01-04-2011, 08:42 AM
Greetings,
In return for this service, I propose to you two conditions:
Thank you.
Genuinely yours,
Quintus
Whilst I am in the process of scrutinizing your complete set of provided logs for any possible infections or problems, I ask for your forbearance. Understand that the process of analysis requires time and careful examination hence the need for a cautious response. Accuracy is of the essence. Once I come across infections, I shall present the finest methods of removal for your convenience.
In return for this service, I propose to you two conditions:
- You are not to create any new threads regarding the similar topic as it will waste another helper's time.
- You are not to install any new software in your system, as it may hinder our process thus making this futile.
- You are not to modify the logs in any way. Failure to do so will instantly deprive you of this service.
- You are to paste each log separately at PasteBin as it is. That is correct, no syntax highlighting, no editing - just the log purely. Post back the links for each log. You shall not hide them under spoiler codes.
- You are to provide the complete set of requested logs.
- You are to keep all your trusted tools that the scanners may detect in a password protected archive. This is to prevent them from being deleted as we've had complaints or refusal to use the scanner for this reason.
- You are to respond to every step I ask you to do using the format provided at the end of my post.
- You agree that I have the right to discontinue the analysis at any time, upon a violation of a single rule.
Thank you.
Genuinely yours,
Quintus
- Optional Pre-Step
With regard to my fourth condition, here are the steps on how to password protect your trusted tools momentarily. Do note that I would advise you to remove all the infections present in your system as I am not certain of the sources of these programs thereby I will not be able to verify whether they are backdoored or not.
You are doing this at your own risk.
- Create a new folder with the name of your choice.
- Gather all of your tools into that folder.
- If you do not have a file compressor, download '7-Zip' and install it.
- After doing so, navigate to the said folder and right-click.
- You are now presented with options.
- Please chose 7-Zip > Add to Archive.
- Under the Archive Name, enter any name you wish.
- Set the Archive Format to 7z.
- Set the Compression Level to Ultra.
- Under Encryption fill in the Password field twice. You can tick Show Password if you desire.
- When everything is done, click OK.
- You are now presented with options.
- Wait for some time. The waiting time is determined by the size of your files.
- 7-Zip will have produced the file for you.
- Now we test the file by Right-click > 7-Zip > Extract Here.
- A prompt asking you for the password should appear.
- Select Cancel as this is for testing purposes only.
- Now delete the other folder, empty your Recycle Bin and proceed with the instructions.
- Create a new folder with the name of your choice.
- Pre-Step
Click 'here' to download Temp File Cleaner by OldTimer. Save it to your Desktop.
- Close any open windows.
- Double-click TFC.exe and select 'Run' when prompted to execute the program. It will close all open programs itself in order to run.
- Click the Start button to begin the cleaning process.
- Please let the program run uninterruptedly.
- Once the cleaning has been done, your computer should automatically reboot. Otherwise, please do so when it does not.
- Close any open windows.
- Prerequisite
If you are having a problem running HijackThis as Administrator, please follow the steps below.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Go to Program Files > Trend Micro > HijackThis.
- Right-click HiJackThis.exe and run it as Administrator.
- Go to My Computer and navigate to your default disc drive (C: is the most common).
- Step 1
Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
- Double-click esetsmartinstaller_enu.exe to execute the program.
- Tick 'YES, I accept the Terms of Use'.
- Click 'Start'.
- If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
- Database download may take some time.
- When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
- Scan for potentially unwanted applications
- Enable Anti-Stealth Technology
- Scan for potentially unwanted applications
- Click 'Start'.
- Wait for the scan to finish.
- Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
- Copy and paste that log as a reply to this topic.
- Double-click esetsmartinstaller_enu.exe to execute the program.
- Step 2
Please set Windows 7 to show both hidden and system files and folders so that you can find specific files to delete.
- Click Start and navigate to Control Panel.
- On Appearance and Personalization > Folder Options > Show hidden files and folders.
- On the View tab, uncheck the following:
- Hide file extensions for known file types
- Hide protected operating system files (Recommended)
- Hide file extensions for known file types
- Click Yes on the warning message.
- Under Hidden files and folders, check Show hidden files, folders, and drives.
- Click Apply to All Folders.
- Click OK.
- Click Start and navigate to Control Panel.
- Step 3
We need to do a quick check.
- Go to 'VirusTotal'.
- Click Choose File.
- Copy and paste the exact file name(s) in bold (if there are more than one file listed, please open multiple tabs):
- C:\Windows\vVX1000.exe
C:\Windows\V0640Mon.exe
- C:\Windows\vVX1000.exe
- Click Send.
- Copy and paste back the link(s) to the result(s) once VirusTotal has finished scanning the file.
- Go to 'VirusTotal'.
- In your next post, please provide the following:
- A Fresh HijackThis (HJT) Log
- Deckard's System Scanner (DDS) Logs
- DDS.txt
- Attach.txt
- DDS.txt
- A Fresh HijackThis (HJT) Log
- ESET Scan Log
- VirusTotal Links
- Format of Response
As part of my service terms, you are to fill this up everytime you respond to your log. Copy and paste the content inside the code box and write directly after the closing tags. Do not add spaces as they are already provided. An exception applies to the numbers, as they are to be written after the # sign.
Step #1: Change the number accordingly.
Problems Encountered: Put N/A if the operation went smoothly.
Link To Requested Logs: Post the links to the logs I have asked you to produce.
Example: (Click to View)
- Code:
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Step #[/b][/color]
[color=#FFD700][b]Problems Encountered:[/b][/color]
[color=#00BFFF][b]Link To Requested Logs:[/b][/color]