Member Panel

Oops , sorry. My fault , i didn't read LGW's post good enough. I thought she posted the removal tool for the wareout infection , but i see now that she posted a link for the manuall removal instructions.


It sounds like it morphed and renamed itself , good job on spotting that.

And it is gone , youre hjt log is clean. But the reason i said i didn't think you run the fixwareout removal tool is because there is still an entry in youre Ewido log from wareout. But as i said above , my mistake. To remove that:


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.


Finally, please post the contents of the logfile C:\fixwareout\report.txt
(thats the one i meant , lol)

and I ran it as instructed. But it didn't seem to do anything. There were no prompts; I wasn't asked to reboot... nothing. Fixwareout doesn't show in Add/Remove programs. I downloaded it again and ran it with the same result. I then ran it in Safe Mode... same result.

So I went ahead and ran the edwino in Safe Mode again (man what a long process). Both of those logs are attached. There is no logfile from fixwareout on my PC, because the thing didn't run as you indicated it should run.

It seems that the redirect on websites with long URLs is fixed. Also, the AVG isn't picking up that virus in C:\windows\system32\sphlp32.exe any more. I ran Microsoft Anti-spyware and AVG didn't pick it up this time. I am concerned that the virus was on my PC and that one program indicated it was a "password stealer."

Should I change all of my passwords now? And is my PC clean now?

Im afraid it is still there , do you maybe have a firewall blocking the fixwareout from net acess?

as requested this time after disabling just about everything that was running. Several messages popped up (I think as a function of CounterSpy) when I rebooted. I denied all access to everything.

It could indeed have been an app like counterspy that blocked it , but this time it worked. The wareout has been removed.


And you can just delete the folder on youre C: disk from fixwareout , no need to uninstall it.

Changing passwords might not be a bad idea.


Do you still have any problems?

that I can discern. You guys have been a tremendous help. I cannot thank you enough.

Always glad to help. And good to hear everything runs ok again.



Marked as Fixed , and see you around the forum. :smiley: