Re: HijackThis Log Help

From: "Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com>
Date: Tue, 4 Dec 2007 17:36:51 -0500

Hi Richard:

This could be a long pull. I vacillate between trying to track these down
and a wipe and reload. In many cases it seems to take about the same amount
of time. At least with a nuke and reload of Windows you are "assured" that
the spyware is "killed".

Some have suggested that there is a possibility that the bad stuff can live
on after a format, and I suppose it is possible, but I have no concrete
evidence that this has happened. Commonly, this school of thought suggests
to throw away the drive and start fresh.

I have a pretty strong electro-magnet bulk tape eraser that might get that,
but ?

I would start with Google and auto runs from windows internals.
http://www.microsoft.com/technet/sysinternals/Utilities/AutoRuns.mspx

then, the hijack this center FAQ's

http://www.spywareinfo.com/~merijn/faq.php

--
Larry

"Richard K" <RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B4AD3627-1292-4BBB-B70B-D566C4945403@xxxxxxxxxxxxxxxx

OK, I'm running an SBS 2003 Prem setup with 10 xp pro clients. I have one
client that was just added and they were WAY behind in updating service
packs
and security fixes but they were running the TM CSM 3.6 (server and
clients).
The appears to be some type of spyware/malware/virus that is on this one
xp
client that I cannot get rid of even after updating the client with
security
packs and running TM scans. My next step is to create a HijackThis log
file
but I need help interpreting the results to know what to change. Where do
I
go?

As for this client issue.... there is a pop-up telling them they are
infected with the netsky virus and to download this software, and flashing
"X" appears in the system tray, new shortcuts are put on the desktop to
the
same software. I googled for anything and someone mentioned a voipwet.dll
file that I just renamed, rebooted and the problem goes away but I suspect
there is more there I want to clean up.

Thanks for any help.

-Richard K

Prev by Date: Re: OMA with WM6
Next by Date: Re: Volume Shadow Copy / Volsnap
Previous by thread: Re: Firewall service and remoteaccess service shut down frequently
Next by thread: Re: HijackThis Log Help
Index(es):
- Date
- Thread

Relevant Pages

HTTP in the background in IE
... I exit & reload the main page multiple times, ... "/update.html" requests, ... slow "/update.html" request for each client, and then when a new thread ... requests in parallel -- one for the main window, ...
(comp.lang.javascript)
Re: can IIS disallow page reloads() by code ?
... JS:reloadis script code executed on the client ... So you are looking at client-side configuration. ... "Hernán Castelo" wrote in message ... > Page reload has nothing to do with IIS configuration. ...
(microsoft.public.inetserver.iis)
Re: RWW Desktop connection error...
... The client computer on the lan, ... remote computer that you're getting the error on. ... SBS Add computer wizard, and then http://servername/connectcomputer? ... I recently had to reload a client ...
(microsoft.public.windows.server.sbs)
Re: [PHP] JS prompt -> php
... Ryan A wrote: ... I have a link on a page, when the client clicks that link it should show them a JS prompt and ask for their name ... I want that data to be sent to my php script via AJAX so the page does not reload or anything.... ... I have googled but I see whole ajax classes and what not, I dont know if I am using the correct keywords or what... ...
(php.general)
Re: Classic alert
... can find it by searching under "Ransie" at the normal BT sites that carry ... raws and non-English dubs/subs. ... I'm not totally certain what is on the various "packs" because the notes ... which my BT client can't handle. ...
(rec.arts.anime.misc)