 1
Default

There are lotsof ideas here!!!!!!!!!
but people seem to be very casual with this site!!!!!!!!!!!!!
Any body interested in a joint venture ?
I got some stuff to share
__________________
william
williamsmith is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 2 (0 members and 2 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Bamboo Rugs| Info Products|PLR Articles| Appraisers Forum|Create Info Products| Top Resources

Copyright 2004-2006 ToolBlast.com.  All Rights Reserved.
Forum powered by vBulletin, Copyright Jelsoft Enterprises Ltd.