Member Panel

Hi Joe,

Both programs that you mentioned I am using ( solat + business plan )

I am attaching you both log files by active scan and spy sweeper for your perusal.

Thanks for all the help

madmal

Hmmm... that doesn't look good... looks like a rootkit..


Or are you "hiding" a bunch of pictures youreself on youre pc?





Download Smitrem to your desktop

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat"
file to start the tool , Follow the prompts on
screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Please attach this log to your next reply


And after youre repley we'll need to go rootkit hunting it seems..

Hi Joe,

I do have a program that is called Lock Folder XP that I hide all my videos and pictures. Would this be the problem??

Should I still continue with what you had recommended and execute Smitren and get the results??


Thanks.

madmal

Yup , still run the smitrem tool and post the log from it please.

And also download KillBox:

http://www.atribune.org/downloads/KillBox.exe


Double click on Killbox.exe and then check the delete on reboot button.
Enter the following filepath and filename into the Full path of file to delete box:

c:\windows\system32\msctl32.dll


Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)


And i think Spysweeper indeed sees Lock Folder XP as a possible rootkit , but that is a false positive then and nothing to worry about.

Hi Joe,

I am just adding the smitfiles text file as per requested anyway for your deliberation.

madmal

Did you also delete that file with killbox?

And delete these files manually please:

C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\secure32.html


Is there still mail being send out?

Hi Joe,

Yes, I have deleted the fill with Kill Box plus deleting manually the files that you told me too. So far I don't see anymore mails being sent out without my consent. I hope my system is clean now.

madmal