I downloaded some stupid file earlier, and I have killed my computer lol. I have a spyware called websheriff and SSK

here is hijack this log

atached is the log

Attached Files

log.txt (9.4 KB, 5 views)

Hya Atomicski , welcome to PCHF.


First off.. OUCH!! :o You have ALOT more then just those two infections on there.. and i mean ALOT! How would you feel about just formatting youre pc and start fresh? It wouldn't be a bad thing to do at this point.

But incase you do want to clean it up because you cant , dont want , or dont know how to format and install everything again then lets start with downloading delcmdservice.zip:

http://users.telenet.be/marcvn/tools/delcmdservice.zip

Unzip to youre desktop , open the folder and run it by doubleclicking on delreg.bat.


Then please follow the SurfSideKick removal instructions here:

http://forums.majorgeeks.com/showthread.php?t=74266

After that run Smitrem:

Download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.
Please attach this log to your next reply.


Now in normal mode do a Panda online AV scan here:

http://www.pandasoftware.com/products/activescan

And save the log from it , post that later.


Then do the "prework" instructions (see link below in my sig) and save the Ewido and Hijackthis logs.



You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.



When done , please post the Panda log , the Smitrem log , the Ewido log and the latest Hijackthis log.

there are the logs

Attached Files

	Activescan.txt (9.3 KB, 1 views)
	hijackthis.log (7.7 KB, 1 views)
	Scan report_20060331.txt.txt (68.0 KB, 2 views)

Looks alot better already.


Please download and run this tool:

http://www.purityscan.com/ps_uninstaller.exe


Make sure you still have Ccleaner.

Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.



Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.



Click Start>Run and type in: services.msc
Click OK
In the Services window find:
(one by one)

Network Monitor
Windows Overlay Components


Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Open HJT and click config > misc tools > ?delete an NT service?
Copy and past:
(again one by one)

Network Monitor
Windows Overlay Components


Click OK.



Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of senssrv.dll (if present)once and then click the kill button.
After you have killed all of the senssrv.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of senssrv.dll then click the kill button.
Once you have done that click OK again.



Next run HijackThis and place a check beside each of the following:


Now manually search for , and delete these two files:

cjangcq.exe
C:\WINDOWS\system32\OUGHYA~1.DLL


And run Ccleaner again.


Then start Killbox and place a tick next to [x]delete on reboot.
And press the "all files" button. (just above the yellow triangle)

Copy this list into the windows clipboard:


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\smohc.exe
C:\WINDOWS\system32\bfcgvw.exe
C:\WINDOWS\system32\qotkv.exe
C:\WINDOWS\system32\__delete_on_reboot__hmcgmfb.dl l
C:\WINDOWS\system32\__delete_on_reboot__senssrv.dl l
C:\Documents and Settings\Mark\Application Data\Sskcwrd.dll
C:\sk02.exe
C:\Veracruz.exe
C:\WINDOWS\country.exe
C:\WINDOWS\DH.dll
C:\WINDOWS\dh.ini
C:\WINDOWS\keyboard61.dat
C:\WINDOWS\system\svchost.dll
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\WINDOWS\TWFyaw
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\uniq
C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__ibm00002.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\__delete_on_reboot__ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\system32\e6tw76cpw.exe
C:\WINDOWS\system32\qotkv.exe
C:\windows\newname6.exe
C:\WINDOWS\evbyneoA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\slk8x2peu.exe
C:\WINDOWS\system32\tetriz3.exe
C:\WINDOWS\SYSTEM32\senssrv.dll
C:\Program Files\Network Monitor
C:\WINDOWS\evbyneo.exe


Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.
Exit Killbox and restart your PC.


Now in normal mode again , please Download RKFiles.zip
Create a new folder C:\Antispyware\RKFiles
Extract the contents of RKFiles.zip into the new folder you just created.

Next, Create a new Folder on Desktop. Name that Folder QOOLOGIC
Please download Findqoologic into the new Folder, and then unzip it into the new Folder.

Restart to safe mode again. (tap f8 key during bootup)

Open the C:\Antispyware\RKFiles folder
Double click on RKFILES.BAT
Give it time to run. this may take a while.

Save the text file it creates.
It should save by default to C:\Log.txt



Next, open the QOOLOGIC Folder and Locate and double-click the Find-Qoologic.bat file to run it.

Wait until a text file opens, post it in a reply to your thread after youre done.
It'll take a while to run a full scan so please be patient.



Restart into regular Windows mode and post the contents of C:\log.txt , the find-qoologic results , and a new hijackthis log.





Also it seems you have no firewall , to be better protected from things like this you really should have one. Have a look in our download section for some free firewalls.