You did not state your problem as specified here:
http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=32236 so I can only guess. You also have made some changes in your Startup via MSCONFIG. Can you tell me what you have disabled and why? If it was because you suspected an infection, don't enable it again. We can deal with that later.
Let's start by doing this:
Please disable
SpySweeper so it does not interfere with our fix.
To disable SpySweeper:
Open it; click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
[After your system is fully cleaned reenable Spysweeper using the same steps but this time reverse them.]
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of
C:\vundofix.txt and a new
HiJackThis log.
Thank you Bugbatter. My apologies for not describing my problem. I followed the instructions of a website when I installed HijackThis and it gave me the impression that the log file itself defined the problem so again, sorry. As for the problem I was having, it's one you've likely heard before about the redirecter. After accessing a site with a dead link the redirecter continually sent me to a Google/Dell site indicating the site was unavailable. Just an advertisement from the site was unavailable, not the entire site but alas I was still redirected. After running the HijackThis executable, I found a BHO , or redirecter, and removed it. This solved my problem. Sorry to take your time, I was just becoming so frustrated that I couldn't remove this per the instructions (add remove programs and remove Google AFE, AE or Browser Redirect) that I resorted to the forum where you found my post. Thank you for your offer of assistance and timely response but I think I'm okay now unless you saw something you didn't like in my log file. Although I find it very disturbing that there are so many people out there writing destructive or intrusive files for seemingly no other reason than to "just do it", it's nice to see there are several people out there on which I can rely for assistance. Thanks again Bugbatter.
The infection that you have a remnant of keeps backups. I'm not sure that all the files were completely cleaned.
If you encounter the same problem in the future, run VundoFix per instructions above, that should help.
For now, please disable
SpySweeper per instructions above so it does not interfere with HJT. Enable it after you have rebooted.
Please launch
HijackThis and place a check next to the following:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing) Close all windows except HijackThis and click "Fix Checked".
Reboot.
Your outdated
Java is what made you susceptible to that particular infection.
Please follow these steps to remove older version Java components:
1. Close any open programs you may have running, especially your web
browser
2. Click Start > Control Panel
* Depending on your OS or configuration, you may have to click Start
>Settings > Control Panel
3. Open Add or Remove Programs
* If you have Windows 98 or Windows 2000, open Add/Remove
Programs
4. Click once on any item listing Java Runtime Environment in the name
* Not every version of Java will begin with "Java" so be sure to read
each entry in the list
5. Click the Remove or Change/Remove button
6. Follow steps 4 and 5 as many times as necessary to remove all
versions of Java. ** If at any time during the uninstallations, you are asked to reboot, do so. Then return to Add/Remove and continue removing any other versions of Java until all components of Java have been removed.
7. Delete the Java folder in Program Files.
8. Proceed with reinstalling Java. You will need to use Internet Explorer for this.
Go to
http://www.java.com/en/download/manual.jsp and click the link to download the
Windows (Offline Installation) package: Save it, do
not run it.
When the download is complete, close the browser and install it.
Download and scan with
CCleaner: http://www.ccleaner.com/downloadbuilds.asp ** Select to download the
BASIC version.
1. Before first use,
select Options > Advanced and UNCHECK "
Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the "
Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click "
OK" and it will scan and clean your system.
6. Click "
exit" when done.
REBOOT.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps: 1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed ewido, it is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the
Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
http://www.spywarewarrior.com/asw-test-guide.htm
8. If you have not already done so, you might want to install
CCleaner and run it in each user's profile:
http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbr.
Bugbatter
3 Apprentice
•
20.5K Posts
0
June 2nd, 2006 00:00
You did not state your problem as specified here: http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=32236
so I can only guess. You also have made some changes in your Startup via MSCONFIG. Can you tell me what you have disabled and why? If it was because you suspected an infection, don't enable it again. We can deal with that later.
Let's start by doing this:
Please disable SpySweeper so it does not interfere with our fix.
To disable SpySweeper:
Open it; click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
[After your system is fully cleaned reenable Spysweeper using the same steps but this time reverse them.]
Please download Atribune's VundoFix.exe from here:
http://www.atribune.org/ccount/click.php?id=4
Please download VundoFix.exe to your desktop.
* Double-click VundoFix.exe to run it.
* Put a check next to Run VundoFix as a task.
* You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will shutdown your computer, click OK.
* Turn your computer back on.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.
ottylouise
2 Posts
0
June 2nd, 2006 18:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
June 2nd, 2006 18:00
If you encounter the same problem in the future, run VundoFix per instructions above, that should help.
For now, please disable SpySweeper per instructions above so it does not interfere with HJT. Enable it after you have rebooted.
Please launch HijackThis and place a check next to the following:
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O20 - Winlogon Notify: ssttq - C:\WINDOWS\system32\ssttq.dll (file missing)
Close all windows except HijackThis and click "Fix Checked".
Reboot.
Your outdated Java is what made you susceptible to that particular infection.
Please follow these steps to remove older version Java components:
1. Close any open programs you may have running, especially your web
browser
2. Click Start > Control Panel
* Depending on your OS or configuration, you may have to click Start
>Settings > Control Panel
3. Open Add or Remove Programs
* If you have Windows 98 or Windows 2000, open Add/Remove
Programs
4. Click once on any item listing Java Runtime Environment in the name
* Not every version of Java will begin with "Java" so be sure to read
each entry in the list
5. Click the Remove or Change/Remove button
6. Follow steps 4 and 5 as many times as necessary to remove all
versions of Java. ** If at any time during the uninstallations, you are asked to reboot, do so. Then return to Add/Remove and continue removing any other versions of Java until all components of Java have been removed.
7. Delete the Java folder in Program Files.
8. Proceed with reinstalling Java. You will need to use Internet Explorer for this.
Go to http://www.java.com/en/download/manual.jsp and click the link to download the Windows (Offline Installation) package: Save it, do not run it.
When the download is complete, close the browser and install it.
Download and scan with CCleaner:
http://www.ccleaner.com/downloadbuilds.asp
** Select to download the BASIC version.
1. Before first use, select Options > Advanced and UNCHECK
" Only delete files in Windows Temp folder older than 48 hours"
2. Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies (if you want to keep those).
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all except cookies (if you want to keep those) in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
3. Click the " Run Cleaner" button.
4. A pop up box will appear advising this process will permanently delete files from your system.
5. Click " OK" and it will scan and clean your system.
6. Click " exit" when done.
REBOOT.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.
4. Keep your antivirus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/home.jsp
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html
5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. Ad-aware: http://www.lavasoft.de/software/adaware/
b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed ewido, it is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm
8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbr.
9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 7.08. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html
10. Here are so me helpful articles:
"So how did I get infected in the first place?"
http://computercops.biz/postlite7736-.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!