Computer Hope
Software => Computer viruses and spyware => Topic started by: Shynnie on February 19, 2008, 02:22:41 AM
-
I'm running officeScan console on my pc at work. I run the scan and it picked up some viruses and it could not delete two files.
Q. does anyone know about this virus and is it harmfull S_NYXEM.E the scan cant delete it.
-
The worm has a dangerous payload. If the date is equal to 3 (3rd of February, 3rd of March, etc) and the worm’s UPDATE.EXE file is run, it destroys files with those extensions on all available drives:
*.doc
*.xls
*.mdb
*.mde
*.ppt
*.pps
*.zip
*.rar
*.pdf
*.psd
*.dmp
http://ipadventures.com/2006/01/26/nyxeme-worm-in-case-you-hadnt-heard/
Removal tools here
http://www.f-secure.com/v-descs/nyxem_e.shtml
-
Please see here. http://www.computerhope.com/forum/index.php/topic,46313.msg290095.html#msg290095
-
MY IE 7 is not working anymore and my home page is not coming up. I'm now using Mozilla Firefox at the moment.
Thanks guys
-
All you have to do is post the logs and we will help.
-
evilfantasy thanks i'm currently busy with CCleaner found alot of useless files and deleted them. I'm doing scanning and will post HJT file.
My IE 7 is not opening any page but Mozilla is working so i uninstaled it just now.
Thanks
-
No problem, we should be able to get it figured out.
-
I'm quickly running SuperAntiSpyware.
Will paste a log file after rebooting.
Thanks man.
-
It have detected 130 threats, adware tracking cookies but its still scanning.
-
I cant even visit computer hope with IE7 (page can not be displayed) but mozilla is displaying it very well.
-
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on 19 February 2008 04:36:40 PM
* VPS: 080214-0, 2008/02/14
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on 19 February 2008 04:54:43 PM
* VPS: 080214-0, 2008/02/14
*
C:\DOCUME~1\FORTUN~1.BW\LOCALS~1\Temp\{C75FDB30-ECFC-482D-A081-8A5326B2BFED}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\pskavs.dll [L] Win32:CTX (0)
File was successfully deleted...
-
SUPERAntiSpyware_Scan_Log_-_02-20-2008_-_09-11-46.log
[file cleanup - saving space - attachment deleted by admin]
-
Log after restating the pc.
[file cleanup - saving space - attachment deleted by admin]
-
Need the ESET log and then a Hijackthis log.
-
I'm busy wuth those onces now. hey man my IE7 is working now.
Ok i unistalled the SPY and CCleaner now i'm installing the other two.
I'll post them just now.
Thanks
-
After clicking activex it pups up if i want to install the software or Dont install.
Which one do i pick now.
-
evilfantasy i cant use the online scanner i guess i'll skip that step and go on with the rest, since i dont want to install anything from the net that sounds suspiciouse. i'm now busy with Dr.Web
Thanks
-
Dr.Web log file
[file cleanup - saving space - attachment deleted by admin]
-
Hijackthis
[file cleanup - saving space - attachment deleted by admin]
-
You need to run the ESET scan, that will include allowing it to install!
Then run the SuperAntispyware again only this time follow the instructions and do a Full system scan instead of the quick scan.
Uninstall the version of Hijackthis you have and install the new version from the removal instructions. Once the other two scans are complete then run a new Hijackthis scan and post the log also.
Post those three logs when you are done.
-
Ok im working on it now. Its 7:40 in the morning now.
Thanks Evlifantasy
-
ON ESET i got error: Update Failed (200)
-
Use the Trend Micro Housecall Scan (http://housecall.trendmicro.com/us/index.html)
- Click Scan Now. It's Free
- Read and put a Check next to Yes, I accept the Terms of Use
- Then click Launch HouseCall Wait for the Java-Based Housecall Kernel Test
- Click Starting Housecall and wait for the updates to finish.
- Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
- It will download the latest scan engine and pattern files. When the definitions have been downloaded, the scan will start.
- Please wait while HouseCall scans your system…
- Once the scan is complete, it will take you to the summary page.
- Under Cleanup options choose Clean all detected infections automatically
- Click the Clean now>> button.
- When presented with a notification According to your instructions, all detected infections were cleaned..., click OK
- The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
-
Ok
-
Trend Micro Housecall Scan is busy and SuperAntiSoyware is busy. I have downloaded the new version of HJT and will post the 3 logs after i finish.
On my tool bar there is Y! i think its yahoo search i also dont want this i wabt google search bar.
