Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: click to download official intrusion detection system  (Read 3939 times)

0 Members and 1 Guest are viewing this topic.

JohnBergt

    Topic Starter


    Greenhorn

    click to download official intrusion detection system
    « on: December 12, 2009, 09:10:55 PM »
    I have been able to remove most of the infection using the steps posted. However, I am still getting trojan errors in McAfee. I was able to restore command prompt, task manager, and regedit. Logs are attached. This is a seperate computer from the other issue I have logged.

    [Saving space, attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: click to download official intrusion detection system
    « Reply #1 on: December 17, 2009, 01:34:37 PM »
    Hello JohnBergt and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.

    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"

    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    (Description: RealPlayer system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)
    O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
    (Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    (Description: Adobe reader startup - unnecessarily uses system resources.)
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    (Description: AOL system tray icon. Not necessary. Removing this entry will free up a small amount of system resources.)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Filter hijack: text/html - {01a4b6d4-2fab-44d2-ab4c-4714ee9616ed} - C:\WINDOWS\mark_32.dll


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

    ComboFix

    Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
    Double-click combofix.exe and follow the prompts.
    When finished, ComboFix will produce a log for you.
    Post the ComboFix log and a new HijackThis log in your next reply.

    NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
    Windows 8 and Windows 10 dual boot with two SSD's