Personal site hacked may be infected

View previous topic View next topic Go down

Personal site hacked may be infected

Post by LordZet on Sun Oct 18, 2009 2:38 am

My forum was hacked and someone placed spyware on it and now I believe I'm infected. Laptop's physical memory is at 60%, and it's become real sluggish lately.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:51 PM, on 10/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4367 bytes

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Belahzur on Sun Oct 18, 2009 2:56 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by LordZet on Sun Oct 18, 2009 5:13 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2980
Windows 6.0.6001 Service Pack 1

10/18/2009 12:10:22 PM
mbam-log-2009-10-18 (12-10-22).txt

Scan type: Quick Scan
Objects scanned: 82143
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I just got a bunch ole pops from avira about malware from my temp files while on wikipedia.

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Belahzur on Sun Oct 18, 2009 6:33 pm

Lets go a bit deeper.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by LordZet on Sun Oct 18, 2009 11:49 pm

DDS (Ver_09-10-13.01) - NTFSx86
Run by Palmer at 18:46:07.99 on Sun 10/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1005 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Palmer\Desktop\dds(3).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - [You must be registered and logged in to see this link.]
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\users\palmer\appdata\roaming\mozilla\firefox\profiles\pce2rwvg.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-25 108289]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-9 193840]

=============== Created Last 30 ================

2009-10-14 21:40 3,597,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-14 21:40 3,546,184 a------- c:\windows\system32\ntoskrnl.exe
2009-10-14 21:40 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-14 21:40 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-14 21:39 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-07 18:04 --d----- c:\programdata\AIM
2009-10-07 18:04 --d----- c:\progra~2\AIM
2009-10-07 18:04 --d----- c:\program files\AIM
2009-10-07 18:04 --d----- c:\program files\common files\Software Update Utility
2009-10-07 18:04 --d----- c:\program files\common files\AOL
2009-10-07 18:04 365 a---h--- C:\IPH.PH
2009-09-25 15:25 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-09-25 15:25 --d----- c:\programdata\Avira
2009-09-25 15:25 --d----- c:\program files\Avira
2009-09-25 15:25 --d----- c:\progra~2\Avira
2009-09-25 15:12 --d----- c:\users\palmer\appdata\roaming\Malwarebytes
2009-09-25 15:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 15:12 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-25 15:12 --d----- c:\programdata\Malwarebytes
2009-09-25 15:12 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 15:12 --d----- c:\progra~2\Malwarebytes
2009-09-21 00:18 --d----- c:\programdata\Apple Computer
2009-09-21 00:18 --d----- c:\programdata\Apple
2009-09-20 21:51 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-09-20 21:51 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-20 21:51 270,848 a------- c:\windows\system32\schannel.dll
2009-09-20 21:51 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-20 21:51 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-09-20 21:51 72,704 a------- c:\windows\system32\secur32.dll
2009-09-20 21:51 9,728 a------- c:\windows\system32\lsass.exe

==================== Find3M ====================

2009-10-18 17:12 27,934 a------- c:\programdata\nvModes.dat
2009-10-18 17:12 27,934 a------- c:\progra~2\nvModes.dat
2009-09-10 12:30 213,504 a------- c:\windows\system32\msv1_0.dll
2009-08-30 11:06 56 a---h--- c:\programdata\ezsidmv.dat
2009-08-30 11:06 56 a---h--- c:\progra~2\ezsidmv.dat
2009-08-27 08:32 833,024 a------- c:\windows\system32\wininet.dll
2009-08-27 08:29 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-27 05:58 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-14 11:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 11:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 09:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 09:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 09:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 09:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 09:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 09:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 09:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-03-10 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-03-10 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-09 21:19 86,016 a------- c:\windows\inf\infstor.dat
2009-02-09 19:17 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:47:04.15 ===============

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Belahzur on Mon Oct 19, 2009 12:11 am

Hello.
Log looks okay.

Where is the forum hosted? by you personally or with a free host like formotion/invision free, etc?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by LordZet on Mon Oct 19, 2009 2:13 pm

A free host, invision we were planning on setting up another one but yeah. By hacked i mean we have a board set up and a topic with links to helpful sites for game's, the hacker got into admin control and replaced the links and had them redirect to a site that was infected.

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Dr Jay on Tue Oct 20, 2009 1:23 am

How is your computer running?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by LordZet on Tue Oct 20, 2009 4:10 am

My laptop really slow and sluggish. if I try to play games my laptop will overheat and shut off in a few minutes, the fan seems to be really loud and my laptop is using in between 45-60% of my physical memory at times. (normally 50%)

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Dr Jay on Tue Oct 20, 2009 5:24 am

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



NEXT


Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



NEXT


Please run the [You must be registered and logged in to see this link.]

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction [You must be registered and logged in to see this link.] for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.


==

Please include the CKScanner and F-Secure logs in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by LordZet on Sat Oct 24, 2009 6:16 pm

Oh yeah sorry update:

I'll try and get the virus scan on a later date. I'm at a hospital on my sisters laptop my mother is in the hospital due to colon cancer. So...i'm sorry?

LordZet
Intermediate
Intermediate

Status :
Online
Offline

Posts : 100
Joined : 2009-08-26
OS : XP

View user profile

Back to top Go down

Re: Personal site hacked may be infected

Post by Dr Jay on Sat Oct 24, 2009 9:08 pm

If you need help in the future, please go ahead and post a new topic here in the malware forum, and we will get it back on track.

Right On!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum