maindwxp

[varun]

i found maindwxp malware.   i think it comes frm orkut...

i saw it in process list in window taskwar... also its present in startup option in msconfig... 

i removed it frm processes and also check frm startup....

but nortan antivirus 2007 is not able to detect this. also i tried window defender which is also unable to detect it...

so what can i do to get rid of it;;;;

is it very harmful for system

[Deerpark]

Start here
Please read this before requesting help.

[varun]

during installation of sp1a i got setup error msg...

" setup has detected that the srvice pack version of the system installed is newer than the update you are appling to it.

you can only install the update on service pack1."

rest all i have done

here are the log files

[recovering space - attachment deleted by admin]

[Broni]

What SP1a are you talking about? Why did you try to install it, since you have SP2 installed?

Is Windows firewall ON?

Go to Add\Remove, and uninstall Rediff Toolbar, if present.

Post new HJT log.

[macdad-]

varun, Norton is not capable of detecting malware, but download a program called Ad-Aware from download.com it IS capable of detecting and deleting malware.

[varun]

Start here
Please read this before requesting help.

under instruction it is given to download sp1a...

i deleted rediff toolbar as per ur instruction

here is the new hjt log

[recovering space - attachment deleted by admin]

[patio]

varun, Norton is not capable of detecting malware, but download a program called Ad-Aware from download.com it IS capable of detecting and deleting malware.

macdad:

If you receive advice from someone other than the approved Malware Removal Specialists, you do so at your own risk.  We are not responsible if you take potentially inaccurate/harmful advice from someone who is not a designated helper.  Anyone interested in joining the crew must have a good amount of experience and submit references to CBMatt (Chris) in a PM.  References will be checked.  Others posting advice without approval are subject to have their posts removed immediately as the wrong advice is too risky.  We welcome new helpers so if you are interested, follow the above guidelines.

[varun]

from today i also found a problem in my internet explorer 7.0
i posted this problem as a seprate post in internet browser forum

http://www.computerhope.com/forum/index.php/topic,53306.0.html


plz look at it also....

[macdad-]

srry patio, i just wuz trying to help, since Ad-Aware is actually a certifictied anti-malware prog and that it helped me deleted all the malware on my comp so i wanted to lend a hand.

[patio]

I understand...however his infection is identified as a Trojan which AdAware is not designed to deal with....

[macdad-]

o srry.

[Broni]

under instruction it is given to download sp1a...

Oh, that's in case, you don't have any SP installed. You're fine here.

Does your Norton include firewall, or you have Windows firewall on?

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar

4. Click on "Fix checked" button.

5. Turn off System Restore:

- Windows XP:
   1. Click Start.
   2. Right-click the My Computer icon, and then click Properties.
   3. Click the System Restore tab.
   4. Check "Turn off System Restore".
   5. Click Apply.   
   6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
   7. Click OK.
- Windows Vista:
   1. Click Start.
   2. Right-click the Computer icon, and then click Properties.
   3. Click on System Protection under the Tasks column on the left side
   4. Click on Continue on the "User Account Control" window that pops up
   5. Under the System Protection tab, find Available Disks
   6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
   7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
   8. Click OK

6. Restart computer.

7. Turn System Restore on.

8. Post new HijackThis log.

[varun]

i am also facing problem with my internet explorer 7.0

which i posted in internet browser forum

plz see 
http://www.computerhope.com/forum/index.php/topic,53306.0.html

and here is the is the new log

[recovering space - attachment deleted by admin]

[Broni]

The log is clean.

Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner

Let me know afterwards how your computer is doing.

[varun]

hiii

after analyzing when i click on runcleaner tab i got the msg

"rundll

error in intetcpl.cpl

missing entry:clearmytracksbyprocess"


and also internet explorer give error still not working.....


these are log files for runcleaner and registry

[recovering space - attachment deleted by admin]