Thanks
-
We will take care of that after the malware is gone.
-
I like to save my log file on the desktop, that way is easy to upload them...
Evil were are you geographically cause i'm in Africa (Namibia)?
-
Yes saving them to the desktop is the best way.
I am in the USA.
I may be logging off soon as it is late here but we will finish this.
So just to clarify. The logs you will need are:
Housecall log
SuperAntispyware log
After those two are completely done and the computer has been restarted, run a new Hijackthis scan and post that log also.
-
Thanks man.
USA is my dream country i only see it on TV and last night i was watching CNN about Hillary on election.
Here its still morning time like 8:30am now. Dont worry as soon as i finish with the two scan i will post the logs and restart and then do HJT then post it also.
Man you can go to sleep and rest then wen u wake up is wen u can have a look at it with a fresh mind.
Thanks Bra
-
SuperAntiSpyware has detected a Adware.trackingcookie 6 items infected.
When i highligh something that i want to copy a Y! pops up, with a dropdown menu.
-
Thats part of Yahoo search.
Also post an uninstall list.
Create An Uninstall List- Start HijackThis
- Click on the Open the Misc Tools section
- Click on the Open Uninstall Manager button.
- Click on the Save list button and specify where you would like to save this file and click Save.
- When you press Save button a notepad will open with the contents of that file.
- Copy and paste that list in your reply.
-
Must i do it know or wait the for the scans to finish/
-
An Uninstall List
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Bank Windhoek Teller Application
Borland Delphi 6
BusinessObjects 6
CAB Bureau Application - SQL Version
Crystal Reports
Crystal Reports 10
Enterprise Architect 7.0 - 30 Day Trial
ESET Online Scanner
eSocket.web
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Home Media Server 4.0.0.0072
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB915865)
HP Display Assistant
IDEAL Software dycodoc 1.0
InfoSlips ForMe. Viewer
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD Recorder
J2SE Development Kit 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 2
Macromedia Flash Player
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync 3.7
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft ODBC .NET Data Provider
Microsoft Office 2003 Web Components
Microsoft Office Professional Edition 2003
Microsoft Project 2000
Microsoft Silverlight
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Reporting Services Developer Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English) (May 2007)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Reporting Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2004
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual SourceSafe 2005 - ENU
Microsoft Visual Studio .NET Enterprise Architect 2003 - English
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox (2.0.0.8)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NetBeans IDE 5.0
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
PDF Complete
PDF Creator Pilot 3.6 Demo
PhoenixXM
Promotional Items
QuickTime
Rapid SQL 7.2.0
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sitara
Sony USB Driver
SQL Anywhere Studio 8
SQLXML4
SUPERAntiSpyware Free Edition
Sybase Adaptive Server IQ 12
TaskManager
TaskManager
TaskManager
TaskManager
Teller Application for Terminal Services
TextPad 4.7
Tilos Application Server 2.2
Tilos Database Server 2.2
Tilos_API_Build_2_2_19
Trend Micro OfficeScan Client
Update for Windows XP (KB938828)
Virtual Print Engine v3.50 R1 Enterprise Edition 32-Bit
VNC 3.3.4
WIDCOMM Bluetooth Software
Windows Communication Foundation
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Server 2003 Service Pack 1 Administration Tools Pack
Windows Workflow Foundation
WinRAR archiver
WinSQL Lite
WinZip
Wormux (remove only)
Your Uninstaller! 2006 Version 5
-
House Call log
The rest is
#Trend Micro HouseCall - Storage of detected incidents
#Thu Feb 21 10:14:50 CAT 2008
scanned.pattern.type=malware,grayware,system.grayware,vulnerability.software
system.username=FortunatoM
infectivethreats.failed.reason=
infectivethreats.type=
created=2008-02-21 08\:11\:59 CAT
personalize=false
infectivethreats.amount=1,1,1,1,1
vulnerabilities.type=software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software,software,software,software,software,
software,software,software,software,software
system.ip=192.168.104.112
