| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92456 | 2008-08-11 05:30:00 | Continued Win32/Gaelicum.A | gkar (5215) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 696419 | 2008-08-11 05:30:00 | Hi, I have been plagued with continued, multiple threats of the above virus for some months, now. I have tried a number of attempted solutions to no avail. I have used computers for over ten years with no history of virus infections until this last year. Historically, there have been a small number of folders which are continually infected, ie. my default downloads folder in my boot drive partition & an area on a data partition where I usually store my programme & apps backups. As executables are always the only files compromised, I assume this virus can only infect that file type. I recently spent some four days following this page www.wilderssecurity.com The only issues I had appeared to be a couple of hack-related sites in my favourites folder from some years back. I had forgotten about them. I deleted & repeated the instructions as detailed until my system showed clear for three entire checks. My system remained clear for some weeks, but now the issue is back & as I started to write this, I had to delete some number of files, including the virus programme executable files of Hijack This, DSS, & other files. Whatever is causing this is somehow reinfecting my system. Because I am not literate when it comes to virus', what can cause this particular virus to infect a system? Where can it hide? And what can be done to prevent it? I have done all the normally specified preventions, like setting defaults & disabling activeX files. Thanks. |
gkar (5215) | ||
| 696420 | 2008-08-11 05:34:00 | Disable system restore, then rescan with your Antivirus software (Get Eset Smart Security or Nod 32, they are the best). Post a HijackThis log so that Speedy can analyze it. |
SPARTAN 860 (2618) | ||
| 696421 | 2008-08-11 05:42:00 | See if these 2 files remove it (www.grisoft.com) And yup post a hjt log |
Speedy Gonzales (78) | ||
| 696422 | 2008-08-11 05:43:00 | Thanks for the fast reply. Will do as stated. Should I always have system restore disabled? Also, as I use the free AVG antivirus, should I uninstall it, or just somehow disable it before I install one of the ones you posted? Cheers. PS. Thought I might get slow reaponse as I was interrupted in typing my thread title by the danged virus threats. Guess I shouldn't have worried. |
gkar (5215) | ||
| 696423 | 2008-08-11 05:44:00 | The link I posted, I dont think u install them, theyre small. Just put them in the same folder and run the exe file System restore SHOULD be disabled for now just in case it comes back Once its removed you can enable it Once it is removed, MAKE SURE Windows is up to date. As this exploits a vulnerability |
Speedy Gonzales (78) | ||
| 696424 | 2008-08-11 07:30:00 | OK. Installed & scanned using the files Speedy supplied. There were a number of files the programme was unable to open. It did a scan during reboot. The only files that were not able to be opened, I think, were associated with Outlook Express. Did a full system scan. Clear. Used Adaware & Spybot previously, so they are pretty much useless. Here is the HijackThis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:36:10 PM, on 8/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\AVG Anti-Spyware 7.5\guard.exe D:\AVG8\avgwdsvc.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\WINDOWS\sm56hlpr.exe D:\Comodo\cmdagent.exe D:\Mamutu\a2service.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe D:\Comodo\cfp.exe C:\Program Files\GIGABYTE\GEST\gest.exe D:\AVG8\avgtray.exe C:\WINDOWS\system32\svchost.exe D:\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IP.EXE D:\Propel Accelerator\propelac.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Canon\CAL\CALMAIN.exe D:\PieAutoUpdater\PieAutoUpdater.exe C:\WINDOWS\system32\Fast.exe D:\AVG Anti-Spyware 7.5\avgas.exe D:\PieAutoUpdater\pglite.exe D:\MAMUTU\mamutu.exe D:\AVG8\avgrsx.exe C:\WINDOWS\system32\ctfmon.exe D:\Winkey\WinKey.exe D:\GetRight 4.2\getright.exe D:\AVG8\avgemc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Virus Tools\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = us.etrade.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080 O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Comodo\cfp.exe" -s O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG8\avgtray.exe O4 - HKLM\..