RetouchPRO

Go Back   RetouchPRO > Tools > Hardware
Register Blogs FAQ Site Nav Search Today's Posts Mark Forums Read


Hardware Computers, displays, tablets, scanners, cameras, printers, etc.

Virus , Posting for Help and Direction

Reply
 
Thread Tools
  #71  
Old 11-22-2005, 08:20 PM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Elle.

Sorry. It’s probably my fault. I had a question that I thought was related so I posted it in Neb’s thread

Maybe I should have started a new thread.

Sorry Neb.


Gary.
I have just been banned from malwareremoval.com ‘cos I didn’t put the code in capitals. What do I do now?

Ken
Reply With Quote top
  #72  
Old 11-23-2005, 02:28 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Don't really know Ken, it's a while since I joined, so I don't really remember what I did to subscribe, I guess from your post that you had to enter a security code.

Send me a PM with details of what you tried to enter, and I'll PM one of the administrators at MRU, and ask how to get round this problem.

Alternatively, try subscribing with a different name and a hotmail address.

I know that many use disposable e-mail addresses, and it doesn't seem to prevent them from joining.

Hi Elle,

Firstly my apologies to Neb, for hi-jacking her thread. But Ken's friend has a real and present threat to his computer, and it's important that he deal with it as soon as possible, as this particular infection has a habit of inviting more friends to the party once it's got a foothold.

More than happy to move to a new post, if this is causing problems to anyone.

And Elle, it's important that you keep your defences updated, and that you scan regularly. I find once a week is quite adequate, and can usually be fitted in quite easily while you have a cuppa. It's a whole lot easier to keep it off, than it is to remove it once it gets a foothold.

Keep safe,

Gary

Last edited by Gary Richardson; 11-23-2005 at 02:45 AM.
Reply With Quote top
  #73  
Old 11-29-2005, 05:00 AM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Update.

Gary I have now been back to my friends PC. I ran the fixes as you suggested. When I had finished Norton popped up asking

Sysin.exe is attempting to connect to a DNS server
Msjz32.exe is attempting to connect to a DNS server

I blocked them both.

I still don’t think he is clean as the About Blank page is still a Search page.

I have attached all three logs.


Ken

Last edited by Cameraken; 12-01-2005 at 03:44 PM. Reason: Logs Deleted
Reply With Quote top
  #74  
Old 11-29-2005, 10:14 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Ken,

At first glance, a great deal of the major infection seems to have been removed.

Will take me a while to go through your logs, will get back to you on this, but things look better.

Gary

PS. Just need to ask you. Did you disconnect from the Internet for the duration of the fix. It's essential that you totally disconnect from the Internet (remove telephone lead), and close Internet Explorer and Outlook Express, or fix will fail.

Will get back to ypu with update on what to do next.

Last edited by Gary Richardson; 11-29-2005 at 10:56 AM.
Reply With Quote top
  #75  
Old 11-29-2005, 02:12 PM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Gary.

His Internet comes via a LAN card. I disconnected the cable.

I think I did everything correctly, except I forgot to update Ewido.

Thanks for your help.

Ken
Reply With Quote top
  #76  
Old 11-30-2005, 02:11 AM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Ken,

OK, looks like we've pretty much got a total re-infection here. Probable reason is the time delay between posting the HJT log, and instigating the fix.

As I said earlier, this baby likes to update and morph itself, so the version I gave the fix for wasn't totally the version that was on the computer when the fix was applied.

There was obviously a "guard" file on there that we didn't remove, and that's what's re-installing the infection.

As long as your friend's computer is connected to the Internet, we're going to have this problem. He must disconnect from it, and keep disconnected until we get this removed.

The HJT log I've now got is not really of any use, as his machine has been connected since our removal attempts, and will almost certainly have morphed again.

I need him to disconnect his connection, then provide a new HJT log. If he's not connected it will not be able to update, and we should be able to get rid of it.

It would be helpful if you could post the next log at http://spywarewarrior.com/index.php

I am a helper there, online name Gary R, so if you post the log in the HJT forum, then PM me to let me know (include a link to the log), I'll be able to see to it.

There's a few reasons for this. One, the forum is set up to deal with large posts, and you can post the logs without having to post as attachments, and two, the most important, I can reference it to some of the more experienced helpers, in case it continues to be difficult, or in case it's a new variety. Lastly Retouch Pro is a reouching forum, and I feel kind of guilty using up Doug's bandwidth on a non-retouching topic.

Good luck, and look forward to seeing your post at SWW.

Gary


PS. Sorry I'm a bit late coming back, got called out to see to my mother-in-law's plumbing last night. She got a burst pipe with the cold weather, and I had to replace it, and fit the lagging that they should have had in the first place.
Reply With Quote top
  #77  
Old 12-01-2005, 01:19 PM
Cameraken's Avatar
Cameraken Cameraken is offline
Senior Member
 
Join Date: Feb 2005
Location: Lancashire (UK)
Posts: 1,158
Gary.

I have told my friend that I cannot help him unless I bring his PC home. That way I’ll be able to keep his PC disconnected and still use mine to post the log files.
If he agrees I will PM you and post them at SpyWarrior.

I will delete the logs I have posted as they are of no use.

Thanks Again for all your help.

Ken
Reply With Quote top
  #78  
Old 12-01-2005, 03:34 PM
Gary Richardson's Avatar
Gary Richardson Gary Richardson is offline
Senior Member
 
Join Date: Mar 2004
Location: Yorkshire, England
Posts: 2,717
Hi Ken,

You're welcome. Look forward to your post at SWW,

Gary
Reply With Quote top
Reply

  RetouchPRO > Tools > Hardware


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -6. The time now is 08:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Copyright © 2016 Doug Nelson. All Rights Reserved