Computer Hope
Software => Computer viruses and spyware => Topic started by: kc9hgd on January 26, 2009, 02:44:48 PM
-
I was online and my volume control popped up, with out clicking on it. Computer locked up. Reboot computer and got error for Dr. Watson debug came up. Searched web and found this forum. Done everything listed, and i am posting logs. hope i posted in right place.
[attachment deleted by admin]
-
Looks like most of it was removed but there are still some entries to take care of.
Go to Add/Remove Programs and uninstall:
.
- Crawler, or anything with Crawler in the name.
- Spyware Begone <- This is a rouge program.
.
----------
Open HijackThis and select Do a system scan only.
Place a check mark next to the following entries: (if there)
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61000
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61000
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
- R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
- O2 - BHO: (no name) - {E234BDB0-FC21-43B4-B904-9FE3BBC673Aa} - (no file)
- O4 - HKLM\..\Run: [pyyjumvvmdpa] C:\WINDOWS\System32\hbdjfvw.exe
- O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
- O20 - Winlogon Notify: yayvvwu - yayvvwu.dll (file missing)
.
Important: Close all windows except for HijackThis and then click Fix checked.
Exit HijackThis.
----------
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Go to Start > Run and type notepad.exe then click OK
Copy and paste the below into Notepad and save as fixme.reg to Your Desktop
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"pyyjumvvmdpa"=-
"Spyware Begone"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.
Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.
Delete the fixme.reg from the Desktop.
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your Desktop
Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.
Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
Ok I done as asked, this is the log i have now for you.
Thanks
[attachment deleted by admin]
-
Norton Removal Tool (SymNRT) (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039) to your Desktop.
Once downloaded please close ALL open browsers, also save any work because this may require a restart.
- Go to your desktop and double click on the removal tool and then click Setup.
- Once open Click Next
- Accept the license agreement and click Next
- Type in the letters/numbers that you see into the text box then click Next.
- Then click Next and the tool will start running.
- Delete Nortonremoval tool from your Desktop.
.
----------
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
How is the computer running now?
,
-
Computer running much better. thanks for help. One more thing if you can help. Dell Dim 4550 Windows xp how do you disable log on to windows screen before computer boots completely up. thanks again
-
Get Rid of the Logon Screen - http://www.mydigitallife.info/2007/11/11/disable-and-turn-off-windows-xp-login-screen-and-show-traditional-nt-log-on-to-windows-box/
Final steps to help secure your PC.
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
- Click Start Now
- Check the box next to Enable thorough system inspection.
- Click Start
- Allow the scan to finish and scroll down to see if any updates are needed.
- Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.
Concerned about Browser Security? Consider using Mozilla Firefox (http://"http://www.spreadfirefox.com/node&id=224248&t=324"). With more than 15,000 improvements, Firefox 3 is faster, safer and smarter than ever before.
For Internet Explorer 7 users there is IE7Pro (http://www.ie7pro.com/). IE7Pro is a must have add-on for Internet Explorer, which includes a lot of features and tweaks to make your IE friendlier, more useful, more secure and customizable.
To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
* Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It May Not Be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smooth.