Hi friends

i would really appreciate help from you as i have been asked to seek help from this forum.

the operating system is windows xp.

i downloaded pest trap thinking that it will help me clean my computer of suspected virus/adwares/spywares (because it seems to download real slow inspite of a 100 mbps connection). then i found that this pest trap is itself a adware.

Also it seems to throw pop ups occasionally on the screen.

it has this yellow shield at he bottom right of the screen which occasionally asks me to buy software to clear viruses from the system.

please help me with this.

i am attaching the ewido and hijack logs.

i will truly appreicate your help

Attached Files

	Report-Scan-20060703-194828.txt (5.8 KB, 1 views)
	hijackthis.log (8.5 KB, 2 views)

Hi
Before we start working with your log, you are running Hijack This from a temporary location.This needs to have its own folder.Please download HijackThis Self-installer

1. This is the easiest way to install HijackThis to your computer
2. This is a complete installer that installs HijackThis on the computer to C:\Program Files\HijackThis.
3. It makes an entry in the start menu
4. It allows you to have a shortcut on your desktop as well.
5. HijackThis is currently at Version 1.99.1 released on 16.02.2005.
6. It is important that you uninstall any previous versions by using Add/Remove programs in your control panel before installing a newer version.

Also could you please follow the instructions here http://russelltexas.com/malware/teatimer.htm and disable Spybot's TeaTimer else changes may not be saved.
================================================== ======

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually..
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with your next reply and a new HJT log.


We need to cleanup with Ewido in safe mode......
Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

• In Safe Mode,run Ewido.
• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As. This will create a text file.
Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log along with the rapport.txt.

Dear Pancake

Thanks for attending to my problem. I did as u asked. I am attaching the hijackthis, rapport and ewido logs. i will await further instructions

sincerely

thank u

camg

Attached Files

	rapport.txt (1.9 KB, 2 views)
	Report-Scan-20060704-061909.txt (1.7 KB, 2 views)
	hijackthis.log (7.3 KB, 2 views)

Ok,thats it your are all clean.Good to go.



If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..
If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile:
Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Now that you are clean its now is a good time to flush out your restored files.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
How Do I Protect My Computer Against Future Malware Now I'm Clean.
NOTE:You may have already taken some of these steps.
Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system
Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options?.
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.
Some Recommended Protection Programs
Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!
Some available programs are:
Ad-Aware
SpyBot Search & Destroy
Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.
If you do not have a firewall, here is a free one for personal use:
ZoneAlarm
http://www.zonelabs.com/store/conten..._freedownloads
http://www.zonelabs.com/store/conten...g=en&lid=ho_za

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
http://www.spywarewarrior.com/asw-test-guide.htm

Here is a helpful article:
"So how did I get infected in the first place?"

http://www.pchelpforum.com/index.php?page=protect

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Hi Pancake

Thanks a million for helping so much inspite of no personal gains. You relieved me of so much stress. I had a qucik question. i ran spybot and adaware se again on the system after following your instructions and found that:

Adaware says i have 1 new critical object

its called tracking cookie and is an IECache entry and is of category data miner and is classified as cookie: administrator@live265.com

should i be doing something about this (i already checked its box in adaware and quarantined it)

Also Spybot lists the following as problems (says found 39 but shows only 3)

that is:

central24
securityrisks
smithfraud C

and when i run iummunize on it, it says selected items already blocked.


Should I be concerned and is it because of using IE. I also have firefox. Is it safer.

Thanks again Pancake for all your immense help. I am coputer illiterate by ur level and without this forum i would have been stressed crazy

PS I am attaching a file of the adaware logfile; if it helps identify the cookie thing.

Attached Files

adaware.txt (26.5 KB, 2 views)

typo in previous post:


its live365 not live265