Hello. I am having trouble with VBS Small. I saw another user had the same trouble, and you told him to run clean autoruns and post the resulting files. I am posting them. Please help me. Thank you.
Hi lvega What Firewall you use? Lets start with this:
step#1 Click hereto download HJTsetup.exe and save it to your Desktop. * Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This.
step#2 Open HijackThis - Click the Do a system scan only button - Check the following entries (below)
Close ALL open windows Click Fix Checked Close HiajckThis
step#3 Please delete the following folder C:\Archivos de programa\Ringz Studio\Storm Codec
step#4 Please DownloadClean Autoruns Save the attached Clean autoruns.zip to your desktop and extract (unzip) its contents to the desktop. It contains a batch file, Clean autoruns.bat, Written by Mosaic1. Once extracted, open the folder and double click on the Clean autoruns.bat to run the fix. 1. If any autoruns are found, the fix will move them to a backup folder. 2. If any autoruns are found on the root of your drives, it will kill explorer so that the registry entries in the MountPoint(s) key are fixed. 3. It will produce two files, Part1.txt and Part2.txt , that will show the state before and after the cleaning.
step#5 Post these Logfiles in your next reply: hjt-log Part1.txt Part2.txt
:smiles: Hi lvega we have five things to do Please follow my steps in the right order... Lets start with this:
step#1 Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,( if present) Ringz Studio
step#2 Open HijackThis - Click the Do a system scan only button - Check the following entries (below) F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Archivos de programa\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing) Close ALL open windows Click Fix Checked Close HiajckThis
step#3 Please delete the following folder,(if present) C:\Archivos de programa\Ringz Studio\Storm Codec
step#4 Please download Deckard's System Scannerto your Desktop * Close all applications and windows. * Double-click on Dss.exe to run it, and follow the prompts. * The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt
step#5 Post these Logfiles in your next reply: Main.txt and extra.txt
:smiles: Hi lvega Good Work! Please do the following..
step#1 Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, all older versions of Java.
step#2 Please backup your registry before fix it: Start Run Type the following to the box and hit Ok: regedit A window opens, click on File Choose Export form the menu Change the save location to C:\ Give the filename, RegBackUp Make sure that the filetype is set to Registryfiles (*.reg) Click on Save and Close the window Please run Notepad and paste the following text into a new file:
Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry
step#3 Please Update your Java Java Runtime Environment (JRE) 6u1 Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. * From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
step#5 Print out these instructions or save them with notepad or Word
Please download AVG Anti-Spywareto your desktop. When ready, do following:
Start AVG Anti-Spyware
Click the Update icon
Click Start update
Wait until updates are downloaded
Click the Scanner icon
Open the Settings tab
If you are having problems with the updater, you can use this link to manually update
Make sure that under "How to act?" read Quarantine
(If not, click the text and choose Quarantine)
Under "How to scan?" all checkboxes should be ticked
Under "Reports" select Automatically generate report after every scan and uncheck Only if threats were found
Under "What to scan?" select Scan every file
Click the Shield icon
Under the "Resident shield is" click active to make it inactive
Close AVG Anti-Spyware
Reboot to safe mode
If the computer is running, shut down Windows, and then turn off the power
Wait 30 seconds, and then turn the computer on
Start tapping the F8 key
The Windows Advanced Options Menu appears
Ensure that the Safe Mode option is selected
Press Enter. The computer then begins to start in Safe mode
Login on your usual account
Open My Computer. Click Tools menu then click Folder Options. Click the View tab. Scroll to the ;Hidden files and folders; section and click Show hidden files and folders.; Uncheck the Hide protected operating system files (recommended); option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
Close all open windows / programs / folders
Start AVG Anti-Spyware
Click the Scanner icon
Click Complete System Scan
Let the program scan the machine
When the scan has finished, follow the instructions below
Make sure that under "Set all elements to" read Quarantine
(If not, click the text and choose Quarantine)
Click Apply all actions
Click Save Report
Click Save reports as
Save report to your Desktop
step#6 Post these Logfiles in your next reply AVG Anti-Spyware report hjt-log
I send you the reports. Have a question: the avast antivirus found the vbs ona a restore archive from system restore. What I did was to disable system restore, turn off the computer and turn it on again, then enable system restore and create one restore point. Is the procedure ok?
Hi lvega Is the procedure ok? = Yes Excellent Work! Your comp looks clean. Everything is good now
we have two things to do
step#1 Clean your System Restore: Turnoff System Restore. On the Desktop, right-click My Computer Click Properties Click the System Restore tab Check Turn off System Restore Click Apply, and then click OK
You can fix these lines with HijackThis, if you want. This could to speed up to your computer starting. Open HijackThis - Click the Do a system scan only button - Check the following entries (below)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Archivos de programa\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.ex O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Archivos de programa\InterVideo\WinDVR\WinScheduler.exe Close ALL open windows Click Fix Checked Close HijackThis
Reboot. Turn on System Restore. On the Desktop, right-click My Computer Click Properties Click the System Restore tab Uncheck Turn off System Restore Click Apply, and then click OK
step#2 Now that you are clean, please follow these simple steps in order to keep your computer clean and secure
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. Watch what you download! Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use. Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. AdAware- Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well. SpywareBlaster - Great prevention tool to keep nasties from installing on your system. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. IE-SpyAd- puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. CleanUP!- Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there. Google Toolbar- Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows. Trillian or Miranda-IM- These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klei Happy surfing and stay clean!
