The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Redirect virus + problems downloading software

Posted 8/27/2008 6:21 PM
#65349
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
[2]
I'm hoping you can help me as you have helped others with similar problems.[/2]

[2]
Logfile of HijackThis v1.99.1
Scan saved at 17:49:21, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)[/2]

[2]Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Microsoft Money\System\reminder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe[/2]

[2]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [msserv] C:\WINDOWS\System32\lvsrev.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.freeserve.com/
O15 - Trusted Zone: https://www.croatianholiday.co.uk
O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - https://exweb.exchange.uk.com/clientbinaries/texInfo.CAB
O16 - DPF: {034DA761-EDB7-11D7-A20A-000802318089} (EWGPHI.desInput) - https://exweb.exchange.uk.com/clientbinaries/EWGPHI.CAB
O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - https://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl3.CAB
O16 - DPF: {0F026C11-5A66-4C2B-87B5-88DDEBAE72A1} (ComponentOne FlexGrid 8.0 (Light)) - https://www.aequosonline.com/aqolwebv2/activex/vsflex8l.ocx
O16 - DPF: {0FA8E95B-C23A-11D5-8F5F-0008C7E9C2C6} (Pensions.desInput) - https://exweb.exchange.uk.com/clientbinaries/PensionsPhase2.CAB
O16 - DPF: {2F6A847E-2EC2-11D3-AE1B-00508B014C1D} (Parser Class) - https://exweb.exchange.uk.com/clientbinaries/XMLParser.CAB
O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - https://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB
O16 - DPF: {511835FF-EDC9-11D7-A20A-000802318089} (EWGWholeLife.desInput) - https://exweb.exchange.uk.com/clientbinaries/EWGWholeLife.CAB
O16 - DPF: {59A910DE-EE9A-11D7-A20A-000802318089} (EWGCombinedTerm.desInput) - https://exweb.exchange.uk.com/clientbinaries/EWGTermAssurance.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152298804828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153336022984
O16 - DPF: {7B5A1CB7-2E01-11D7-90C1-0008C7E9C2C6} (PHI.desInput) - https://exweb.exchange.uk.com/clientbinaries/PHI.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://exweb.exchange.uk.com/clientbinaries/msxml4.CAB
O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - https://exweb.exchange.uk.com/clientbinaries/VersionInfo.CAB
O16 - DPF: {91F82BFF-F70C-11D2-BB68-0008C7E9C2C6} (TEXNBSHELL.ProposalForm) - https://exweb.exchange.uk.com/texonline/core_services/new_business_processing/texnbshell.cab
O16 - DPF: {A32DBCA3-4BFD-11D3-B9E4-008048FCE443} (Complist Class) - https://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB
O16 - DPF: {A98277A1-A141-11D5-98B9-00508B64538B} (Complist2 Class) - https://exweb.exchange.uk.com/clientbinaries/eXwebCListCtl2.CAB
O16 - DPF: {A9F86998-BB62-11D2-A988-006097E20477} (eXwebUtils.clsVersionInfo) - https://exweb.exchange.uk.com/clientbinaries/WholeLife.CAB
O16 - DPF: {ABF92614-EBA5-11D3-A315-006008134E84} (Annuities.dsrMain) - https://exweb.exchange.uk.com/clientbinaries/ann_GD.CAB
O16 - DPF: {B539A417-0C5E-11D4-97CF-00508B64538B} (Bonds.GLBI030) - https://www.aequosonline.com/aqolwebv2/activex/TeeChart5.ocx
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (Infragistics Date Edit Control) - https://exweb.exchange.uk.com/clientbinaries/TermAssurance.CAB
O16 - DPF: {DB1F08C5-F410-11D3-A316-006008134E84} (CombinedTerm.desUserDefaultsGrid) - https://exweb.exchange.uk.com/clientbinaries/printdll.CAB
O16 - DPF: {E5CFA957-1CD1-11D2-85AD-006097B42E68} (TEXCList.ctlCompanyList) - https://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB
O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - file://D:\CAB\pvdt70.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe[/2]

[2][/2]
Posted 8/29/2008 4:23 AM
#65380
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:





Run a scan with HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKLM\..\Run: [msserv] C:\WINDOWS\System32\lvsrev.exe





Reboot to safe mode:

https://www.bullguard.com/support/tech-guides/safe-mode.aspx





SHOW HIDDEN FILES

1. Click Start button, then go to Programs, Accessories and click on Windows Explorer.
2. Select the Tools menu and click Folder Options.
3. Select the View Tab.
4. Under the "Hidden files and folders" heading please check Show hidden files and folders.
5. Uncheck the Hide protected operating system files (Recommended) option.
6. Click Yes to confirm.
7. Click OK.