\Run: [Propel Accelerator] "D:\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [PathNvidiaTV] C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe O4 - HKLM\..\Run: [RemoteControl] D:\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [EPSON Stylus CX5900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB IP.EXE /FU "C:\WINDOWS\TEMP\E_S36.tmp" /EF "HKLM" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Acrobat Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pie Auto Updater] "D:\PieAutoUpdater\PieAutoUpdater.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Mamutu Guard] "D:\MAMUTU\mamutu.exe" /silent O4 - HKLM\..\Run: [TrojanScanner] D:\Virus Tools\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: GetRight Tray Icon.lnk = D:\GetRight 4.2\getright.exe O4 - Global Startup: WinKey.lnk = D:\Winkey\WinKey.exe O8 - Extra context menu item: Allow pop-ups from this site - D:\Propel Accelerator\pac-addwl.html O8 - Extra context menu item: Refresh Pa&ge with Full Quality - D:\Propel Accelerator\pac-page.html O8 - Extra context menu item: Refresh Pi&cture with Full Quality - D:\Propel Accelerator\pac-image.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - prerelease.trendmicro-europe.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{1E8E0440-0B0A-49DF-89B3-D25E6166282C}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7CEF3A65-6342-4063-9A92-103DC635BD93}: NameServer = 203.109.129.67 203.109.129.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E8E0440-0B0A-49DF-89B3-D25E6166282C}: NameServer = 192.168.0.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Ad-Aware\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Comodo\cmdagent.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - D:\Mamutu\a2service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11762 bytes Question: where does the virus hide? In what files? Apps? PS. Windows is up to date & has been for over a week, when I realised that Windows Update was turned off: duh! |
gkar (5215) | ||
| 696425 | 2008-08-11 08:37:00 | Thats why tick these then tick fix checked Close browsers Uninstall Peer Guardian Lite Since youve got trojan remover update it then click scan. Then select all options under utilities R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = us.etrade.com O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Acrobat Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime Alternative\QTSystem\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pie Auto Updater] "D:\PieAutoUpdater\PieAutoUpdater.exe" O4 - Startup: GetRight Tray Icon.lnk = D:\GetRight 4.2\getright.exe |
Speedy Gonzales (78) | ||
| 696426 | 2008-08-11 09:58:00 | Speedy, I'm a little bit confused. Are you saying you want me to check & delete ALL the entries you have in your last post? Can I believe you think that WinMX nad/or Peer guardian Lite is the cause of my Gaelicum.A problems? Thanks for your assistance. I'm signing off for the night, so will check back tomorrow. |
gkar (5215) | ||
| 696427 | 2008-08-11 10:10:00 | Thats right, tick ALL of those entries Thats what comodo is for Then tick fix checked If you dont want to listen, I wont reply again Use trojan remover and select all of the options under utilities, that will remove all of those winmx entries in the hosts file |
Speedy Gonzales (78) | ||
| 696428 | 2008-08-11 10:26:00 | WinMX being a file sharing program, P2P is acting like a magnet for any infections. Most P2P programs allow a back door ( easiest way to explain it) to your PC. Once you have cleaned out the options speedy has advised, and scanned with Trojan remover, download from my sig, Malwarebytes, Super Antispyware, and spyware Terminator - with system restored turned off, update them and run those in full scan mode (will take a while), delete/remove any infections they find. Get Ccleaner while you're at it and clean out the system / temp files. ( when installing dont install the tool bar) You also need to reset your your host file. Trojan remover can do this from memory its under utilities / Reset host file. If a infection has changed it then it can reinfect again. As spartion mention download nod32 or Smart Security (www.eset.com) - those are 30 day trials, and fully functional. Avast is also a good free antivirus. If you get Nod32 please advice and either myself or someone else can tell you how to set it to scan deeper/better than default settings. Edited: Please listen to Speedys suggestion on removing the ones selected - if you dont the system will more than likely reinfect and end up going nowhere. |
wainuitech (129) | ||
| 1 2 | |||||