Member Panel

I fell for something and opened a certain .exe file, ever since I get popups every 5 minutes. I included a new HJT log, hopefully you can do something with it.

TIA

Hey Ge64,

Let me take a look at your log and see where you are at.


TTFN

LGW

OK Ge64,

Yup, you clicked on something bad. But I think we can get you up and running again.

First, I would like you to run one or two online virus scans, you have a trojan that is not being picked up by your Norton AV. Try one of these




The following is a list of Free online virus scanners. It is a good idea to use more than one as no individual company could possibly be able to keep up with all of the hundreds of viruses released.[*]Housecall by Trend Micro[*]Activescan by Pandasoft[*][ulr=http://www.bitdefender.com/scan8/ie.html]Bitdefender Online Scanner[/url] by Bitdefender[*]Security Check by Semantec[*]Kaspersky File Scanner by Kaspersky[*]RAV Online Virus Scanner by RAV includes a free notification system





Show hidden files and folders:
For 98/2000/ME:

1.double-click the My Computer icon
2.Click on the View menu, click Folder Options
3.Advanced Settings box, under the "Hidden files" folder, click Show all files.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.


Pre-work clean up

Download CCleaner, Install and run it. Make sure that all options are checked including Advanced, click OK to all warnings. Click on the Analyze button, let it run. When it is finished, click on the Run Cleaner button, exit CCleaner.

Download the following and run it,
CWShredder

Download Ewido Security Suite

• Install Ewido Security Suite.
• When installing, under Additional Options uncheck Install background guard and Install scan via context menu
• Launch Ewido, there should be a big "E" icon on your desktop, double-click it.
• The program will prompt you to update click the "OK" button
• The program will now go to the main screen
• You will need to update Ewido to the latest definition files.
• On the left hand side of the main screen click update
• Click on Start
• The update will start and a progress bar will show the updates being installed.*
• After the updates are installed, exit ewido.

Once the updates are installed do the following:

• If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
• Reboot into Safe Mode, restart your computer, tap the F8* key. Use your up arrow key to highlight Safe Mode, then hit enter.

Close all open windows/programs/folders and then run Ewido.* Have nothing else open while ewido performs its scan!

• Click on Scanner , Settings
• Under "How to scan" all boxes should be selected
• Under "Possibly unwanted software" all boxes should be selected
• Under "What to scan" select scan every file
• Click OK, Complete system scan
• Let the program scan the machine
• If ewido finds anything, it will pop up a notification.*

NOTE:* We have been finding some cases of false positives with the new version of Ewido, so you need to step through the fixes one-by-one.* If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged.* In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action.*

DO NOT check "Perform action with all infections."* If you are unsure of an entry, select "none" for the time being.* We will see that in the log when you post it later and let you know if ewido needs to be run again.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.

Click Save report. Save the report to your desktop, exit ewido


Note:

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and run a new scan.


Then run HijackThis choosing the top option to save a log file, save it to your desktop. When you post, please include a description of the problem you are having, and Attach your HijackThis log plus the Ewido log.

Boot in safemode before fixing things with hjt.

And also add these to the fix list:


and delete the files in bold.

:kiss: Thanks for keeping watch over my shoulder Joe, you are the best.

LGW

No prob ofcourse. You are doing a great job.

Only why did you add this:

That entry only showed up in HJTs and thread posts where a hijack had taken place, the regular listing of msdxm.ocx showed up without the @msdxmLC.dll,-1@1043 in all of the searches I did. So I figured if there was a chance it was corrupted, better safe than sorry and that WMP could be reinstalled.

Tj