Comments
What Firewall you use?
Lets start with this:
step#1
Click here to download HJTsetup.exe and save it to your Desktop.
* Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
step#2
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Archivos de programa\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing
Close ALL open windows
Click Fix Checked
Close HiajckThis
step#3
Please delete the following folder
C:\Archivos de programa\Ringz Studio\Storm Codec
step#4
Please Download Clean Autoruns
Save the attached Clean autoruns.zip to your desktop and extract (unzip) its contents to the desktop. It contains a batch file, Clean autoruns.bat, Written by Mosaic1. Once extracted, open the folder and double click on the Clean autoruns.bat to run the fix.
1. If any autoruns are found, the fix will move them to a backup folder.
2. If any autoruns are found on the root of your drives, it will kill explorer so that the registry entries in the MountPoint(s) key are fixed.
3. It will produce two files, Part1.txt and Part2.txt , that will show the state before and after the cleaning.
step#5
Post these Logfiles in your next reply:
hjt-log
Part1.txt
Part2.txt
I need a new HijackThis log too
we have five things to do
Please follow my steps in the right order...
Lets start with this:
step#1
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,( if present)
Ringz Studio
step#2
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
F2 - REG:system.ini: UserInit=userinit.exe,autorun.bat
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Archivos de programa\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
Close ALL open windows
Click Fix Checked
Close HiajckThis
step#3
Please delete the following folder,(if present)
C:\Archivos de programa\Ringz Studio\Storm Codec
step#4
Please download Deckard's System Scanner to your Desktop
* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt
step#5
Post these Logfiles in your next reply:
Main.txt and extra.txt
I am sending you main.txt, because the program didn´t generate an extra.txt
Thanks a lot!
Good Work!
Please do the following..
step#1
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following,
all older versions of Java.
step#2
Please backup your registry before fix it:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Please run Notepad and paste the following text into a new file:
REGEDIT4 [-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e104aa0-4464-11db-92d9-000b6a12dbf7}] [-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a10a1630-713d-11db-8810-000000000000}] [-HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b87f7290-4111-11db-92d7-000b6a12dbf7}]Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry
step#3
Please Update your Java Java Runtime Environment (JRE) 6u1
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
* From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.
step#4
Please download
ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
* Windows Temp
* Current User Temp
* All Users Temp
* Temporary Internet Files
* Prefetch
* Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
step#5
Print out these instructions or save them with notepad or Word
Please download AVG Anti-Spyware to your desktop. When ready, do following:
-
- (If not, click the text and choose Quarantine)
- Under "How to scan?" all checkboxes should be ticked
- Under "Reports" select Automatically generate report after every scan
- Under "What to scan?" select Scan every file
- Click the Shield icon
- Under the "Resident shield is" click active to make it inactive
- Close AVG Anti-Spyware
Reboot to safe modeand uncheck Only if threats were found
- If the computer is running, shut down Windows, and then turn off the power
- Wait 30 seconds, and then turn the computer on
- Start tapping the F8 key
- The Windows Advanced Options Menu appears
- Ensure that the Safe Mode option is selected
- Press Enter. The computer then begins to start in Safe mode
- Login on your usual account
Open My Computer.Click Tools menu then click Folder Options.
Click the View tab.
Scroll to the ;Hidden files and folders; section and click Show hidden files and folders.;
Uncheck the Hide protected operating system files (recommended); option. (SEE NOTE ABOVE ON THIS OPTION!) Click Yes to confirm. Then click OK.
-
- (If not, click the text and choose Quarantine)
- Click Apply all actions
- Click Save Report
- Click Save reports as
- Save report to your Desktop
step#6Post these Logfiles in your next reply
AVG Anti-Spyware report
hjt-log
I send you the reports. Have a question: the avast antivirus found the vbs ona a restore archive from system restore. What I did was to disable system restore, turn off the computer and turn it on again, then enable system restore and create one restore point. Is the procedure ok?
Thanks a lot.
Is the procedure ok? = Yes
Excellent Work!
Your comp looks clean.
Everything is good now
we have two things to do
step#1
Clean your System Restore:
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK
You can fix these lines with HijackThis, if you want. This could to speed up to your computer starting.
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Archivos de programa\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.ex
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Archivos de programa\InterVideo\WinDVR\WinScheduler.exe
Close ALL open windows
Click Fix Checked
Close HijackThis
Reboot.
Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK
step#2
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.
Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware- Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klei
Happy surfing and stay clean!
Definitely, you know how to manage this viruses thing. Congratulations!