Options
Zone-DL.plugin
Hi, I am having problems with the above spy ware, have attached the Hijack This log to my post, this is beginning to get on my nerves! Have seen recent post on here that has been resolved, tried to follow however I have not got a result and still infected!
Thanks for any help there is!
Thanks for any help there is!
0
Comments
I'll help you get rid of your problems...
Let's start with this:
#1
First, make a own folder to HijackThis and move hijackthis.exe there. (Example C:\HijackThis\Hijackthis.exe)
#2
Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media
Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
- First close any other programs you have running as this will require a reboot.
- Double click NoLop.exe to run it.
- Now click the button labeled "Search and Destroy"
- When scanning is finished you will be prompted to reboot only if infected. Click OK.
- Now click the "REBOOT" button.
- A Message should popup from NoLop. If not, double click the program again and it will finish.
- Please post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..<<your computer will now be scanned for infected files>>
#3
Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
O4 - HKCU\..\Run: [SoftwareStart] C:\DOCUME~1\Dave\APPLIC~1\GREATR~1\aim phone.exe
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
#4
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.
#5
In safemode:
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):
C:\DOCUME~1\Dave\APPLIC~1\GREATR~1
After deleting, Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
When you are finished, please reboot the computer normally, and post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.
#6
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
#7
Panda ActiveScan
- Once you are on the Panda site, click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Do NOT lose it!
Please, send the Panda activescan report.
#8
Please, post a fresh hijackthis log and Panda Activescan report
Done!
Only found CiD Help (REMOVED), NoLop did not find anything.
Key not found in HiJackThis.
File/Folder not found.
Due to mainly using Fire Fox, have also ran on that too, 56.20MB main screen saved and 100KB on Fire fox.
Attached. (I HATE IE!)
Nothing found.
As I posted this, I continued to battle with this bug, and the few things I did last night seem to have resolved it. If there is anything else you spot that I have overlooked, please let me know.
Thanks again.
Can you give me fresh hijackthis log and panda's results?
Great. Now looks much better.
You forgot attach Panda's results. If you don't have the results, i't recommend to run Panda again
But, everything looks ok.
Let's delete one folder:
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Please, delete this folder:
C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
After deleting, Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Please, post Panda's results
I did a few Panda scans, just because I believed not to be true, and nothing is found, therefore I do not have a report log to save from the scan.
Have deleted: C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool
As I said before, before even posting on the site, I was continuing the battle I had with it as it was really bugging me, and the computer, causing Lag.
Thanks again for all your help.
Your log is clean.
Do you have still Lag?
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
Let's use Deckard's system scanner:
Please download Deckard's System Scanner to your Desktop
* Close all applications and windows.
* Double-click on Dss.exe to run it, and follow the prompts.
* The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt
Please post Main.txt and Extra.txt
Yeah, firewall I'm using a linux distro of Clark Connect acting as a dedicated gateway, so that be one main reason why I do not have any firewall based on my actual computer. Never have hacks as many active shields protecing me against all sorts!
The log from the program has been attached.
Thanks
Deckard's system scanner's logs are Ok.
Let's remove old java version:
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Java(TM) SE Runtime Environment 6 Update 1
_______________________
Log looks clean...great job!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
- Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
- Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Renable system restore with instructions from tutorial above
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Glad I was able to help.
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here