📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Highjackthis log

145679

Comments

  • letsbehonest
    letsbehonest Posts: 1,098 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    the email address is not valid
    "Imagination is more Important than knowledge"
  • espresso
    espresso Posts: 16,448 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker
    letsbehonest wrote: »
    the email address is not valid

    It is if you transpose AT to @ and DOT to .

    :rolleyes:
    :doh: Blue text on this forum usually signifies hyperlinks, so click on them!..:wall:
  • Alfonso_Skinarelli
    Alfonso_Skinarelli Posts: 323 Forumite
    Thanks for those results.

    There are far too many infected objects listed to kill them manually so please download and scan with DrWeb CureIT while I ask for a second opinion on something in the meantime.

    Download Dr.Web CureIt to your desktop:
    • Double-click the drweb-cureit.exe file and allow it to run the express scan.
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, select the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow > to the right and the scan will begin.
    • At the first infection, select 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, click the "Select all/select none" toggle button (if available) next to the files found: check.gif
    • Then click the green cup icon right below and select Move incurable as you'll see in next image:
      move.gif
      This will move any infected files to the %userprofile%\DoctorWeb\quarantaine-folder that can't be cured (in case if we need samples).
    • Then, from the main Dr.Web CureIt menu (top left), click File and choose save report list
    • Save the report to your desktop.
    • Close Dr.Web Cureit and Restart your computer to completely remove any stubborn files in reboot.
    • After the restart, post the contents of the Dr.Web log file.
    If the log file is too big to fit in one post, email it to me again please.
  • letsbehonest
    letsbehonest Posts: 1,098 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Memory scan completes and reports the No viruses were found. When I try to run the complete scan I click in the green arrow start, and I get a program error message.
    "setup.exe has generated errors and will be closed by windows you will need to restart the program. An error log has been generated.
    "Imagination is more Important than knowledge"
  • Alfonso_Skinarelli
    Alfonso_Skinarelli Posts: 323 Forumite
    Can you try it in Safe Mode please.
  • letsbehonest
    letsbehonest Posts: 1,098 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    It's the same I'm afraid,
    "Imagination is more Important than knowledge"
  • Alfonso_Skinarelli
    Alfonso_Skinarelli Posts: 323 Forumite
    Ok letsbehonest, we know to have a closer look at some of those files Kaspersky has detected.

    Please go to www.thespykiller.co.uk and upload these files so they can be examined and distribute them to antivirus companies if necessary. Just press New Topic on the right side of the forum, fill in the necessary details and give a link to your post here. Then press the browse button and navigate to & select the files on your computer. If there is more than 1 file then press the more attachments button for each extra file and browse and select etc. When all the files are listed in the windows press Send to upload the files ( do not post HJT logs there as they will not get dealt with).

    The files are:

    C:\WINNT\Help\ciquery.htm
    C:\WINNT\Web\printers\ipp_0003.asp
    C:\Documents and Settings\Administrator\My Documents\My Webs\New Folder\audacity-manual-1.2\toolbar_edit.html


    While I'm awaiting further analysis, please reboot into Safe Mode and delete these files:

    C:\WINNT\system32\config\e448a34cd8dca6bff7ba0b44454d01ab\Iexplore.exe
    C:\WINNT\system32\u0o5g8bi.ini

    I'll get back to you asap.
  • letsbehonest
    letsbehonest Posts: 1,098 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    All done.
    regards.
    brian
    "Imagination is more Important than knowledge"
  • Alfonso_Skinarelli
    Alfonso_Skinarelli Posts: 323 Forumite
    I think you've misunderstood me. We don't need the kaspersky results on text file uploading. We need the actual files. I've posted some examples from the Kaspersky results which I want you to upload. You need to browse to the individual files above and upload each as as attachment.

    You with me?
  • letsbehonest
    letsbehonest Posts: 1,098 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    Hopefully I have got It right this time!
    "Imagination is more Important than knowledge"
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.4K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.8K Spending & Discounts
  • 244.3K Work, Benefits & Business
  • 599.6K Mortgages, Homes & Bills
  • 177.1K Life & Family
  • 257.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture