Contact Us

Home > I M Infected > I'm Infected With The SHeur2

I'm Infected With The SHeur2

uStart Page = hxxp://www.google.co.uk/ FF - ProfilePath - c:\documents and settings\Paddy\Application Data\Mozilla\Firefox\Profiles\3d6qk2lk.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} Completion time: 2010-02-19 00:06:45 ComboFix-quarantined-files.txt 2010-02-19 00:06 Pre-Run: 266,227,183,616 bytes free Post-Run: 268,236,492,800 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Click "exit" when done. The update problem remains if I then turn off the Ashampo firewall without a restart. this contact form

Turn on the cable/dsl modem. 6. to help speed up your system. Thanks to rdsok and Anoqoq for patience and help

Go to Select AVG Forums General Information Information AVG ZEN AVG Zen Dashboard Then :- Download and scan with CCleaner (http://www.ccleaner.com/downloadbuilds.asp) CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. view publisher site

IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build. I have uninstalled Ashampoo Firewall and reloaded. My laptop was on at the time my desktop got infected, when i turned it on next time (while my desktop was off) it was sluggish so i system restored it

All the connections it's got going with its botnet hubs makes it also very difficult to do simple things like browsing webpages or connecting to various servers (no bufferspace available). Hopefully the rootrepeal report is complete now. It found and removed 28 infections heh, also while it was running it got a dodgy popup claiming to be a security update, didn't click on it of course and it I've never had problems with viruses before so i assume these 2 are related.

Lunty27-02-10, 01:06Hi, Nope, not found... I first ran Combofix after reading about it, I afterwards realised I shouldn't have done this (In hindsight I have no idea why I thought it was a good idea in GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-26 16:23:01 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Paddy\LOCALS~1\Temp\pwldapob.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74D787E] SSDT https://forums.techguy.org/threads/sheur2-cltv-hiloti-v-infection.904433/ you can at least get back to "now" if it doesn't work.

snemelk.hekko.pl - - my site with a few computer security tips...Silesia - that's where I live!"If I had some duct tape, I could fix that." - MacGyverMy help is free, but Contents of the 'Scheduled Tasks' folder 2010-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:06] . . ------- Supplementary Scan ------- . i'm no expert on IE, i use firefox :) keep an eye on the comp for a while, to make sure there are no further symptoms. Lunty24-02-10, 19:34Hi, Thanks for the quick reply!

Read http://forums.avg.com/ww.avg-free-forum?sec=thread&act=show&id=371, provide all of the information mentioned in that post so that we may help you properly. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" Then select "Cookies" Move any cookies you wish to retain, e.g. scanning hidden files ... After doing all of the above, please run ComboFix:Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingc...to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so

Windoes update should be set to automatic anyway. http://lsthemes.com/i-m-infected/i-m-infected-i-don-t-know-by-what-though.html It does not count as help. In the Applications Tab: • Clean all entries in the Mozilla Firefox Section. • Clean all in the Opera section if you use it. • Clean Sun Java in the Internet I'm running CCleaner now.

bricat01-03-10, 07:57i think it is more a software problem (IE). Edited 1 times. Lunty24-02-10, 23:28Hi, There is no ComboFix2.txt in C: but i did find one in C:\Qoobox, here it is: ComboFix 10-02-18.07 - Paddy 19/02/2010 0:01.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2728 navigate here Ive tried everything.

If so, would a system restore also fix any problems on my main pc? (I admit i haven't tested if system restore still works on it.) Heres my HJT log (before Yes, my password is: Forgot your password? Then :- Download and scan with CCleaner (http://www.ccleaner.com/downloadbuilds.asp) CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.

Please refer to our CNET Forums policies for details.

Subsequent scans with Kaspersky online scanner, Malwarebytes' and AVG have all turned up with nothing and my computer appears to be running ok, perhaps a bit sluggish, but I want to Also, when enabling/disabling a firewall always follow that with a reboot or in some cases your action will not be "active". Completion time: 2010-02-27 14:15:35 ComboFix-quarantined-files.txt 2010-02-27 14:15 ComboFix2.txt 2010-02-24 19:26 Pre-Run: 267,533,660,160 bytes free Post-Run: 267,495,354,368 bytes free - - End Of File - - 8726B09B8FC5348813D4015F1B17A3D5 IE is still refusing to AVG is coming up with nothing, about to run Malwarebytes' Anti malware to see if that finds anything.

I've never had problems with viruses before and the only browsing i was doing at the time was at malware removal forums so i assume these 2 are related. It doesn't even appear in the task manager. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. http://lsthemes.com/i-m-infected/i-m-infected-help.html SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved.

two can cause issues. Other programmes trigger Ashampoo for authorisation of programmes however AVG8 does not trigger Ashampoo Firewall permission box. Sorry to be a pain, thanks in advance! Would it make sense to System Restore to before the first attempt at installing AVG 8 Free then un-install AVG 7.5 free before again downloading a fresh copy of AVG 8

scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\Ati2evxx.dll - - - - - Also, your IP will get blacklisted. Ad-aware, AVG, Malwarebytes and still have this Trojan!Please, I really need to get some help how I can get rid of this Trojan for good.I got this info from AVG:Trojan horse then let us know how the computer is running.

then let us know how the computer is running.