Safe mode not working thanks to Thinkpoint

View previous topic View next topic Go down

Safe mode not working thanks to Thinkpoint

Post by pwsmith on Wed Nov 17, 2010 4:13 pm

All the instructions I have read tell me to use safe mode to fight the Thinkpoint virus. However, the virus has disabled all safe mode options, any safe mode option I pick loops me back to the safe mode list of options. I AM STUCK. Any advice here?

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Safe mode, ThinkPoint cont'd

Post by pwsmith on Wed Nov 17, 2010 4:25 pm

Let me make it clear...when I boot, the machine goes to the safe mode list of options and loops back there no matter which option I choose...I do not have access to a command line, internet, Task Manager, etc.

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Wed Nov 17, 2010 11:48 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu Nov 18, 2010 3:06 pm

I know you like to post a boilerplate answer to all ThinkPoint inquiries. BUT, as my posts made clear things like downloading an exe to my desktop doesn't work when I am stuck on the safe mode options screen!!!!! Please read my posts again.

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri Nov 19, 2010 12:53 am

If you are using Safe Mode, you'll need to use Safe Mode With Networking for internet access.

Please try this while in Safe Mode too.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu Nov 25, 2010 7:46 pm

I used OTLPE Standard REATOGO to scan and here is an excerpt from the OTL.Txt (the full file is too big for this append). I would appreciate any help.

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.80 Gb Total Space | 46.43 Gb Free Space | 64.66% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\ustedpqz.sys -- (ustedpqz)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\peulbcyg.sys -- (peulbcyg)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\ovyenrnk.sys -- (ovyenrnk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\cgkqhjcp.sys -- (cgkqhjcp)
DRV - [2010/11/04 18:32:00 | 000,052,224 | ---- | M] () [Kernel | System] -- C:\WINDOWS\PRAGMAtvpqsbpxpb\PRAGMAd.sys -- (PRAGMAtvpqsbpxpb)
DRV - [2009/06/18 00:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009/03/04 06:27:32 | 000,031,744 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Marcus\Local Settings\Temp\bDMusicb.sys -- (bDMusicb)
DRV - [2008/08/21 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/13 13:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/24 17:28:02 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/10/27 17:36:52 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/10/10 00:35:30 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/10/09 04:51:08 | 000,503,507 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0080Dev.sys -- (V0080Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\antithinkpoint_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mandela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{8FA3D377-EADF-4147-995F-3C5752AAA3DE}: C:\Documents and Settings\Marcus\Local Settings\Application Data\{8FA3D377-EADF-4147-995F-3C5752AAA3DE} [2010/10/22 18:41:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{341C3846-05CC-4624-9A56-31F98E1DF826}: C:\Documents and Settings\Other\Local Settings\Application Data\{341C3846-05CC-4624-9A56-31F98E1DF826} [2010/10/23 10:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5271F506-02F6-488C-9C9C-EE7A11FBD895}: C:\Documents and Settings\Mandela\Local Settings\Application Data\{5271F506-02F6-488C-9C9C-EE7A11FBD895} [2010/10/20 20:11:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C50F3662-0462-40FD-9E17-8D495BB951C3}: C:\Documents and Settings\antithinkpoint\Local Settings\Application Data\{C50F3662-0462-40FD-9E17-8D495BB951C3} [2010/10/24 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}\ [2010/11/04 19:06:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/08/21 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandela_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Marcus_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Other_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE ()
O4 - HKLM..\Run: [Fpakepa] C:\WINDOWS\efasazasazasa.DLL (Ask.com)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
O4 - HKU\.DEFAULT..\Run: [dfrgsnapnt.exe] C:\WINDOWS\Temp\dfrgsnapnt.exe ()
O4 - HKU\.DEFAULT..\Run: [Iqepo] C:\WINDOWS\rfat50.DLL (ArcSoft Inc.)
O4 - HKU\Mandela_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\Marcus_ON_C..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXl/yA\Marcus\LOCALS~1\Temp\757160358.exe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\757160358.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlkc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\cmd.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlmc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\mdm.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlne] C:\DOCUME~1\Marcus\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlo_] C:\DOCUME~1\Marcus\LOCALS~1\Temp\tih74.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlora] C:\DOCUME~1\Marcus\LOCALS~1\Temp\iexplarer.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlotc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\hexdump.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlpe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\csrss.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlppf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\services.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlprc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\install.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlq+] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win32.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqb] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winamp.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\user.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqse] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winlogon.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqvc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\svchost.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqW] C:\DOCUME~1\Marcus\LOCALS~1\Temp\drweb.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlrf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\smss.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlsPc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\nvsvc32.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlud] C:\DOCUME~1\Marcus\LOCALS~1\Temp\system.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\Other_ON_C..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe ()
O4 - HKU\Other_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\Mandela_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\antithinkpoint_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - C:\Documents and Settings\NetworkService\Application Data\hotfix.exe ()
O20 - HKU\Mandela_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marcus_ON_C Winlogon: Shell - (C:\Documents and Settings\Marcus\Application Data\hotfix.exe) - C:\Documents and Settings\Marcus\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {B6BA40C1-A501-59BD-F413-03B03A2C8952} - dfskea98e4iagjiufhg87df87u - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\DESKTOPGB.gif
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 10:56:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 09:18:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IECompatCache
[2010/11/09 08:25:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mandela\IECompatCache
[2010/11/04 19:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Creative
[2010/11/04 19:06:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\SendTo
[2010/11/04 19:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Pictures
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/11/04 19:06:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NetworkService\Recent
[2010/11/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2010/11/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/11/04 18:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAtvpqsbpxpb
[2010/11/04 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/01 19:36:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IECompatCache
[2010/11/01 19:36:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\PrivacIE
[3 C:\Documents and Settings\Mandela\My Documents\*.tmp files -> C:\Documents and Settings\Mandela\My Documents\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri Nov 26, 2010 1:03 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [Fpakepa] C:\WINDOWS\efasazasazasa.DLL (Ask.com)
    O4 - HKU\.DEFAULT..\Run: [dfrgsnapnt.exe] C:\WINDOWS\Temp\dfrgsnapnt.exe ()
    O4 - HKU\.DEFAULT..\Run: [Iqepo] C:\WINDOWS\rfat50.DLL (ArcSoft Inc.)
    O4 - HKU\Marcus_ON_C..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXl/yA\Marcus\LOCALS~1\Temp\757160358.exe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\757160358.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlkc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\cmd.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlmc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\mdm.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlne] C:\DOCUME~1\Marcus\LOCALS~1\Temp\lsass.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlo_] C:\DOCUME~1\Marcus\LOCALS~1\Temp\tih74.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlora] C:\DOCUME~1\Marcus\LOCALS~1\Temp\iexplarer.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlotc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\hexdump.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlpe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\csrss.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlppf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\services.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlprc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\install.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlq+] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win32.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqb] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winamp.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\user.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqse] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winlogon.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqvc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\svchost.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqW] C:\DOCUME~1\Marcus\LOCALS~1\Temp\drweb.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlrf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\smss.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlsPc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\nvsvc32.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlud] C:\DOCUME~1\Marcus\LOCALS~1\Temp\system.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - C:\Documents and Settings\NetworkService\Application Data\hotfix.exe ()
    O20 - HKU\Marcus_ON_C Winlogon: Shell - (C:\Documents and Settings\Marcus\Application Data\hotfix.exe) - C:\Documents and Settings\Marcus\Application Data\hotfix.exe File not found
    O22 - SharedTaskScheduler: {B6BA40C1-A501-59BD-F413-03B03A2C8952} - dfskea98e4iagjiufhg87df87u - Reg Error: Key error. File not found
    [2010/11/04 18:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAtvpqsbpxpb

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Fix log is where?

Post by pwsmith on Sat Nov 27, 2010 7:29 pm

Thanks. I ran the fix in OTLPE. However, NotePad with the fix log did not appear. Where could I find it?

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Sun Nov 28, 2010 12:48 am

Is it on your Desktop? or in C:\ drive?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Tue Nov 30, 2010 1:39 pm

I get to OTLPE via a desktp on CD.

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Wed Dec 01, 2010 12:17 am

Ah well, either way.
Can you boot your system normally now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu Dec 02, 2010 3:07 pm

No, I cannot boot normally. Nothing has changed. I was encouraged when I could get to a desktop via REATOGO-X-PE on CD. However, the log file you were looking for did not popup after running the fix and I do not know the name of the file or where to find it. Suggestions?

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu Dec 02, 2010 3:30 pm

Aha! When I run the fix a msg pops that says to reboot to complete the fix. If I do NOT reboot, the log pops up. Here are the contents:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fpakepa not found.
File C:\WINDOWS\efasazasazasa.DLL not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe not found.
File C:\WINDOWS\Temp\dfrgsnapnt.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Iqepo not found.
File C:\WINDOWS\rfat50.DLL not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry key HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\NetworkService\Application Data\hotfix.exe deleted successfully.
File C:\Documents and Settings\NetworkService\Application Data\hotfix.exe not found.
Registry value HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Marcus\Application Data\hotfix.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B6BA40C1-A501-59BD-F413-03B03A2C8952} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6BA40C1-A501-59BD-F413-03B03A2C8952}\ not found.
Folder C:\WINDOWS\PRAGMAtvpqsbpxpb\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: antithinkpoint
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: Mandela
-> No Temporary Internet Files cache folder defined!

User: Marcus
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

User: Other
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.43.0 log created on 12022010_102406

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu Dec 09, 2010 3:02 pm

Not able to help me?

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri Dec 10, 2010 12:43 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri Dec 10, 2010 6:15 pm

As the Thinkpoint virus left me without access to the internet I have to download to a memory stick on a healthy computer and try to run Combo-Fix.exe from the stick. Both downloads result in a "corrupt file" message when I try to run them off the stick on the infected machine.

pwsmith
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-11-17
OS : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Sat Dec 11, 2010 12:47 am

Hello.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum