Haz there my name is Marinka and Im from Slovenia... .... i wrote this topic with the hope, that somebody can helps me.
I got a lot of problems with the win32Trojan-gen wirus. The wirus has been already discused. There are thise files that are cosing truble Dload.exe and 125788.exe-links to a webside. I tried anzthin i could find on this forum but with no succes.If i remove those files they apear again!!!
Hire is mY hijack this log! Logfile of HijackThis v1.99.1 Scan saved at 20:43:30, on 25.3.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
------------------- After downloading these, please restart your computer in Safe Mode: if you do not know how to do that, please follow the >instructions available online here<.
Open My Computer >Tools >Folder Options >View >CHECK "Show hidden files and folders", UNCHECK "Hide protected operating system files" and then click Ok.
Then run HIJACKTHIS again, press the Do a system scan only button and place a checkmark next to the following infected items, to fix them later: O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL O2 - BHO: IEPlus Filter - {C97EAD04-D1D3-4580-BDAC-EB13B6CB176E} - C:\WINDOWS\fonts\font.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\pd7.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
After you have checked all of these items, please press the FIX CHECKED button in HIJACKTHIS, to fix these infected entries.
Open Dr Delete which you have downloaded and use it to find and remove the following infected files:
The last two you can be usually found in C:\Windows\System, but just to be sure of their location, you can perform a manual search on these files. Please delete them with Dr Delete when you find them.
Now remove completely this folder: C:\PROGRA~1\INSTAF~1\ (C:\Program Files\Instafinder\)
Now run the scanners:
TDS-3 - Please start TDS-3, wait until it has fully initialised, press the System Testing button, then choose Full System Scan. Spybot S&D - click on the Immunize button. Then "Scan System" button. Next, close all Internet Explorer windows, and click - Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.
Open My Computer >Tools >Folder Options >View >CHECK "Do not show hidden files and folders", CHECK "Hide protected operating system files" and then click Ok.
Restart your computer to exit the Safe Mode, visit >windows update< to see if you need any critical windows security updates, and tell me how are things going now?
If all is OK, you can re-enable System Restore. If my advices have not helped in any way, please post a fresh HIJACKTHIS log and we will continue with the disinfection.
Currently it is Tuesday, December 02, 2008 3:07 PM (GMT +1) There are a total of 64.504 posts in 15.907 threads. In the last 3 days there were 18 new threads and 101 reply posts. View Active Threads
Who's Online
This forum has 27320 registered members. Please welcome our newest member, ribnitz. 48 Guest(s), 2 Registered Member(s) are currently online. Details Jade71, Nick-Brough
|