| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 121870 | 2011-11-18 09:58:00 | HJT File | Kiwi_NZ (16633) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1244289 | 2011-11-20 06:41:00 | Try this --Download and Run Ccleaner ( link in my sig) then Download and run the trial of Trojan Remover (http://www.simplysup.com/) remove anything it finds, use its defaults - Then Under the Utilities, reset everything, including the Host file - that may have become altered as well. When you do that, you may get a blank page once you open IE, the address will be about:blank - this is normal. Go to the site you want as your home page and set it that. To do that, go to the page you want - Tools/Internet Options, then on the General tab, click "use Current"( click Apply/OK). Note: once you run Ccleaner, it may take out any saved cookies for auto login to any sites you have saved. Normally it will ask to do a scan for these cookies - allow it to save any if you have any sites as mentioned. Done ,but when,I try to open Trojan Remover,It runs by it self with no options or settings ,I cant find any options as mentioned,perhaps,I did somethink wrong >> remove anything it finds, use its defaults - Then Under the Utilities, reset everything, including the Host file - that may have become altered as well. I cant find these in Bold :o |
Kiwi_NZ (16633) | ||
| 1244290 | 2011-11-20 07:10:00 | When you install Trojan remover, it may auto run, just let it do its thing, then once finished, run it manually. when its auto running you will see possible various windows See Screen shots (www.simplysup.com) if it locates anything, looking at the Alert window in the screen shots, you will see one option is suggested, (the default) simply click OK, and it will carry on. Look along the top, you will see on the first window,the word Utilities,- click that, Simply click each option and it will either say its been reset, or no changes made, (words to that effect) The main one you want is the Host file resetting, as per the site: Reset Windows HOSTS file The Windows HOSTS file is a text file which stores website addresses. The file can be used to speed up access to websites you visit often - by equating the website name (e.g. microsoft.com) with its DNS address (e.g. 207.46.130.108), the web browser can find the website more quickly as it does not have to query a DNS Name Server. Some Malware programs add entries to this file, to either deny access to websites (usually security-related or antivirus company websites), or to re-direct access to websites of their choosing. This Utility will reset the HOSTS file to the default as installed, i.e. with no re-directs. |
wainuitech (129) | ||
| 1244291 | 2011-11-20 09:26:00 | When you install Trojan remover, it may auto run, just let it do its thing, then once finished, run it manually. when its auto running you will see possible various windows See Screen shots (www.simplysup.com) if it locates anything, looking at the Alert window in the screen shots, you will see one option is suggested, (the default) simply click OK, and it will carry on. Look along the top, you will see on the first window,the word Utilities,- click that, Simply click each option and it will either say its been reset, or no changes made, (words to that effect) The main one you want is the Host file resetting, as per the site: Well,now I cant open it,I get the following windows error : access voilation at 0x02940f9e (tried to write to 0x00000000) when I try opening it,or running it |
Kiwi_NZ (16633) | ||
| 1244292 | 2011-11-20 18:43:00 | If its a rootkit run tdsskiller (support.kaspersky.com) | Speedy Gonzales (78) | ||
| 1244293 | 2011-11-20 20:31:00 | If its a rootkit run tdsskiller (support.kaspersky.com) Kaspersky was clean found no infection,I found GMER,on the same link,downloaded an ran it,here is the log file: GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2011-11-21 09:32:29 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1237GSX rev.DL130M Running: 8jv26v9y.exe; Driver: C:\Users\Lappy\AppData\Local\Temp\kwdoapow.sys ---- Devices - GMER 1.0.15 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-6 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- not sure,if the above is of any help? |
Kiwi_NZ (16633) | ||
| 1244294 | 2011-11-20 20:47:00 | Trojan remover should have picked this up since it uses Gmer code. Did you update trojan remover first then click on scan? Get ccleaner (www.ccleaner.com) install it then go to options / advanced, then tick the 2nd option. Then click on run cleaner. Close browsers first. What have you installed that uses or needs Starforce?? Some sites say this is malware |
Speedy Gonzales (78) | ||
| 1244295 | 2011-11-20 21:14:00 | This is the culprit .....C:\Users\Lappy\AppData\Local\Temp\kwdoapow.sy s it needs to be removed. Also do a scan and remove this 8jv26v9y.exe | Pancake (6359) | ||
| 1244296 | 2011-11-21 04:27:00 | This is the culprit .....C:\Users\Lappy\AppData\Local\Temp\kwdoapow.sy s it needs to be removed. Also do a scan and remove this 8jv26v9y.exe Found and deleted : 8jv26v9y.exe .. not found: kwdoapow.sys Still getting redireceted to the same site, so assume >> kwdoapow.sys << bad boy is still at large ? |
Kiwi_NZ (16633) | ||
| 1244297 | 2011-11-21 04:30:00 | Download the TDSS / TDL4 Removal Tool by Bogdan BOTEZATU Note: This tool is intended for 64-bit systems; for computers running 32-bit versions of Windows, please use the 32-bit tool. Download 32-bit for Windows (www.malwarecity.com) Download 64-bit for Windows (www.malwarecity.com) Click the exe file to start and then click on the green scan button. |
Pancake (6359) | ||
| 1244298 | 2011-11-21 05:43:00 | Download the TDSS / TDL4 Removal Tool by Bogdan BOTEZATU Note: This tool is intended for 64-bit systems; for computers running 32-bit versions of Windows, please use the 32-bit tool . Download 32-bit for Windows ( . malwarecity . com/community/index . php?app=downloads&showfile=25" target="_blank">www . malwarecity . com) Download 64-bit for Windows ( . malwarecity . com/community/index . php?app=downloads&showfile=26" target="_blank">www . malwarecity . com) Click the exe file to start and then click on the green scan button . Done,still getting redirected though |
Kiwi_NZ (16633) | ||
| 1 2 3 4 | |||||