Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: maindwxp  (Read 21246 times)

0 Members and 1 Guest are viewing this topic.

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: maindwxp
« Reply #30 on: March 21, 2008, 02:18:20 AM »
    Hi Broni and varun.

    To remove IE7

    First download the IE6 installer to the desktop just in case you need it. (don't install it)
Download Internet Explorer 6

If you are unable to see IE7 in Add or Remove Programs follow these steps:
  • Click Start
  • Click Run
  • Type or copy and paste, into the text box:
  • %windir%\ie7\spuninst\spuninst.exe
  • Then Press Enter
  • Restart your computer.
.
Now try to open internet explorer. If it doesn't work the run the installer for IE6 you just downloaded. If IE6 does work then delete the installer from the desktop.

varun

    Topic Starter


    Beginner

    Re: maindwxp
    « Reply #31 on: March 21, 2008, 08:55:32 AM »
    thanks evilfantasy and broni...

    now ie7 problem is solved.

    i downloded it again frm microsoft. and it remove previous explorer automatically at the time of downloding.

    now the problem left is maindwxp.  plz see my hijack log and tell me what to do know.

    and also i want to know uptil know what the problem with my system. actually i am
    computer science student so want to know details for knowledge.

    Broni


      Mastermind
    • Kraków my love :)
    • Thanked: 614
      • Computer Help Forum
    • Computer: Specs
    • Experience: Experienced
    • OS: Windows 8
    Re: maindwxp
    « Reply #32 on: March 21, 2008, 07:24:36 PM »
    Thanks, evil :)

    varun

    1. Turn off System Restore:

       1. Click Start.
       2. Right-click the My Computer icon, and then click Properties.
       3. Click the System Restore tab.
       4. Check "Turn off System Restore".
       5. Click Apply.   
       6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
       7. Click OK.

    2. Restart in Safe Mode.

    3. Go Start>Run, type in:
    regedit
    Click OK.
    Registry Editor will open.
    Click File>Export, and save your registry to safe location.Navigate to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    One of the services listed there will be Partizan, and its value: "Group" = "Boot But Extender"
    Right click on Partizan entry, and click Delete.

    4. Close Registry Editor, and open Windows Explorer.
    Navigate to:
    C:\windows\pss
    and delete maindwxp.exe file

    5. Restart in Normal Mode. Turn System Restore on. Create fresh Restore Point.


    varun

      Topic Starter


      Beginner

      Re: maindwxp
      « Reply #33 on: March 26, 2008, 02:42:51 PM »
      hi broni

      sorry for late reply

      i deleted maindwxp from the location but dint see any file named as partizen in location given by you.

      i also attached the recent highjack log,  i saw again rediff toolbar in the log, but this time it is not present in the add/remove.

      is my system safe now,

      also plz decribe me actually what was the problem with my system.

      in add/remove yahoo toolbar is present can i delete it also. is toolbar harmful for system. why??

      varun

        Topic Starter


        Beginner

        Re: maindwxp
        « Reply #34 on: March 26, 2008, 02:46:59 PM »
        here is the log

        [recovering space - attachment deleted by admin]

        Broni


          Mastermind
        • Kraków my love :)
        • Thanked: 614
          • Computer Help Forum
        • Computer: Specs
        • Experience: Experienced
        • OS: Windows 8
        Re: maindwxp
        « Reply #35 on: March 26, 2008, 06:39:24 PM »
        Open HJT, and checkmark following lines:
        - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
        - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
        - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
        - R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
        Click "Fix checked".
        Restart computer, and post new HJT log.

        P. S. You were infected with The Orkut Worm (maindwxp.exe). More info: http://www.symantec.com/enterprise/security_response/weblog/2008/02/the_orkut_worm_digging_deeper.html


        varun

          Topic Starter


          Beginner

          Re: maindwxp
          « Reply #36 on: March 29, 2008, 04:54:46 AM »
          NEW LOG

          [recovering space - attachment deleted by admin]

          Broni


            Mastermind
          • Kraków my love :)
          • Thanked: 614
            • Computer Help Forum
          • Computer: Specs
          • Experience: Experienced
          • OS: Windows 8
          Re: maindwxp
          « Reply #37 on: March 29, 2008, 09:05:42 AM »
          Looks good...

          HJT log is clean.

