Re: HijackThis Log Help
- From: Richard K <RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 4 Dec 2007 19:06:01 -0800
Sounds like a plan Larry. I'll update this thread when complete.
"Larry Struckmeyer" wrote:
Richard:.
I would be interested in the time spent in removing this, start to finish,
not even counting the latency in send -> respond.
What do you think? Give us a summary of your experience vs a wipe and
reload?
BTW, this is probably as good a reason as any for images.
In the words of the old auto filter commercial... "pay now or pay (implied
more) later".
--
Larry
"Richard K" <RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F1C5EC83-B429-45C8-A14F-8F32510C4699@xxxxxxxxxxxxxxxx
Thanks for the help Michael. I need to get more well-versed in how to
fight
these things when they come up. I would appreciate it if I can get some
help
on this one since the user is in a crunch. Do you have an email address I
can send the log?
-Richard
"Michael Jenkin [SBS-MVP]" wrote:
Hello Richard,
I spend alot of time reading hijackthis logs and removing malware.
feel free to flick the log along.
It is possibly better suited to another newsgroup so if we get heavily
into this, we can arrange offlist contact.
With these infections I normally use hijackthis to remove items from
autorunning on boot, process explorer to kill them if they are in
memory, I clear all temporary files in the users profile and also
C:\windows\temp, I clear internet explorer cache and then look for very
new weirdly named files in the C:\windows and C:\windows\system32 folder
and rename them so they can't run (But this should only be done by
someone who knows what they are doing). Quite often running "smitrem"
will remove most of these infections.
I have a list of my favirote removal tools here
http://www.mickyj.com/tools.htm
Also some instructions here
http://www.mickyj.com/helpme.htm
you might also consider spybot.
http://www.mickyj.com/spybotsetup.htm
Thanks
Richard K wrote:
OK, I'm running an SBS 2003 Prem setup with 10 xp pro clients. I have
one
client that was just added and they were WAY behind in updating service
packs
and security fixes but they were running the TM CSM 3.6 (server and
clients).
The appears to be some type of spyware/malware/virus that is on this
one xp
client that I cannot get rid of even after updating the client with
security
packs and running TM scans. My next step is to create a HijackThis log
file
but I need help interpreting the results to know what to change. Where
do I
go?
As for this client issue.... there is a pop-up telling them they are
infected with the netsky virus and to download this software, and
flashing
"X" appears in the system tray, new shortcuts are put on the desktop to
the
same software. I googled for anything and someone mentioned a
voipwet.dll
file that I just renamed, rebooted and the problem goes away but I
suspect
there is more there I want to clean up.
Thanks for any help.
-Richard K
--
Michael J. Jenkin MVP - SBS, MCP, Small Business Specialist, Senior
Systems Engineer
Visit http://www.mickyj.com
- References:
- Re: HijackThis Log Help
- From: Michael Jenkin [SBS-MVP]
- Re: HijackThis Log Help
- From: Richard K
- Re: HijackThis Log Help
- From: Larry Struckmeyer
- Re: HijackThis Log Help
- Prev by Date: Re: HijackThis Log Help
- Next by Date: Re: Connecting Mac to SBS
- Previous by thread: Re: HijackThis Log Help
- Next by thread: Re: HijackThis Log Help
- Index(es):
Relevant Pages
|
Loading
