MUST READ before posting HijackThis Logs!

[Lobos]

Hello everyone

I asked to put this up and got the go ahead. If anyone is interested in becoming a malware ( Spyware, Adware, dialers, Trojans, Viruses, and Browser Hijackers.) fighter
There are a few schools out there that can teach you how to read Hijack this Logs, as well as some of the other fancy tools we use to combat malware.

Tech Support Forums < Im a mod of the academy here but they are all good schools.
SpywareInfo
Tom Coyote

I strongly suggest you learn how to read Hijack this logs before giving advice on what to remove, and how to remove. There are certain infections that can break your Internet connections (NEW.NET being one of them) or even stop your conmputer from running if not removed properly (BubE infection).
These things we will teach you. Now i sound like an ad lol. sorry don't mean to.

Hope to see some of you there.


Jose aka Lobos

[thefultonhow]

Quote:

Originally Posted by Lobos Hello everyone I asked to put this up and got the go ahead. If anyone is interested in becoming a malware ( Spyware, Adware, dialers, Trojans, Viruses, and Browser Hijackers.) fighter There are a few schools out there that can teach you how to read Hijack this Logs, as well as some of the other fancy tools we use to combat malware. Tech Support Forums < Im a mod of the academy here but they are all good schools. SpywareInfo Tom Coyote I strongly suggest you learn how to read Hijack this logs before giving advice on what to remove, and how to remove. There are certain infections that can break your Internet connections (NEW.NET being one of them) or even stop your conmputer from running if not removed properly (BubE infection). These things we will teach you. Now i sound like an ad lol. sorry don't mean to. Hope to see some of you there.

I'm obviously not a mod, but I think this should be posted in a new thread and stickied so that more people see it.

[glc]

I suggested he post it right here, this is the sticky thread talking about HJT log procedures.

- Moderator -

[glc]

Need to add something - you may have to run your tools in safe mode with system restore disabled. It's getting rough out there. As always, please make sure you have the latest versions of the tools with the latest signature updates. You must be prepared to give up and reformat, so if you have a way to back up your important files, do so before starting a cleanup.

[EDB]

Quote:

Originally Posted by Panama Red Steve1 and Lobos, Thank you very much. Those are all going to be bookmarked in a "spyware" folder!

Yes, thank you all! I will also be bookmarking many things from this thread as well!
Lobos- Do these schools you mention charge?

glc- How would I go about disabling system restore, and cutting down on the number of programs running in the background so as to make it easier as you mentioned in one of the above posts?

[glc]

XP: http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
ME: http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
9x and 2K don't have system restore.

98/ME/XP has msconfig, use that to cut down your startups. With 95 and 2K you have to manually edit the registry but msconfig.exe from an XP box will work in 2k, just drop it in c:\winnt.

We are not asking you to cut down on the startups, we are asking you to run HJT immediately after a restart before you MANUALLY open any programs. We need to see what's in your startup because that's a major clue to what infections you have.

You cannot delete a post, you can only edit it for 12 hours.

[Lobos]

LIst to help you keep your computer clean

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.
   
   You can find instructions on how to enable and reenable system restore here:
   
   Managing Windows Millenium System Restore
   
   or
   
   Windows XP System Restore Guide
   
   Renable system restore with instructions from tutorial above
   
   
2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
   1. From within Internet Explorer click on the Tools menu and then click on Options.
   2. Click once on the Security tab
   3. Click once on the Internet icon so it becomes highlighted.
   4. Click once on the Custom Level button.
      
      1. Change the Download signed ActiveX controls to Prompt
         
      2. Change the Download unsigned ActiveX controls to Disable
         
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
         
      4. Change the Installation of desktop items to Prompt
         
      5. Change the Launching programs and files in an IFRAME to Prompt
         
      6. Change the Navigate sub-frames across different domains to Prompt
         
      7. When all these settings have been made, click on the OK button.
         
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
   5. Next press the Apply button and then the OK to exit the Internet Properties page.
3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
   
   See this link for a listing of some online & their stand-alone antivirus programs:
   
   Virus, Spyware, and Malware Protection and Removal Resources
   
   
4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
   
   For a tutorial on Firewalls and a listing of some available ones see the link below:
   
   Understanding and Using Firewalls
   
   
6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
   
   A tutorial on installing & using this product can be found here:
   
   Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
   
   
8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
   
   A tutorial on installing & using this product can be found here:
   
   Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
   
   
9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
   
   A tutorial on installing & using this product can be found here:
   
   Using SpywareBlaster to protect your computer from Spyware and Malware
   
   
10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

[Grampy]

Thanks everybody,
I'll try everything here and see whatt happens

[Punked Out Comp]

Here is my contribution.
Some things I found yesterday, that are great!


http://www.help2go.com/detective.html

http://www.help2go.com/article153.html


And some general security info:
http://www.help2go.com/article217.html

[glc]

I've become very impressed by Ewido antimalware - it's a EXCELLENT scanner and cleaner. They are now offering an online scan. I'd ask everyone to run it before posting a HJT log.

http://www.ewido.net/en/onlinescan/

[rspassey]

Quote:

Originally Posted by glc I've become very impressed by Ewido antimalware - it's a EXCELLENT scanner and cleaner. They are now offering an online scan. I'd ask everyone to run it before posting a HJT log. http://www.ewido.net/en/onlinescan/

I am a big fan of Ewido also. Though its 14 day pro version trial doesn't last long, the scanner is still usable. I highly recomend this for anyway, wether they have a noticible spyware issue or think their PCs are clean - it might just uncover something no other scanner finds.

[ME-GEEKGIRL]

Download and install AVG Anti-Spyware 7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware)
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc

• Press "OK".
• Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
• When you find the guard service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Manual".
• Now click "Apply", then "OK" and close the Services window.

9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:
1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.

• Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
• Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
• Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. You will need the report if you are active in a HJT log and are instructed to post the report, otherwise you will not need to post anything.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so may hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

[glc]

It appears that Trend Micro has bought HijackThis.

http://www.trendsecure.com/portal/en...hijackthis.php

It's still free and they have added quite a bit of documentation. Use it and look over their documentation before posting your logs.

[rollings]

HI members..

I am new here to his forum and friend recommended me this site. Great Site link and information. I came dome here to figure out some of the problem that my computer has been having for long time..

John Smith