|
| |||||||
 |
 |
| | Thread Tools |
|
#21
20th Oct 2008, 21:50
| |||
| |||
| Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there) O2 - BHO: (no name) - {D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE} - c:\windows\system32\digestp.dll O20 - Winlogon Notify: paubftzz - C:\WINDOWS\SYSTEM32\digestp.dll Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download OTMoveIt2 by OldTimer and save it to your Desktop. Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator. 1. Double-click OTMoveIt2.exe to run it. 2. Copy the lines in the codebox below. Code: [kill explorer]
C:\WINDOWS\LMI42.tmp
C:\WINDOWS\SYSTEM32\digestp.dll
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\paubftzz
EmptyTemp
[start explorer]
4. Click the red Moveit! button. 5. Copy everything in the Results window (under the green bar) and paste it in your next reply. 6. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway. ---------- After posting the OTMoveIt2 log. Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
 Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________  |
|
#22
3rd Nov 2008, 10:34
| |||
| |||
| I was sick and I am hopeful to resolve this problem today if you can. When I ran the OTMoveIt2 by Old Timer I executed and received the dialog box with the following "The application or dll c:\windows\system32\rakxhfy.dll is not a valid widnows image. Please check this against the installation diskette." Then I copied the right plain as the log file pasted below Explorer killed successfully C:\WINDOWS\LMI42.tmp moved successfully. LoadLibrary failed for C:\WINDOWS\SYSTEM32\digestp.dll C:\WINDOWS\SYSTEM32\digestp.dll NOT unregistered. File move failed. C:\WINDOWS\SYSTEM32\digestp.dll scheduled to be moved on reboot. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE}\\ not found. < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\paubftzz > Unable to delete registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\paubftzz\\ . < EmptyTemp > File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFBA5D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\JET8ED2.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 11032008_122254 I am now going to reboot and run Kasper virus program |
|
#23
3rd Nov 2008, 13:09
| |||
| |||
| Kaspersky Antivirus had no threats. I have CROSSLOOP and it said there are 2 non virus files for Crossloop. Crossloop is a free remote management proagram. Waiting for next instructions. Thanks |
|
#24
3rd Nov 2008, 13:27
| |||
| |||
| Sounds good. CrossLoop works in a way that some antivirus will see as suspicious so no big deal. 1. Double click OTMoveIt3.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
---------- Disable the System Restore Utility to prevent re-infection from an old one 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Put a check mark next to Turn off System Restore on All Drives 4) Click the OK button. 5) You will be prompted to restart the computer. Click the Yes button. Now re-enable System Restore To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'. 1) Right click the My Computer icon on the Desktop and click on Properties. 2) Click on the System Restore tab. 3) Remove the check mark next to Turn off System Restore on All Drives 4) Click the OK button. ---------- Use the Secunia Software Inspector to check for out of date software. Out of date software has security vulnerabilities that malware can exploit.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I would suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________ |
|
#25
3rd Nov 2008, 18:07
| |||
| |||
| OK - I ma going to leave and be at the computer in over an hour. I will run what you said but where do I find the OTMoveIt3.exe program? There is no link to Bleepingcomputer.com. Are we close to solving the VUNDOH after all these steps are followed? Thanks James ON my way please watch for me with results. I have to go back to work tomorrow and would like to resolve tonight. Again thanks |
|
#26
3rd Nov 2008, 18:10
| |||
| |||
| Those are the final steps. Run this in place of OTMoveIt3. Download OTCleanIt.exe and save it to your Desktop.
__________________ |