          1. Turn off System Restore:

          - Windows XP:
             1. Click Start.
             2. Right-click the My Computer icon, and then click Properties.
             3. Click the System Restore tab.
             4. Check "Turn off System Restore".
             5. Click Apply.   
             6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
             7. Click OK.
          - Windows Vista:
             1. Click Start.
             2. Right-click the Computer icon, and then click Properties.
             3. Click on System Protection under the Tasks column on the left side
             4. Click on Continue on the "User Account Control" window that pops up
             5. Under the System Protection tab, find Available Disks
             6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
             7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
             8. Click OK

          2. Restart computer.

          3. Turn System Restore on. Create new Restore Point.

          4. Run CCleaner one more time.

          6. Download, and install free ThreatFire: http://www.threatfire.com/, which will give you real-time protection against malwares.
          It won't interfere with your antivirus, nor firewall.

          7. Let me know, how your computer is doing.

          varun

            Topic Starter


            Beginner

            Re: maindwxp
            « Reply #38 on: March 31, 2008, 10:41:49 AM »
            rest is normal but sometimes on system tray i saw mcafee icon.. 
            my antivirus is nortan
            previosly it was mcafee

            and when i tried to click that icon it disappeared surprisngly
             
            can i delete registry backup files that was save during ccleaner

            Broni


              Mastermind
            • Kraków my love :)
            • Thanked: 614
              • Computer Help Forum
            • Computer: Specs
            • Experience: Experienced
            • OS: Windows 8
            Re: maindwxp
            « Reply #39 on: March 31, 2008, 06:32:40 PM »
            Quote
            but sometimes on system tray i saw mcafee icon..
            Thank you for sharp eye. Apparently, I missed something.

            Disable Windows Defender, as it'll interfere with cleaning process:
               * Open Windows Defender
                * Click Tools
                * Click General Settings
                * Scroll down to Real Time Protection Options
                * Uncheck Turn on Real Time Protection
                * After you uncheck this, click on the Save button
                * Close Windows Defender

            Open HijackThis, and checkmark following lines:
            - O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
            - O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
            Click "Fix checked".

            Restart computer, and post new HJT log.

            As for CCleaner backup, I'd leave it for a week, or so. If everything works fine, you may delete it.

            varun

              Topic Starter


              Beginner

              Re: maindwxp
              « Reply #40 on: April 02, 2008, 06:07:07 AM »
              sometimes on system tray i saw mcafee icon.. 
              and when i tried to click that icon it disappeared surprisngly
               

              why this happened.... why this disappeared.....

              i post a new log....

              now can i on windows defender or remain it off.....

              [recovering space - attachment deleted by admin]

              varun

                Topic Starter


                Beginner

                Re: maindwxp
                « Reply #41 on: April 02, 2008, 02:09:09 PM »
                also in msconfig under services i can see mcafee framework service which is marked (right).  and in c drive under program files this folder mcafee in which frame work services is present....

                so can i delete this folder or uncheak service in msconfig......

                Broni


                  Mastermind
                • Kraków my love :)
                • Thanked: 614
                  • Computer Help Forum
                • Computer: Specs
                • Experience: Experienced
                • OS: Windows 8
                Re: maindwxp
                « Reply #42 on: April 02, 2008, 05:39:55 PM »
                You can keep Windows Defender on, no problem.

                We'll delete McAfee folder in a moment. We must stop its service, first.
                Go Start>Run, type in:
                services.msc
                Click OK.
                Services window will open.
                Find McAfee Framework Service in the list, right click on it, click Stop.
                Right click again, click Properties, and under Startup type select Disabled from drop-down menu.
                Restart computer.
                Post new HJT log.

                varun

                  Topic Starter


                  Beginner

                  Re: maindwxp
                  « Reply #43 on: April 02, 2008, 10:01:52 PM »
                  i got the message

                  cant stop mcaffe framework service

                  error 5 : accesss is denied

                  Broni


                    Mastermind
                  • Kraków my love :)
                  • Thanked: 614
                    • Computer Help Forum
                  • Computer: Specs
                  • Experience: Experienced
                  • OS: Windows 8
                  Re: maindwxp
                  « Reply #44 on: April 02, 2008, 10:10:41 PM »
                  Restart in Safe Mode, and follow very same procedure.