Hijack log

Ok got the killbox part

I completed all of the steps in kill box. I suppose you mean click the start menu tab and select run. I did and typed regedit and for a split second a dos box appears and then disappears. How do I navigate to keyhkey_local_machine\software\MyGlobalSearch and so on? sorry if this is frustrating.

 

Well I don't know why a dos box would be popping up because it should be a window such as here, and you will also see the '+' marks I mention in my instructions above:
http://www.techpathways.com/webhelp/RegistryViewer.jpg

Is this what you are seeing?

Also, type regedit, without the quote marks....that just hit me, perhaps you're doing that.

 

Definately not

I am going to my start menu tab and selecting the run icon and typing regedit and the window that you showed in the link is not coming up. Nothing like it. Matter of fact nothing really seems to happen when I do that.

 

Ok well I found regedit throught system search

I actually foound the regedit through system search. The window looked slightly different but I was able to find the paths. I was unable to delete myglobalsearch and need2find. "cannot delete error while deleting ".This folder didn't seem to exist either. hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} I am going to give it another effort, but I won't do anything beyond what you have told me to do. Could I try to rename them? By the way I hear a myserious swishing noise when I navigate that wasn't there before all of this.



Edited.... Upon further search I did find "{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}--delete zxz now" among multiple globalsearch referances and I believe one need2find reference in my temporary internet files. Also I believe there might be some permission issues. I am the hp-administrator but it seems I might not have permission. Try in safe mode?


Edited.... Well tried it again and was able to delete myglobalsearch and need2find. Couldn'nt find hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} however.

Edited....Found them all going to reboot.

 

New Active Scan Log

I ran ATF to clear cookies as much as I could. We are down to 1 from 8 so it's looking good.



Incident Status Location

Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[www48.seeq.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4dxpdsjd.default\cookies.txt[searchportal.information.com/]

 

You're getting to be a pro now!!

Go and get this one:
hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM <<<--delete!!

 

Ok I got the last one

Ok.Got the last one deleted cookies with atf, rebooted and scaned again.
this is the new active scan report.
cookies are edited...

Potentially unwanted tool:application/altnet Not disinfected HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}

This looks like the same one but a lil different. Did I miss something? If I knew that everything the scans picked up were ok to delete I could take care of these things myself and free up your time. Man I can't tell you how much I appriciate you. I have so much invested in this computer. I am a musician and all my songs are on here. Until now I thought the only way to get rid of viruses and such was to format. That always seemed a little primative to me though. Also thanks for spuring me on with the pro comment. Although I would never consider myself a pro at anything I can say that I know a lil about virus protection from TeMerc. When I am sure everything is gone I will refer to your previous post about making a new recovery point. Thanks again brotha

 

Have at it:
HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}<<<--delete

And I'm not so much a pro as much of a good Googler, results from search of that CLSID:
http://www.google.com/search?source...GLD:en&q=582AB125-1403-42FB-9EFB-198690BA1496

But I suppose doing this day in and day out gives me a little bit of an edge of regular folks.

 

Right On!

Well here is the latest scan and I am down from 5 viruses some untold number of spyware and 8 hacker tools to 0 viruses 8 spyware 0 hacker tools. I have to say I have learned a whole lot and actually kinda like disinfecting computers. If I were to want to practice doing this without hurting anyones system what do you think I could do? I really appriciate what you have done... Really. Thanks again. TeMerc is the man!

 

Well glad we are all cleaned up.

Yes doing this is indeed fun, for me the biggest kick is helping others. Playing with the PC and infections is almost as fun. I'm actually just beginning to get into the actual tearing down, kinda of some of these infections to learn how the install\removal process works and how some of the more complicated removal tools work that we use.

And I been at it for over two years!!

If you want to learn more about helping others to remove this stuff and have the time, mind you, this isn't something you can do off and on and stay current, you can join up at a school for learning called Malware University

This kind of thing takes a while to get right and it takes alot of time with tons of reading.

The running of the basic scanners is relatively easy but once you get beyond the basic low level adwares things get really complicated really fast. I won't even mention rootkits because dealing with them requires a special deep knowledge on how every aspect of the OS operates from the instant you hit the power button to when you see the Windows log on screen. And that's just the first few seconds!!

My best advice is to read, read, read....................then read some more. When your eyes are bleeding and sore and about to fall out.....your almost ready to tackle live logs on your own.

Good luck and don't hesitate to drop me a note about any other questions you may have.