Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:21 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal
Please read the entire instructions before commencing and ask any questions you may have before you proceed to follow the instructions. Please also print a copy so that you can read it without connecting to the net.
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
[*]If you are using Firefox, make sure that your download settings are as follows:
[*]Tools->Options->Main tab
[*]Set to "Always ask me where to Save the files".
[*]During the download, rename Combofix to Combo-Fix as follows:
[*]It is important you rename Combofix during the download, but not after.
[*]Please do not rename Combofix to other names, but only to the one indicated.
[*]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts [*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
[*]Double click on combo-Fix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
Task manager disabled.. that's a sign of a win32-p@rite variant..
do a search for h*de.exe.. then boot to dos and navigate to the location.
Delete hide.exe (or it's variant h?de.exe) and all it's subfolders, then things should download and run in a more normal manner. Currently the hidden apache and ftp processes have control of your network connection.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed. Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing. To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 15. September 2008 @ 10:02
