Ok, here is the log.
Junior Member
Ok, here is the log.
Last edited by Glassman; 01-08-2007 at 10:33 PM.
High-Voltage Messiah
Ok - Let's continue:Originally Posted by Glassman
--- Download ATF-Cleaner.exe by Atribune to your Desktop. Just leave it for now . . .
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please boot to Safe Mode.
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.
The tool will create a Fresh rapport.txt Please post that log for me.
______________________________
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT
______________________________
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted Zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Note: If you use SpywareBlaster and/or IE-SPYAD, you will need to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
Give me a fresh Rapport and an update on what problems remain.
Gotta run - will try to check back later tonight...
PP
Last edited by PhilliePhan; 01-04-2007 at 07:04 PM.
Junior Member
Ran ATF and Smitfraud and reprotected all within Spywareblaster, but the problem is still exactly the same. I assume my HJT log was clean, because you did'nt remark on it. Attached is the new rapport.
Let me comment on the problem once again: The whole entire screen looks like a readout of a DNA test. When I move any window, the screen either blacks out, or turns all green. Also, my screen res seems lower, but it may be the effect of the dash pattern. In safe mode the dashes become larger and fewer, and the blackout ceases, but they cover the screen nonetheless.
Also, I am getting a new message that pops up upon startup :
System error! add icon fault
or fail, can't quite tell because of screen)
The messege is contained within a small window titled 'Flash Icon'
I can't tell what the result of the error actually is.
Some icons do not even appear, that might be the result.
In addition, while looking at progrm list, I noticed four MSXML entries, three relating to SP2 and one which is a parser?? I am not familiar with these, and they are probably OK, but I thought I'd throw that out there. Sorry,on closer inspection, these are legit. I guess i'm getting desperate!!
GM
Last edited by Glassman; 01-08-2007 at 10:33 PM.
High-Voltage Messiah
This may take a few tries - I'm tied up doing ten things at once! (such is the life of a Forum Volunteer!We tend to visit the forums as a break from "real-life" work... )
HijackThis looked OK - There are a few things that need fixing, but we'll get to that after we figure out the hard stuff.
HijackThis does not give us a complete picture of your machine, hence we will use a number of different tools.
-- While I remember, you can uninstall BigFix, if you haven't already
-----------------------------------
See what you can find here:
Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you may see a checked entry called Security Info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
------------------------------------
Please go to this link and follow the instructions to scan with WinPFind by OldTimer.
Also, do that Online Kaspersky Scan - I'd like to see what it turns up, if anything.
Please submit the WinPFind Log and Kaspersky Scanlog for me
Hang in there
PP
High-Voltage Messiah
Hi GM,
I put together something on the fly that will give us a look at some settings that may have been altered by malware.
Please download the attached peekaboo.zip and Extract peekaboo.bat to your Desktop.
-- DoubleClick peekaboo.bat to run it and a Log (peek.txt) should pop up
-- Please attach peek.txt for me
PP
Last edited by PhilliePhan; 01-26-2007 at 06:45 PM.
Junior Member
Alrighty...ran WinPFind and your peekaboo bat and here are the logs.
One note...AVG antivirus found another trojan while running WinPfind. I should have put it in the vault, but I went ahead and got rid of it. I believe it was .../system32/rasadhlp ??? I just can't recall. Im sure AVG logged it; so let me know if you want to see it again. Also, i could not get the online scan to work; when i download the ActiveX control, the screen reverts to the intro screen, with no button to initiate the scan.
GM
Last edited by Glassman; 01-08-2007 at 10:33 PM.
High-Voltage Messiah
Hi GM,
Man, staring at those logs is making my head hurt!!
I cannot find anything in them pointing to your problem. I see a couple items that are remnants of smitfraud, but I think most of that baddie was removed some time ago prior to running s!ri's fix...
Have you tried doing a System Restore? It might be a good idea if we regroup and take a few steps back. Let's try to restore to a point before you noticed the problem and go from there.
Sure, it may bring back some problems, but at least we'll be able to see them and deal with them...
Let me know what you think.
PP
-- BTW: Did you find anything when you did the below?
Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you may see a checked entry called Security Info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
