Can someone please help me find this folder on my computer?HKCU\Software\Microsoft…..?

September 21, 2009

I have a virus on my computer that is mainly located in this Loaction…HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap\EscDomains. I have no idea what HKCU is and where to look for it to manually remove the files attached to this trojan. I do not have the money to pay for software or even worse a PC repair shop so I’d like to manually delete.

Really bad computer virus problem?

August 7, 2009

I thought I’d solved the problem but it turned out I hadn’t. I got a couple of trojan viruses on my computer the other day, even with NOD32 and Malwarebytes’ AntiMalware, Ad-aware, and Spybot Search and Destroy, which I know are all very good. I scanned with Malwarebytes,and it found two trojans. Here’s the log:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I deleted the two trojans, so everything was working again (I wasn’t being redirected to other sites on the internet anymore). However, this morning, the same problem has come back. I’m assuming that there is a rootkit installed somewhere, but nothing can find it. I’ve also scanned with VundoFix and RogueRemover, which didn’t find anything either. I scanned with SmitFraudFix, and the log after that came up with a HUGE list of random websites, and then this (sorry for the long question):

Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] – Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

”'(The list of lots of websites fits in here)”’

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri’s WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) – Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A94E023C-3A73-4B59-B35B-7AB609AC87BD}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

I’ve tried deleting what SmitFraudFix has found, but it doesn’t seem to work. If I do the scan again on SFF straight afterwards, it finds the same things, but doesn’t delete them.

So, what else is there to do? Haven’t I tried everything? Please don’t recommend programs like AVG, Norton, McAffee and Avast because they are not as good as the ones I am using, and are unlikely to find the rootkit if they better antiviruses can’t.

Thanks!

which 1 is my reboot disk or w/e?

July 18, 2009

ye im not good at rebooting so i got these 4 disk when i bought my pc. I think its 1 from these 2, here what they say:

Disk 1: Dell- Device Drivers- ALready installed on your computer use thsi media to reinstall the software..

[then under it says]: For Reinstalling Dell Inspiron 531/531s Desktop Computer Software for Microsoft Windows XP.

DISK 2: Drivers and Utilities- Already installed on your computer.

[also says] DVD for Reinstalling Dell Inspiron 531s Computer software.

Content: Device drivers, Diagnostics and utilities.

Thats what the Disks say, Which 1 is the disk that will reboot[ reformat] my PC like its new.

Also what do i do? i think i restart PC and put disk in while restarting and when the Menu thing comes, press F12 [ My boot menu] and let it read or what?

Thanks

Hola!, I run this Diagnostic Utility v.5 from the Verizon On line Security Suit that I have installed in my?

July 7, 2009

Computer. well, the Diagnostic Utility found the following in the”Conflicting Applications Test”, this test Verifyies if you have any conflicting applications installed on your computer, the test FAILED. they found the following Application Name: Norton Internet Security 2007. the Unistall Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B. I removed Norton Internet Security 2007 a few months ago by using my Add or Remove Programs from the control panel, but I would like to know if I need to get the Uninstall key ”showing above”, to make sure that Norton Internet Security 2007 is completly uninstalled from my sistem because when I check the Security Center it shows that I’m running MULTIPLE Anti-Virus software in my Computer sometimes.

Thanks

Hola PLEASE SOS!, I have installed in my computer the Verizon Internet Security Suit Software, then I?

June 23, 2009

run this Diagnostic Utility v.5 included in the subscribtion the Diagnostic test give me the following results, ''Brief Summary of tests run by the Diagnostic Utility v.5 at 5/21/2008 2:31:20 PM
Verizon Internet Security Suite Version: 6.0.3.28573 Partner ID: 26 Request ID: 11
Windows version: Microsoft Windows XP version 5.1 Service Pack 3 (Build 2600)
These tests verifies if you have any Conflicting aplication Installed on your computer.
Conflicting applications installed on your computer -Failed .
Application Name Uninstall Key
Norton Internet Security 2007 SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B} , P.S. I REMOVED THE Norton I.S. 2007 FROM MY COMPUTER LONG TIME AGO USING THE ADD AND REMOVE PROGRAMS FROM THE CONTROL PANEL, BUT I'M WONDERING IF IT IS ANOTHER WAY THAT I CAN USE TO GET IT COMPLITLY UNINSTALLED FROM MY SISTEM?.

GRACIAS FOR ANY HELP!