Guest T-back

Need to take a look at my system.

Recommended Posts

Guest T-back

I need to remove all malware from my system, which was not detected by any anti malware / anti-spyware software.

There are many malware 'that I want to be removed just like Hotbar/blinkx/bandoo/fake RealPlayer/ and Other fake one/Programs.

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\StartupFaster [2011/11/08 13:46:20 | 000,000,000 | -H-D | M]
    O4 - Startup: C:\Documents and Settings\ANYUSER\Start Menu\Programs\Startup\StartupFaster [2011/11/08 13:46:20 | 000,000,000 | -H-D | M]
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tray = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: pop = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O32 - AutoRun File - [2011/10/16 09:46:18 | 000,000,000 | ---D | M] - D:\Autorun.inf -- [ NTFS ]
    [2011/11/07 23:28:58 | 000,000,381 | ---- | M] () -- C:\Documents and Settings\ANYUSER\Desktop\Shemale And Girl Tubes  Tube Splash  Free porn tube videos (2).url
    [2011/11/07 15:58:01 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\ANYUSER\Desktop\Real thing.url
    [2011/11/06 13:01:10 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\ANYUSER\Desktop\Startup Faster!.lnk
    [2011/11/04 14:14:07 | 041,716,970 | ---- | M] () -- C:\Documents and Settings\ANYUSER\My Documents\Spyware Doctor 9.0.0.888 Setup + Keygen.rar
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A81F9CE
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
    @Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5DF2864D
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F7539FF
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

Here is the log, no problem with above. And this things are running perfectly.

Share this post


Link to post
Share on other sites

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    4l5a4i.png
  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck amuvj8.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites
Guest T-back

I want to remove all malware, especially some of the infected files are not detected by many protection programs.

And I can give you a list of malware if you want. And I have another problem with some Windows updates and where I can not install the latest updates.

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1

Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.


Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

Thanks, no problem here except some malicious software installed on my system,and all this things are running perfectly

And here's a malware list.

1- GIMP.

2- InstallIQ Updater.

3- LiveDownloader.

4- Loaris Trojan Remover.

5- fake Mplayer.

6- Soft32.

7- XP Antivirus Remover

Note: ComboFix 'and other anti-malware / anti-spyware programs has been detected Some of these programs and files but could not fully remove malware from my system.

Share this post


Link to post
Share on other sites

GIMP is not malware, it is an open source graphics program. As for the other stuff, most of it doesn't show up n your logs.

Now we need to use ComboFix to remove some stuff.

  • Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Driver::
pmvo
FCS30
DSLBPA

File::
c:\docume~1\ANYUSER\LOCALS~1\Temp\DSLBPA.exe
c:\docume~1\ANYUSER\LOCALS~1\Temp\FCS30.tmp
c:\windows\system32\drivers\eejma.sys

Folder::
c:\program files\Loaris

  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix.exe
    th_CFScript.gif
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.


Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

no problem here ,and this things are works perfectly!

and need to make sure whether the 'RealPlayer program' contains malicious software or not? Why I want to make sure? Here's the answer - ( RealPlayer.exe-setup. has not been downloaded it from the official website, therefore, this installer is different from the real installer and this probably means that the installation file is infected.

And this is another problem with Windows Update, especially with this update-(Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073) )

Everytime I try to install it I surprised it he came back again in a startup. Then, I receive notifications About it ! then he found Windows Update once again ?

Share this post


Link to post
Share on other sites

From where did you download RealPlayer?

Look at your Windows Update history and check to see if the Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073) is failing to install. If so, you may need to download the update to your Desktop and run it locally.


Now we need to use ComboFix to remove some stuff.

  • Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook]
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C30A2DF-CD95-C02D-19DA-4A47854417FD}]

RegLockDel::
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3497BB24-92FC-EF8D-AC3D-7E6480ED3B93}]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix.exe
    th_CFScript.gif
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.


Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

I've downloaded from multiple links but I forgot what those company that produces this malware!

And I’m keep it some malware samples on my system If you want to check some!-(let my hala B) )

Windows Update history Says that the installation succeeded?! But I have been checking again whether the update is back again, unfortunately, still come back.!

Share this post


Link to post
Share on other sites

RealPlayer is not malware. It just may be wrapper in a custom installer from the site you downloaded. This is RealPlayers home page: http://www.real.com/


Download Windows Repair by Tweaking.com to your desktop.

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click Custom Mode so there is a bullet in it.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Remove Policies Set By Infections
    • Repair Windows Updates

    Note: Leave everything else unchecked

    [*]Put a checkmark in Restart System When Finished

    [*]Now click the Start button (bottom right)


Now we need to use ComboFix to remove some stuff.

  • Make sure that the copy of combofix.exe that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Open Notepad and copy/paste the text in the below code box into it

(make sure you scroll all the way down in the code box to get all lines selected ):

KillAll::

Driver::
BCASPROT
aasrv
pfklnmft

NetSvc::
pfklnmft

RegLock::
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook]
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C30A2DF-CD95-C02D-19DA-4A47854417FD}]

RegLockDel::
[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3497BB24-92FC-EF8D-AC3D-7E6480ED3B93}]

  • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix.exe
    th_CFScript.gif
  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • I will ask for this log below

Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

The ComboFix folder should not be renamed since ComboFix and even we would have suspicions about it. Also when you uninstall CF, the folder would not be removed since it does not look for that folder name.


Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

Here's the deal - (RealPlayer.exe-setup. comes with added called "blinkx" and As we know that "blinkx" is a malware And should be removed immediately, as with the RealPlayer installed.. :) . Now, What do you think?

and Follow your instructions and all things are running perfectly.

Share this post


Link to post
Share on other sites

Quit telling me what is and isn't malware, I have a far greater knowledge of what is or isn't malware. blinkx is not malware it a browser helper object and does not need to be installed for RealPlayer to function.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :Services
    is3srv
    pci_01
    szkgfs
    TfFsMon
    TFSysMon
    MpKsl136d6102
    MpKsl3d7e7903
    SABKUTIL
    SBRE
    AVFSFilter
    cpuz134
    esgiguard
    F-Secure Standalone Minifilter
    Lavasoft Kernexplorer
    rspSanity
    TfNetMon
    SpyHunter 4 Service
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest T-back

OK, thanks ... All things are working perfectly. and We need to fix a Windows Update Problem.!

Share this post


Link to post
Share on other sites

OK, this procedure is time consuming but usually resolves the issue of Windows Update wanting to continually install the same .NET update.

To repair the .NET Framework, you must uninstall multiple versions of the .NET Framework by using the .NET Framework Cleanup Tool, and then reinstall the components.

To do this, follow these steps:

  1. Click the following link to download the .NET Framework Cleanup Tool:
    http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx
  2. Use the .NET Framework Cleanup Tool to uninstall the .NET Framework versions 1.0, 1.1, 2.0, 3.0, and 3.5
    Note The cleanup tool does not let you remove the .NET Framework 2.0 in Windows Vista or later versions because the .NET Framework is installed as an operating system component.
  3. Restart the computer.
  4. Download and install the following components:
    .Net Framework 1.1
    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=262d25e3-f589-4842-8157-034d1e7cf3a3
    .Net Framework 1.1 SP1
    http://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en
    .NET Framework 3.5 SP1
    Note This will also install .Net Framework 2.0 SP2 and .Net Framework 3.0 SP2
    http://www.microsoft.com/downloads/details.aspx?familyid=AB99342F-5D1A-413D-8319-81DA479AB0D7&displaylang=en
  5. Restart the computer.
  6. Visit the Windows Update Web site and install the updates:
    http://update.microsoft.com

Share this post


Link to post
Share on other sites
Guest T-back

I use NET Framework Cleanup Tool to help my-out removing all my things Then restart the computer and still get this update! Note that it was removed all these things / all versions. And still shown-up in the start-up and clicking on this update and start updating and he says that’s update is complete?

Share this post


Link to post
Share on other sites

I use NET Framework Cleanup Tool to help my-out removing all my things Then restart the computer and still get this update! Note that it was removed all these things / all versions. And still shown-up in the start-up and clicking on this update and start updating and he says that’s update is complete?

So, what you are telling me; is that you only did the first part of the instructions, that you did not do steps 4-6.

Share this post


Link to post
Share on other sites
Guest T-back

So, what you are telling me; is that you only did the first part of the instructions, that you did not do steps 4-6.

Yep, That's right!

Share this post


Link to post
Share on other sites

Do everything I posted. I did not take the time to write out a set of instructions, only to have half of them ignored.

Share this post


Link to post
Share on other sites
Guest T-back

Do everything I posted. I did not take the time to write out a set of instructions, only to have half of them ignored.

ok, I'll do that right now. :)

Share this post


Link to post
Share on other sites

Increase the size of your Virtual Memory to at least 2gb.

To increase the size of Virtual Memory (PageFile) on Windows XP:

  1. Click Start, right-click My Computer, and then click Properties.
  2. In the System Properties dialog box, click the Advanced tab.
  3. In the Performance pane, click Settings.
  4. In the Performance Options dialog box, click the Advanced tab.
  5. In the Virtual memory pane, click Change.
  6. Change the Initial size value and the Maximum size value to a higher value, click Set, and then click OK.
  7. Click OK to close the Performance Options dialog box, and then click OK to close the System Properties dialog box.

Reboot and try installing .NET 1.1 again.

Share this post


Link to post
Share on other sites

Let's check the drive for errors.

Click on Start > My Computer

Right-click on Local Disk (C:)

Select Properties

Click on the Tools tab

Under Error-checking click on the Check Now... button

Click on the box next to Automatically fix file system errors

Click on the Start button.

Scan Disk will run.

Once it is finished Defrag Drive C:

Share this post


Link to post
Share on other sites

OK, let's try this. Delete the copy of .NET 1.1 you have, and download a fresh copy. Try installing, get the same error?

Share this post


Link to post
Share on other sites
Guest T-back

Re-download NET Framework Package and run it and worked fine. :) and need to fix the error on page problem in IE browser.And other problems like

Internet Explorer cannot display the webpage

Share this post


Link to post
Share on other sites
need to fix the error on page problem in IE browser.
That actually is a problem with a script running on the Web site and not an issue with IE.
And other problems like Internet Explorer cannot display the webpage
Does this happen a lot or just every once in a while?

