Member Panel

Hi,

My Dad's been having problems with his work computer. IE had frozen when the favourites window was opened, and would not do anything even when restarted. I went down and had a look at it, ran Ad-Aware which detected quite a bit of stuff and seemed to fix the problem (i.e. un-freeze IE). As soon as I left however, the problem started again when the favourites window was opened.
Apparently there are a couple of new favourites which have been added without my Dad's knowledge, which may be causing a problem for one reason or another. Is there any way to delete these without opening IE?
I also thought there might still be a spyware/trojan problem, so ran HijackThis and e-mailed the log back to myself:



Anything there I should be getting rid of? Unfortunately there might be quite a bit of bad stuff on there as I was having trouble configuring Zone Alarm properly with the network. I installed it after there was trouble with the computer system before, but my Dad's an insurance broker and rates are automatically downloaded every morning to his computer and the firewall was blocking it, and blocking them from being sent to the other computers. I will have another go at it once I've got this IE problem fixed. By the way this problem is only happening with the one computer.

Any help much appreciated.

Hya JDG , welcome to PCHF.

Let's have a look at whats going on there.




Before fixing things with HijackThis Please Do the Following:



Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner


Then boot in safemode (hit f8 when booting up) and fix these with hijackthis:

Delete the folders in bold and run Ccleaner.


And do you know what these are from?

C:\Misys\Mfsvdu.exe
O4 - Startup: Rapid.LNK = C:\qaddress\Rapid32.315\qarapidn.exe
O4 - Global Startup: PC RateLink Server.lnk = C:\Misys\PCRATELINK\pcratelink.exe

If not , then please upload the files in bold (one by one) to this site:

http://www.virustotal.com/flash/index_en.html

For an online scan and report back the results.


I would also recommend to update windows , but its better to wait with that untill youre clean.

Also please post a new hjt log.

Yeah, those are all safe programs.
I should be able to get down to the office tomorrow, so I'll give all that stuff a go and report back. Thanks a lot.
I will also look into updating Windows. I'm sure SP2 was downloading (I've certainly got it on most of the others on the network) but I'll look into that. Hadn't noticed to be honest.

Forgot to add , to delete favorites without opening I.E. , go to:

C:\Documents and Settings\Administrator\Favorites

and then you can remove them there. Replace "Administrator" with the apropriate user name.

Right, seems to have fixed things. For now anyway...
New HJT file:

Looks clean to me.


Do you still have any problems?