scanned.pattern.version=511700,58100,60900,8200
system.architecture=x86
infectivethreats.class=grayware,grayware,grayware,grayware,grayware
infectivethreats.failed.amount=
infectivethreats.removed=1,1,1,1,1
scanned.count=0,0,52093,1
scanned.engine.version=-16,-16,500001060,532001011
infectivethreats=COOKIE_2O7,COOKIE_HITBOX,SPYWARE_TRAK_CULREMOT.11,COOKIE_LIVEPERSON,ADWARE_SCREENSAVERS
scanned.engine.type=main,main,system,system
vulnerabilities=MS07-009,MS07-008,MS07-007,MS07-006,MS06-070,MS07-004,MS07-003,MS06-075,MS05-027,MS05-026,
MS05-032,MS05-033,MS07-019,MS06-060,MS07-015,MS07-017,MS06-063,MS06-064,MS07-011,MS07-014,MS06-066,
MS07-013,MS06-068,MS05-039,MS05-036,MS05-045,MS04-043,MS05-042,MS04-044,MS05-043,MS04-041,MS05-040,
MS05-001,MS05-041,MS06-054,MS07-025,MS07-024,MS06-052,MS06-053,MS07-022,MS06-050,MS06-051,MS07-027,
MS07-020,MS06-058,MS07-021,MS06-057,MS06-056,MS05-049,MS05-048,MS05-008,MS05-047,MS05-007,MS05-046,
MS02-020,MS05-053,MS02-039,MS05-050,MS05-051,MS05-011,MS05-012,MS06-041,MS07-034,MS07-033,MS07-035,
MS06-040,MS06-046,MS06-045,MS06-048,MS07-031,MS05-013,MS05-016,MS05-015,MS05-018,MS05-019,MS06-033,
MS06-032,MS06-030,MS07-041,MS07-045,MS06-036,MS06-035,MS06-039,MS07-050,MS07-057,MS07-058,MS07-056,
MS06-025,MS06-027,MS06-028,MS07-061,MS07-064,MS07-069,MS06-018,MS06-014,MS06-015,MS06-006,MS06-007,
MS06-008,MS06-002,MS06-003
infectivethreats.failed=
domain=housecall65.trendmicro.com
implementation=html/java
-
More log from housecall
[file cleanup - saving space - attachment deleted by admin]
-
Spyware
[file cleanup - saving space - attachment deleted by admin]
-
Logfile of Trend Micro HijackThis v2.0.2
[file cleanup - saving space - attachment deleted by admin]
-
Go to C:\Documents and Settings\UserName\.housecall\log and see if you can find the log from Housecall that shows what was scanned and/or removed.
(http://i154.photobucket.com/albums/s258/evilfantasy69/javaicon.jpg) Your Java is out of date.
Older versions of Java have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version(s) of Java components and update.
Step 1 - Get the new version
- Go to the Sun Java Download Page (http://"http://java.sun.com/javase/downloads/index.jsp")
- On the Sun Java page scroll to the 4th download.
- (http://i154.photobucket.com/albums/s258/evilfantasy69/java.jpg)
- Click the (http://i154.photobucket.com/albums/s258/evilfantasy69/javabutton-1.jpg) button and choose the options.
- Platform Windows
- Language English
- Next place a check mark in the box to agree to the License Agreement.
- "I agree to the Java SE Runtime Environment 6 License Agreement"
- Click Continue
- Click on the link to download Windows Offline Installation and save to your desktop.
- Then from your desktop double-click on jre-6u4-windowsi586-p.exe to install the newest version.
- Follow the prompts to complete the installation.
Step 2 - Remove old version(s)
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
- Uninstall
- J2SE Development Kit 5.0 Update 6
- Java 2 Runtime Environment, SE v1.4.2
- Java(TM) 6 Update 2[/color]
- Do not remove Java 6 Update 4
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each old Java version.
- Restart your computer once all Java components are removed.
Step 3 - Remove old folder(s)
- Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
- Open the Java folder and delete any subfolders except the jre1.6.0_04 folder which was just created by the newest Java installation.
----------
Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version.
Mozilla Firefox 2.0.0.12
You can update it by clicking Help > Check for updates...
----------
Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
- Finally add the contents of the Report.txt in your next post.
----------
Next post add
SDFix log
NEW Hijackthis log
-
Morning
I cant find the log from housecall maybe i didnt save it.
I'm updating my java then i'll remove the older version.
Thanks
-
This will take long due to time difference, cause when its day here you are already sleeping by then.
Firefox is taking forever to finish downloading.
I'll paste the two log files once i finish. Does my PC look healthy?
Many thanks
-
I need the SDFix and Hijackthis logs.
-
HJT LOg
[file cleanup - saving space - attachment deleted by admin]
-
SDFix log?
-
DrWeb
[file cleanup - saving space - attachment deleted by admin]
-
Download SDFix.exe (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
- Finally add the contents of the Report.txt in your next post.
