Computer in a bad way - need reliable link to hitman pro/free troubleshooting ware
 

Thanks
Can you post some usefull links for me that might help me clean it up
I have AVG on it at the moment thats all!

Steve

What kind of problems you having mate? I work in IT so should be able to help somehow.

Thanks :)
Firefox is taking a long time to load - get server not found for the first few attempts. Once up and running not too bad.
It wont let me run disk defragment.
Got a false IE security message up - banging on about Trojans and trying to get me to lauch an exe.
Generaly got buggy over the past week.

Run AVG
Run Hitmanpro - just the spyware bit i have at the mo

Understand basics ...but not a real techy

Hitmanpro - used to run all sorks of anti spyware etc software one after the other and was pretty good.

Have you any links to good Freeware that I could run - to try and sort it out
What do you think?
Thanks again
Steve





Running XP

Sounds like your PC's riddled with some nasty Virus/Spyware.

Try these out they are all free:

Malwarebytes.org - Very good, free malware/spyware removal tool

AVG Free - Download antivirus and antispyware software for Windows XP and Vista - Excellent, free Virus removal tool

Free Online Virus Scan - BitDefender Online Scanner - Only an online scanner, but excellent at detecting and removing viruses from your PC.

A combination of these 3 should sort your PC out, but if not give me a shout and I could probs post you something out that will help you mate.

My laptop will allow me to download those exe. files you suggested...
BUT will not run them. No error message nothing. You double click on the desk top icon and nothing!
HELP :(

Google posted this up when i visited Bitdefender

Its like it is fighting an anti virus exe.

____________________________________________

Safe Browsing
Diagnostic page for antispyware-pro-scanner.com

What is the current listing status for antispyware-pro-scanner.com?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 7 pages that we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2009-01-18, and the last time that suspicious content was found on this site was on 2009-01-18.

Malicious software includes 2 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.

This site was hosted on 1 network(s) including AS34187 (RENOME).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, antispyware-pro-scanner.com appeared to function as an intermediary for the infection of 1 site(s) including geocities.com/melbagilmore83/.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 24 domain(s), including hojiblancaycordoliva.com/, tsdconfection.com/, huitre-bretagne.com/.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this website, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Centre.


Anyway thanks for your help so far
Steve

Try "CTRL/ALT/DELETE and select task manager" or "START->RUN->TASKMGR"

See if the CPU is 100% busy. Normally, it shouldn't be.

Sounds like a bit of a battle if it won't let you launch new apps.

Part of the problem with some of the malware / viruses around is that once you've booted your machine they're already loaded into memory and able to function or in some cases protect themselves. Ideal means to deal with any issue like that is to be disconnected from all networks (so that it can't re-infect itself) and boot into a clean environment (so that it can't load in the first instance) before attempting to attack it. It does mean you need up-to-date software on a cd or flashdisk to deal with it though since obviously you can't troddle off around the internet to find updates etc.

Give this a go and see how you get on - UBCD for Windows (it's a free bootdisk of utilities, virus scanners, malware scanners etc but if there's utilities you're not sure of, don't play with them lol!) :)


p.s. if your machine doesn't boot from the cd, check your bios settings to ensure that the boot order places the cd drive prior to the hard-drive :)

Get a program called ccleaner - run that to remove all the junk off your system and clean up the registry.

Turn off and restart and then run the malwarebytes anti-malware program - this is very good and will find and remove a lot of Trojans and things that could be causing problems.

Both of these programs are free, and I've found most problems can be cleared up by using them.

Thanks

Tried Start - Run - Task Manager
Didnt work :(

How do check the CPU?

Thanks again
Steve

Thanks guys
Will try now!

Hi
I have PMd GT4 Baz - sending a CD.

I am writing this to you from the local libary.
Can anyone else also be a good samaritain
Has anyone else got a CD they can post to me

PC Doctor has identifed some viruses - after I ran cc cleaner. But I need to purchase it. I dont want to put my credit card details into a heavily infected machine. I can now run AVG again. But other anti software wont run.

So inserting a CD with some good stuff to zap it - would be far safer

I am also now getting random web pages up when I sometimes try to access a specfic site say.... SN.
I had this once before...I think it called something like when your domain address is taken over....I did solve it on that machine (windows2000)

I am currently running XP

Thanks for your help so far all
Steve

Yet another person infected while having AVG installed :(

Get rid of AVG and install something that actually works. Nod32 has a 30 day free trial ESET - Antivirus Software with Spyware and Malware Protection

The best program you can download that will help others help you, if you don't know more than the basics will be..

"Hijack this" > |MG| HijackThis 1.99.1

then...

Close any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Go to Edit>Select All
Then Edit>Copy
Come back to this thread
Do Edit>Paste

All the geeky ones will then be able to tell you the things likely to be causing issues. :D

This is what appeared in the note pad

Logfile of HijackThis v1.99.1
Scan saved at 14:58:13, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Broadband Desktop Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170862853673
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Thanks
Steve

I've just cleaned up one just like this after some donut installed "Antivirus 2009" , it also redirected all google searches ...

The rootkit disables the installing & running of most of the anti malware apps.

SuperAntiSpyware has an alternate installer to get round this

SUPERAntiSpyware.com - Frequently Asked Questions

Once that has run through, install another one - like malwarebytes , and run that through as well.


HTH

Steve

Have you tried running those in SAFE MODE? Sounds like the malware is preventing running, but if you start your computer in safe mode it should run ok.

Enter safe mode by pressing F8 on start up.

Big Thanks
 

Big Big Thanks to you all - the true spirt of SNet :)
PC now seems to be fixed and running OK
Steve

I am expecting a CD tomorrow and will also run that too

Once I could actually get it to run - FYI superantispyware was particularly effective. A

Excellent work there then, whoever helped out..