Delete these files:


C:\WINDOWS\System32\lvsrev.exe

C:\Windows\System32\drivers\InvisibleDrvNT.sys



Reboot normally, post new hijackthis log and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/30/2008 7:15 AM
#65429
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
Thanks for your help.


I have followed your instructions but don't have an lvsrev.exe file appearing either in HijackThis or C:\WINDOWS\System32. I don't have an InvisibleDrvNT.sys file in the drivers folder either.



I do however have a xx_lvsrev.exe file in the System32 folder.

There are also xx_apigrab.dll and xx_wartsvr.exe



Shall I get rid of some/all of these?
Posted 8/30/2008 7:55 AM
#65430
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. There are probably more infected files, I´ll therefore suggest you run ->


Run Kaspersky WebScanner


  • Please go [color=#ff0000>here:]https://www.kaspersky.com/virusscanner[/color]
  • and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
    * Under "Please select a target to scan:", click My Computer to start the scan.




  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
    * Paste kaspersky log in next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/30/2008 11:27 AM
#65434
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
Unfortunately virus(es) I have prevent me from downloading software from the internet. If I use your link I get IE cannot display webpage error.
Posted 8/31/2008 4:09 AM
#65456
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok. I´ve found a new link for Malwarebyte, see if you can download it from there ->





Please download Malwarebytes' Anti-Malware:

https://www.spywarefri.dk/downloads1/mbam-setup.exe



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Copy and Paste that log into your next reply, along with fresh hijackthis log.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/31/2008 8:44 AM
#65463
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
Cannot download from here either. Same problem: IE cannot display webpage.

Shall I try removing the files (& any registry settings) for the original stuff I found & see what happens?
(xx_lvsrev.exe file in the System32 folder & also xx_apigrab.dll and xx_wartsvr.exe)

Let me know what you think.
Thanks
Posted 8/31/2008 10:20 AM
#65466
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Yes, try to delete the files. You´ll probably have to do it from safe mode. If you can´t delete them, then see if they can be renamed to - filename.old.



Reboot.

You should be able to download malwarebyte from her:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Click on Download now




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/31/2008 1:50 PM
#65477
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
Deleted files ok but made no difference. Have rebooted pc. Can see the Malawarebytes site & able to save the exe to my c:\ but when I try to run the setup exe I get an 'exe is not a valid win32 application' error. Same thing happens if I try to run it from the website.

Can you think of anything else I could try before I try re-installing XP?
Thanks again

(By the way I checked Winsock and that seems to be ok)
Posted 8/31/2008 3:36 PM
#65479
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I have two more things you can try. Rename Malwarebytes' Anti-Malware to Malwarebytes' Anti-Malware.bat




See if you can run it now. The other thing, have you tried a systemrestore ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 8/31/2008 5:00 PM
#65486
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
That didn't work either.
Can't do a system restore as can't restore to anything before the current month & have been on holiday for most of Aug so no decent points to restore back to.

I'll leave it a couple of days before I re-install XP so let me know if you have any other suggestions.
Thanks for all your help
Posted 9/2/2008 6:24 PM
#65570
User avatar

Kaz Member

Date Joined Nov 2016
Total Posts: 7
Don't suppose any of this comes with any manual instructions as I cannot run anything downloaded from the internet (not win32 application error)?

Also, I do not have the right software to unpack the rootrepeal.rar file & I cannot download software from the internet etc etc!
Posted 9/3/2008 3:45 AM
#65587
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
It don´t look to good :rolleyes:




See if you get the - not win32 application error
- when you will run one of these ->



https://www.uploads.ejvindh.net/rootchk.exe

Download Rootkit Unhooker:
https://rapidshare.com/files/134701885/RkU3.8.340.551.rar.html



https://www2.gmer.net/gmer.exe







If you can, I´ll give you instructions in next reply.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/9/2008 5:14 PM
#65806
User avatar

stacksofamber Member

Date Joined Nov 2016
Total Posts: 1
"Touch" wrote:
Ok. I´ve found a new link for Malwarebyte, see if you can download it from there ->





Please download Malwarebytes' Anti-Malware:

https://www.spywarefri.dk/downloads1/mbam-setup.exe



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Copy and Paste that log into your next reply, along with fresh hijackthis log.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, May 17, 2022, 7:25 AM (GMT +2)
There are a total of 61,972 posts in 13,696 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,682 registered members. Please welcome our newest member, frosty.
468 Guest(s), 0 Registered Member(s) are currently online.