Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan:wareout
-
26-07-2007 6:18pm#1
Comments
-
-
-
-
-
Nah your in safe handsshould i be worried?
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
Download SDFix and save it to your Desktop.
Do not run it yet !!
Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
If you have internet connection problems then do the following :
Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
R3 - URLSearchHook: (no name) - {539DC6A6-93A7-2BFD-EDEB-88EB10B61128} - atl_helper.dll (file missing)
O4 - HKLM\..\Run: [new32] abrek.exe
O4 - HKLM\..\Run: [syspanel] scanSYS.exe
O4 - HKCU\..\Run: [killall] cmon14.exe
O4 - HKCU\..\Run: [NopeZ] keybdll.exe
O4 - HKCU\..\Run: [PasswdMon] srbho.exe
O4 - HKUS\.DEFAULT\..\Run: [killall] cmon14.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [NopeZ] keybdll.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PasswdMon] srbho.exe (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.164,85.255.112.112
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
3. Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.
4. Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
SPYMARSHAL
Please note any other programs that you dont recognize in that list in your next response
5. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders in bold (if present):
C:\PROGRAM FILES\SPYMARSHAL
6. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files in bold (if present):
C:\WINDOWS\system32\abrek.exe
C:\WINDOWS\system32\scanSYS.exe
C:\WINDOWS\system32\cmon14.exe
C:\WINDOWS\system32\keybdll.exe
C:\WINDOWS\system32\srbho.exe
C:\WINDOWS\web\related.htm
Next
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
When you are finished, please reboot the computer normally, and post the SDFix report, the FixWareout report and a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered.0 -
Advertisement
Advertisement