Welcome. Thank you for using Dell Community Forums.
It appears that you have quite a collection of malware. Have you been keeping your anti-virus updated, and are you using Norton or McAfee for virus protection? I see both on there.
I am reviewing your log.
In the meantime, you can help me by doing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.
** We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.
Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.
The pop-ups may be bothersome and need to be taken care of, but more importantly, your lock1.exe is a backdoor trojan with a rootkit.
O4 - HKLM\..\Run: [strtas] lock1.exe
Basically, your system has been compromised. That one has been around for a while, so I do not know how long you have had it.
This allows hackers to remotely control your computer, steal critical
system information and
Download and Execute files.
You are strongly advised to do the following immediately.
Disconnect the infected computer from the Internet and from any networked computers until the computer can be cleaned.
Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
Depending on a few things, such as if you always had a firewall, or if you are using a router with Hardware firewall, etc., the chances the backdoor was used will be reduced. However, if the firewall was installed after the attack, chances are that they did use it.
I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.
I will leave that decision up to you.
If you do decide to format/re-install and need some help, let me know.
Here are some informative links to use to help you make a decision:
However, if you do not have the resources to reformat your computer and reinstall your operating system and programs and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
Thank You Sir-
answers to your note
Removed Norton 2/25/08
New McAfee 2/25/08 Full system scan run 2/25/08
Never posted on other forum
No cracked software
No P2P
Computer is now owned by me
Never used Hijack this
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 26th, 2008 14:00
Welcome. Thank you for using Dell Community Forums.
It appears that you have quite a collection of malware. Have you been keeping your anti-virus updated, and are you using Norton or McAfee for virus protection? I see both on there.
I am reviewing your log.
In the meantime, you can help me by doing the following:
* Have you have posted this issue on another forum? If so, please provide a link to the topic.
* If you are using any cracked software, please remove it.
Definition of cracked software:
http://en.wikipedia.org/wiki/Software_cracking
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.
The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.
** We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.
Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.
* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.
I look forward to your reply.
Bugbatter
3 Apprentice
•
20.5K Posts
0
February 26th, 2008 16:00
O4 - HKLM\..\Run: [strtas] lock1.exe
Info here:
http://www.sophos.com/virusinfo/analyses/w32sdbotadq.html
Basically, your system has been compromised. That one has been around for a while, so I do not know how long you have had it.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.
You are strongly advised to do the following immediately.
Depending on a few things, such as if you always had a firewall, or if you are using a router with Hardware firewall, etc., the chances the backdoor was used will be reduced. However, if the firewall was installed after the attack, chances are that they did use it.
I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.
I will leave that decision up to you.
If you do decide to format/re-install and need some help, let me know.
Here are some informative links to use to help you make a decision:
Danger: Remote Access Trojans
Consumers � Identity Theft
When should I re-format? How should I reinstall?
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Rootkits: The Obscure Hacker Attack
Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
Microsoft Says Recovery from Malware Becoming Impossible
However, if you do not have the resources to reformat your computer and reinstall your operating system and programs and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
fjohnsto
1 Rookie
•
3 Posts
0
February 26th, 2008 16:00
answers to your note
Removed Norton 2/25/08
New McAfee 2/25/08 Full system scan run 2/25/08
Never posted on other forum
No cracked software
No P2P
Computer is now owned by me
Never used Hijack this
Looking forward to further assistance
fjohnsto
1 Rookie
•
3 Posts
0
February 26th, 2008 17:00