Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - normmork

Pages: [1] 2
1
Analysis and Malware Removal / Re: Q about my HT log
« on: January 08, 2007, 05:53:21 PM »
If this line is correct
015 - Trusted Zone: approx 62 entries

Then I would review my internet browser Trusted Zone entries to see if all the sites listed are one where I want them to have access to my machine with little or no security restrictions

2
To answer one of your questions this line
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Starts
Windows Genuine Advantage Validation Tool

for more info see here
http://support.microsoft.com/?kbid=921914

3
Web News / Re: Grisoft buys Ewido
« on: May 10, 2006, 05:03:50 PM »
The world of anti-spyware solutions and competition just got a little smaller  :blink:

4
LandzDown Lounge / Re: Congratulations Corrine! Microsoft MVP Award 2006
« on: January 07, 2006, 01:54:52 AM »
Just saw this now

CONGRATULATIONS CORRINE!!

5
Analysis and Malware Removal / Re: A Challenge - lots of trojans and more
« on: November 28, 2005, 10:42:08 PM »
We will try toget our Swedish expert to help you

6
If you blocked google using our firewall or Netscape? then you might get that messaege

It looks like you are running Netscape, have you tried in IE

Have you tried typing in that google url into the address bar

Check your HOSTS file and see if there is an entry in Google for it

your HJT log looks OK

7
You may need to be in Safe Mode to find it or use My Computer/Windows Explorer and activate "Show Hidden/System Files" Show Hidden and System files:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339?Open&src=ent&docid=2002092514302348&nsf=ent-urity.nsf&view=docid&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=8.x&osv=&osv_lvl=

Clean out these folders
* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <=This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".
MAy want to use CCleaner
Please follow the instructions below if you wish to remove the offending items

Do NOT connect to the internet for the following
Close all windows
Open HJT and scan
Place checkmark(s) beside the entries below, once all entries have been checked press Fixed Check

R3 - URLSearchHook: (no name) - {BD94F5C9-8BE4-567C-646A-794B315DA2D4} - C:\WINDOWS\Evfgqwbf.dll
N3 -O2 - BHO: (no name) - {E25038DC-4665-B2ED-C007-A8B227BEF977} - C:\WINDOWS\Evfgqwbf.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Search - {E2B05B16-13B2-E690-9DAC-9A9893B10176} - C:\WINDOWS\Evfgqwbf.dll
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - (no file)


Run two of the following programs
Update defintion files before scanning with any programs

Run the scans in Windows Safe Mode or disconnect from the internet

Counterspy
http://www.sunbeltsoftware.com

Spysweeper
http://www.webroot.com/downloads/?WRSID=ca63153ba6cfe8ae94a8c66981b574e5

Microsoft Anti-spyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Ad-aware se
http://www.lavasoft.de/software/adaware/

Ewido
http://www.ewido.net

Reboot
Repost a new HJT log file


8
Your very welcome

Sorry about the slow response I am on a training course in Las Vegas

9
HJT log loooks fine now, thanks for keeping with it  :gwave:

I can't say about the error mesage to ignore it , any scans are faster in Safe Mode

10
you can try AVAST in Safe Mode

Then remove this using HJT
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

reboot
and post a new HJt log

11
Pretty close

Run one more HJT scan and post teh results

12
If files are open soemtimes the A/V programs can't scan them

I don't know about parental control. You need to have an account with full administer privileges, to check this go to WIndows Control Panel|User Accounts| choose the user account|click on the properties button.

Go to My Computer, find these entries and try to delete them
C:\Documents and Settings\Katelyn\Local Settings\Temp\!update.exe
C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\CC_43.inf
C:\Documents and Settings\Mallory\Local Settings\Temp\unpack\inst43.exe
C:\Program Files\oose\nwtd.exe

If windows gives an error message saysing the file is in use. Then you need to try it in Windoas Safe Mode, see here for instructions
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406


13
I want to make sure you ahve nio viruses on your machine

So we have some other sites
Run at least two of the online AV scans:
Update defintion files before scanning with any programs
Panda Active Scan
F-SecureAntivirus scan
BitDefender Free Online Virus Scan
Symantec Security Scan & Virus Detection
RAV AntiVirus Online Virus Scan!
Danish Antivirus scan
McAfee Antivirus scan

14
HI ripley

 AVAST 4 is running, in fact eh fiels that HJT say are missing so it is a bug. SO it can be stopped
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

Counterspy and Ewido can be stopped as well
One other thought is if a firewall is running then she my be stopping the program from contacting the internet

15
Try here
http://housecall60.trendmicro.com/en/start_corp.asp?id=scan
Lets wait until we get the results of the trendmicro scan

Pages: [1] 2