----------
Next post add
SDFix log
NEW Hijackthis log
-
Morning Evil
Its been a long time due to time diference. I cant boot to safe mode since this is the work computer, but i can do it after work when everyone is gone home. I dont want to get in trouble with the system admins for doing that.
I have dowloaded SDFix.exe but i'll only use it later sine i'm working on this pc.
Will that be cool wit u?
-
I don't want you getting in trouble.
Just post a new Hijackthis log and let me know how the computer is acting now.
-
So far the computer is acting very good after we did those removals, an i just want to thnk you for everything we did.
I have posted HJT and my trendmicro log just for you see. I cant find my log for Trend Micro.
[file cleanup - saving space - attachment deleted by admin]
-
Click Start > Run and type in: services.msc
Click OK
In the Services window find: CSNetManagerXp
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
----------
Download FileASSASSIN (http://www.malwarebytes.org/FileASSASSIN.zip) and save to your desktop.
- Double click fa-setup and let it install to the default location.
- Open the folder and double-click on FileASSASSIN.exe.
- Copy the below blue file path and then paste it in FileASSASSIN's window.
- C:\WINDOWS\system32\isass.exe
- Start with the default removal method:
- "Attempt FileASSASSIN's method of file removal" by placing a check mark in the following boxes.
- Unlock locked file handles
- Unload modules
- Terminate the file's processes
- Delete file[/b]
- Click Execute and the removal process will begin.
- If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
----------
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSet up1.0.0.8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing)
Important: Close all windows except for Hijackthis and then click Fix checked.
Exit Hijackthis.
----------
Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.
Download OTMoveIt2 by OldTimer OTMoveIt2.exe (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and place it on your desktop. (unless you already have it installed)
1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2
This is a good time to clear your infected system restore points and establish a new clean restore point:
- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and click Next.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Next to System Restore click Clean up...
This will remove all restore points except the new one you just created.
Here are some great tools to help you keep from getting infected again.
Spybot Search & Destroy (http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1) - A safe and effective spyware scanner.
* Official Spybot Tutorial (http://www.safer-networking.org/en/tutorial/index.html)
* Spybot FAQ (http://www.safer-networking.org/en/faq/index.html)
AVG Anti-Spyware Free Edition (http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0) - Very reliable with a high detection rate.
* AVG Anti-Spyware User Manual (http://free.grisoft.com/doc/5390/us/frt/0?prd=asf)
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* SpywareBlaster Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Comodo BOClean (http://www.comodo.com/boclean/CBO_download.html) - Stops trojans and many more malicious attacks.
Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
* Click here (http://www.freebyte.com/antivirus/#freefirewalls) for a list of free firewalls.
* Why would I consider a third party firewall? (http://www.microsoft.com/windowsxp/using/security/learnmore/atkin_firewall.mspx#EGF)
UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
* Help with Windows updates (http://support.microsoft.com/?scid=ph;en-us;6527)
Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place? (http://www.castlecops.com/postlite7736-.html)
Let me know how everything is now.
-
When i click execute i got this error
The file you have specified does not exit or is not visible to FileASSASSIN.Please select another file
-
Do this.
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete CSNetManagerXp
Click: OK
-
I just did that and it blicked only with a black thing like dos and its gone.
What else can i do?
-
That is normal, now just go through the rest of the steps.
-
Open Hijackthis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSet up1.0.0.8.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
But this line was not there in the list...
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing)
Important: Close all windows except for Hijackthis and then click Fix checked.
Whats next
-
But this line was not there in the list...
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe (file missing)
That's good actually. Just move on to the OTMoveIt steps to finish up.
-
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
It says do you want to reboot now. Yes or No
Must i reboot?
-
Must i reboot
-
You don't have to right away but you will need to at the first chance you have.
-
Error. System Restore has been turned off by group policy. Turn on System Restore, contact your domain administrator.
Wow i guess this step is not for me. One more thing my computer doesnt alert me anymore when there are updates available from microsoft.
-
Your work must have the System Restore turned off.
To enable automatic updates.
Click Start > Control Panel > Automatic Updates
-
Thanks man.
I have an admin account that i think can do that also but i dont want to change anything i might get in trouble.
Thanks alot man this computer should be ok now. I'll just restart now and i'll let you know about the status.
Thanks alot
-
No probllem, glad we got it sorted out.
Safe surfing...........
-
Looks everything is ok but its only background picture is not displaying completely its only half way.
Thanks
-
No now its showing