Share this post


Link to post
Share on other sites
Guest T-back

That actually is a problem with a script running on the Web site and not an issue with IE.

Does this happen a lot or just every once in a while?

yep this happen a lot

Share this post


Link to post
Share on other sites

Close all windows

Do the following:

Start -> Run

type cmd

Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

netsh int ip reset reset.log
netsh winsock reset catalog
ipconfig /flushdns
exit

Re-boot your PC.


Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Come back here to this thread and attach the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • HijackThis

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Nothing out of the ordinary in the HijckThis log.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      Alternate Zip Mirror 2
      Alternate Zip Mirror 3
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

    [*]Double click gmerRandomIcon.png or gmerDesktopIcon.png on your desktop. If you are using Vista, please right-click and select run as administrator

    [*]When you have done this, close all running programs.

    There is a small chance this application may crash your computer so save any work you have open.

    [*]Allow the gmer.sys driver to load if asked.

If it detects rootkit activity, you will receive a prompt to run a full scan. Click NO.

  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)

    [*]Click on btnScan.png and wait for the scan to finish.

    [*]If you see a rootkit warning window, click OK.

    [*]Push btnSave.png and save the logfile to your desktop.

    [*]Attach the GMER log.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running

*Note*: Rootkit scans often produce false positives. Do NOT take any actions on <--- ROOKIT entries

Share this post


Link to post
Share on other sites

Download UnlockRegistry.zip (Attached below) to your Desktop

Unzip the contents of UnlockRegistry.zip

Copy UnlockRegistry.vbs to C:\

Copy SetACL.exe to C:\Windows\System32

Now do the following:

Start -> Run

type cmd

Click "OK"

The Command Console will open

Enter the following commands, at the Command Prompt. Commands must be entered exactly as shown.

Press the Enter Key after each command. Wait for each command to finish before proceeding to the next command.

CSCRIPT C:\UnlockRegistry.vbs
exit

Delete C:\UnlockRegisty.vbs

Delete C:\Windows\System32\SetACL.exe

Delete UnlockRegistry.zip


Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3497BB24-92FC-EF8D-AC3D-7E6480ED3B93}]
"jaohpknnlbmdmeepdihn"=-
"jaohpknnlbmdmeepdidn"=-
"iaoolhpoemhmgcjjoa"=-
"haepjlpcpkopigah"=-

[-HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3497BB24-92FC-EF8D-AC3D-7E6480ED3B93}]

[-HKEY_USERS\S-1-5-21-1085031214-1637723038-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9C30A2DF-CD95-C02D-19DA-4A47854417FD}]

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Reboot your PC.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
No’ /Windows\System32 folder. :(
Yes, there is a Windows\system32 folder it is present on all 32-bit Windows.

Share this post


Link to post
Share on other sites
Guest T-back

Yes, there is a Windows\system32 folder it is present on all 32-bit Windows.

I check again, but I did not find this folder! And wonder where he is?

Restart the computer and check again and there is no such folder.!

And Can you help me to find this folder?

Share this post


Link to post
Share on other sites

It is present otherwise your computer would not be working. There is a System32 folder on all 32-bit Windows Operating Systems, ever since Windows 98SE. When you are in the Windows Folder click on Tools in the menu and select View. Uncheck Hide System Files and Folders, click OK.

Share this post


Link to post
Share on other sites
Guest T-back

Uncheck Hide System Files and Folders and click on OK, and no Files and Folders shown up!

Share this post


Link to post
Share on other sites

Download:

- ISeeYouXP by ShadowPuterDude

Double-click ISeeYouXP.exe, ISeeYouXp will be extracted to C:\ISeeYouXP; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.

Double-click the ISeeYouXP shortcut to run ISeeYouXP.

Possible Error Messages

  • If your ISeeYouXP.txt log appears to be empty or semi-empty or you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Window applications.
    To fix the above error message, choose the download below which is appropriate for your system
    • For Windows XP Pro: download and run: XPproFix
    • For Windows XP Home: download and run: XPHomeFix
    • For Windows 2000: download and run: W2KFix

    Then run ISeeYouXP.bat again and attach the log.

    [*]A possible second type of error message may occur as shown in the quote box below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem

16 bit MS-DOS Subsystem

drive:\program path

XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.

-or-

16 bit MS-DOS Subsystem

drive:\program path

SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

After attempting to fix the above errors, run ISeeYouXP.bat and attach the log.

IMPORTANT NOTE:

Vista Users

UAC must be turned off to run this script.

Turning Off/On UAC in Vista

1. Open the Control Panel.

2. Under User Account and Family settings click on the "Add or remove user account".

3. Click on your user account.

4. Under the user account click on the "Go to the main User Account page" link.

5. Under "Make changes to your user account" click on the "Change security settings" link.

6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.

7. You will be prompted to reboot your computer. Do so.

In order to re-enable UAC just select the above checkbox and reboot.

To Run ISeeYouXP right-click on the batch file and select "Run as Administrator"

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.