| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92701 | 2008-08-19 07:38:00 | Browser Hijacked | Blam (54) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698630 | 2008-08-20 11:34:00 | Also get Spyware Doctor (www.download.com) Starter edition, it may turn to a paid edition after a while , but it works fine the first few times. That dug out a further 53 different Infections after the others were run. ( late night tonight :( as you may guess) | wainuitech (129) | ||
| 698631 | 2008-08-21 07:55:00 | I scanned with spybot and syware doctor and they picked a few nasties up, but now this (www.imagef1.net.nz) message starts showing up (avast) and this (www.imagef1.net.nz) one after it. | Blam (54) | ||
| 698632 | 2008-08-21 08:02:00 | So did you reboot so it could scan ? And did you select delete for the rootkit? |
Speedy Gonzales (78) | ||
| 698633 | 2008-08-21 08:35:00 | Yes, but I didn't have enough time to scan will scan tommorrow, also avast keeps popping up saying its found a trojan horse. After deleting it shows up again and again. After scannign with mulyiple virus scanners clamwin pick this (www.imagef1.net.nz) up in teh memory, couldn't remove it though. | Blam (54) | ||
| 698634 | 2008-08-21 08:47:00 | Is system restore still disabled? If it isnt disable it Run Avast again then delete anything it picks up as suspicious See if this removes it (www.symantec.com) |
Speedy Gonzales (78) | ||
| 698635 | 2008-08-21 09:36:00 | Personally I'd suggest you download the trial version of Nod32 (www.eset.com) - As mentioned before Avast is OK but it appears to be missing infections. I have another customers PC that I collected here today, had the same antivirus xp 2008 and many more infections that Avast could not detect (fully up to date as well), the customer ran a full scan last night came up clean, Nod32 got a further 21 (as of 8.25 tonight - its still scanning). Make sure system restore is turned off, and look through those listings I posted last night for the location of AV2008, delete them if there. If you try nod, download This Zipped file (dl1u.savefile.com) extract its contents and read the article I wrote on how to set up nod. The pictures are there from the PF1 Website, as I don't know how long the links will stay active for. PS: The other PC with Antivirus 2008 - all clean now after running Malwarebytes/Spybot/ Spyware Doctor and Nod32 & Combofix. In Spyware Doctor go into the settings and tell it to scan for rootkits as well. |
wainuitech (129) | ||
| 698636 | 2008-08-21 10:53:00 | Is system restore still disabled? If it isnt disable it Run Avast again then delete anything it picks up as suspicious See if this removes it (www.symantec.com) Yes the symaytec thing didn't remove it, will scan with nod32 to see if it picks anyhting up. BTW hows system restore affect this? |
Blam (54) | ||
| 698637 | 2008-08-21 10:59:00 | If system restore is disabled, it shouldnt come back once you remove it Try booting into safe mode, find ckvo0.dll and delete it, and find that other file 2.cmd then delete it |
Speedy Gonzales (78) | ||
| 698638 | 2008-08-21 11:00:00 | In Simple terms - System restore keeps copies of the registry. If you have a infection and it gets into restore, when you remove the infections from your PC, and the PC reboots, the infection can reinfect if In restore. a Good AV will detect any infections in restore and wipe them as well. BUT some infections can be rather tricky, so by disabling restore it wipes all restore points. Here's an example of a part scan log:System Restore infection (www.imagef1.net.nz) &Rest of infection (www.imagef1.net.nz) - Nod32 detected these two infections in restore and killed them. look at the location. The down side of doing that is if you screw something up with restore disabled, you cant wind back the reg using restore. What you can do if you are worried about turning off restore is click start/run type in regedit press enter, when the registry editor open click File/export and save a copy of the registry to the C: Drive, that way if it all turns to custard there are ways of reimporting the current working copy back. Using C: drive makes it easier to get to as well if needed. |
wainuitech (129) | ||
| 698639 | 2008-08-21 11:15:00 | I think you've got PWS.OnlineGames which is a game password stealer Thats what ckvo0.dll belongs to Trojan remover should have picked it up since its in its database Or KAVKOP:Trojan-A. |
Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 7 8 | |||||