Home > Need Help > Need Help Removing Ntrootkit-j [moved From XP]

Need Help Removing Ntrootkit-j [moved From XP]

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel An example would be an anti-rootkit boot CD, or a separate repair console such as suggested by combofix. There are all kinds of fakes and pretenders that call their program spybot this and defender that, so don't put on a fake SpyBot, so make sure yours is the real Click the Start menu tab, then Customize. have a peek here

Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Next click on My Computer. Here's the log file: Logfile of HijackThis v1.99.1 Scan saved at 10:55:00 PM, on 6/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\BearShare MediaBar\MediaBar.dll O3 - Toolbar: MSN Search Thanks for all your help so far.

RIght now I don't know what else to tell you but I will start sifting through all the information that you have provided me. would attach this to these submissions but don't know where it is. I ran Malwarebytes in Safe mode and supposedly it picked up two Trojans, however, the machine wasn't much better. Administrative Tools Folder Does Not Appear on the Start Menu After You Install a New Program, [Q291732]. 7.

When the boot selection window appears you're going to want Safe Mode. I examined the inside of the computer and I don't think there was a problem there. IMPORTANT! Look in the Event Viewer>System Log, for any errors with the source DISK/NTFS/CDROM/Atapi....

Flag Permalink This was helpful (0) Collapse - If you're still wondering how to do this... Ran TDSS Killer again. Contents of the 'Scheduled Tasks' folder 2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674989338-2984048177-1604048373-1008Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 11:28] 2011-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674989338-2984048177-1604048373-1008UA.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 11:28] 2011-02-06 c:\windows\Tasks\User_Feed_Synchronization-{A2E2E7AC-9A1B-49D5-A3F1-102C2B27Clicking Here If you are using Daylight Saving time, the displayed time will be exactly one hour earlier.

See the Technical Description section for a list of files that may be affected.Type exit.Press Enter. Sorry, there was a problem flagging this post. These are the popups that seem to relate to SpyBot. How do you prevent these popups?

Might even want to use UBCD to check the drive's integrity with the MFGR's utility..... to stop reinfection get these two tools, spywareguard and spywareblaster from www.javacoolsoftware.com get the hosts file from here. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. Should I scan with Malwarebytes again at this point?

AVG Free is a very popular free AV that also has a SiteAdvisor and linkscanner to prevent know malicious sites, or you can go with Microsoft's free SecurityEssentials. navigate here E: is CDROM (No Media) F: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Am just using the Start Menu, not the Classic.

Your problems could possibly be a failing hard disk as well so it won't hurt to do that. 0 LVL 11 Overall: Level 11 Windows XP 9 System Utilities 2 GoldyChhatwal, Nov 14, 2016, in forum: Virus & Other Malware Removal Replies: 5 Views: 394 eddie5659 Dec 19, 2016 Supposed Trojan virus Orcadian, Oct 28, 2016, in forum: Virus & Other WC 0 Message Active 1 day ago Author Comment by:wchirnside ID: 347808902011-02-02 Also, just so everyone out there knows, I do not pay any attention to the "hoaxes" so I http://tenten10.com/need-help/need-help-removing-loadingwebsite-com.php Those are tracking cookies but not viruses.

Back to top #3 maverick143 maverick143 Topic Starter Members 4 posts OFFLINE Posted 05 July 2006 - 04:01 PM thank u for replyin i dont have an application of that Thank you for helping us maintain CNET's great community. Important: If you are removing an infection from a network, first make sure that all the shares are disabled or set to Read Only.

SO far anytime the programs have found a virus I have "removed" them.

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exeO9 - Extra 'Tools' menuitem: Yahoo! Windows Internal Firewall is enabled. After you put the system files back to previous, that's no guarantee all the infection is gone, you are NOT done. by baybrat / September 30, 2005 5:25 AM PDT In reply to: Can't organize programs on Start Menu Browse to your Programs folder (under start menu) in Windows Explorer.

By default, selecting the Classic Start menu also adds the ''My Documents'', ''My Computer'', ''My Network Places'', and ''Internet Explorer'' icons to the desktop. Contents of the 'Scheduled Tasks' folder 2011-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674989338-2984048177-1604048373-1008Core.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 11:28] 2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2674989338-2984048177-1604048373-1008UA.job - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-26 11:28] 2011-02-06 c:\windows\Tasks\User_Feed_Synchronization-{A2E2E7AC-9A1B-49D5-A3F1-102C2B27this contact form Plus you can also turn on spybot's tea timer for added protection against pests.

Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of Deckard's System Scanner: finished at 2007-07-13 at 20:48:05 --------- 07-13-2007, 12:56 PM #4 Vehan Registered Member Join Date: Jul 2007 Posts: 3 If you were in the middle of something the information you are working on may ........ Haven't had more popups since then but will try this again if another popup shows up. Following is the latest Combofix log.

Select Delete on Reboot then Click on the Single File button. c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll . ((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 ))))))))))))))))))))))))))))))) . 2011-02-07 00:07 . 2011-02-07 00:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HP 2011-02-07 00:07 . 2011-02-07 Save the file and post it here. Then reboot and run Combofix again.

Make a new folder in C:\ and call it Hijack this, and Save hijack this to this folder so that it runs properly and can make back ups. Change to a smaller size. [Q298317].Note: To make additional selections for the Start menu style, click Customize. Do the long test. Click on the View tab and make sure that "Show hidden files and folders" is checked.

Hit the Processes Tab, and see what the CPU usage is at the bottom. My computer is running even better than before the virus got in. Now it does not come on. The only problem I had when fixing the stuff you said to do was I couldn't find these files: C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\8ZNFM85H\WinRep[1].exe C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\V79JZHGW\adopt[1].htm

Please try again now or at a later time. This tool is designed to run on 32-bit and 64-bit computers. Combofix keeps asking me to disable AntiVir and I think I have done this but it keeps asking. Then test the hard disk with the correct manufacturer's util for your hard disk.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll c:\windows\system32\ps2.bat . ((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 ))))))))))))))))))))))))))))))) . 2011-02-06 00:51 . 2011-02-06 00:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM 2011-02-06 00:41 . by pastle / September 26, 2005 1:11 AM PDT In reply to: Try this. . . thisismytear, Jun 15, 2005 #3 khazars Joined: Feb 15, 2004 Messages: 12,302 yes delete it, your thinking of kernel!