Member Panel

Hi,
I've been struggling with this problem for 2 days now and cant get
rid of "filost" problem. I'm assuming that this is a trojan.
I have tried many scans with different packages but none
have been able to get rid of filost pop-up. My internet dialing settings were changed by this problem also.

I have followed previous instructions i found on this forum regarding
scaning with ewido in safe mode. Ewido didnt find any problems.
My Hijackthis scan is shown below.

I would be grateful for any help and advice you have on this

Thanks,
Dave

Logfile of HijackThis v1.99.1
.
.
.

Howdy Dave 88. And Welcome to PCHF hope you enjoy your stay..

could you do us a favor and click Prework in my signature and start there.
And when you post the next hijackthis log can you upload it through the attachment viewer as a .txt

We will have you up in running in no time.
Merlin

Hi Merlin,

Followed your instructions.
Adaware got rid of 5 issues.
Spybot only brought up 2 issues regarding Windows Firewall & Virus scan
not being activated. I took no action on this as I believe these are disabled to allow my McAfee programs to run.
New Hijackthis report attached.

Hope you can help.
Thanks in advance
Dave

Sorry, attached previous ewido report.
Heres the new hijackthis report.

Hya Dave , welcome to PCHF from me to.


Lets clean that up. :smiley:


Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Download Smitrem to your desktop:

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.



Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)


Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply



Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of vbsys2.dll once and then click the kill button.
After you have killed all of the vbsys2.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of vbsys2.dll then click the kill button.

Once you have done that click OK again.



Then fix these with hjt:
(if still present)

Delete the files in bold (if still present) and run Ccleaner again.



Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\system32\vbsys2.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)



After your computer has rebooted please run Hijackthis again and post a new Hijackthis log plus the Smitrem log.

Hi,
I've followed the last set of instructions.
Ran Smitrem. Report attached
Ran Process Explorer but no matches for vbsys.dll
I then ran hjt. I found R3 - URLSearchHook.. & deleted it.
Was not sure whether to delete 02 - BHO: Homepage as it looked a bit different.
I finished with Killbox.
I re booted my machine ran hijackthis (report Attached)
I then went online to access this forum and received another pop up screen.

Please advise what i should do?

Thanks
Dave

You seem to have missed a couple.. lol: :icon_joke


You are supposed to fix all the items i listed with hjt , and then manually delete the two bolded files from youre pc.