2 issues: tt1.tmp.vbs missing / "Spyware detected" desktop

The malwarebytes is promting me to restart,But I have the Hijackthis still up.I guess I need to wait before I restart?

 

Stop HJT and restart..

 

I got my desktop and screensaver settings back.Woo hooo.What do I need to do now 2oldGeek?

 

@ Zoneblitz,


1.) Fix entries using HiJackThis

Launch HiJackThis
Click the Do a system scan only button
Put a check next to the entries listed below (if they still remain)

O4 - HKLM\..\Run: [octblido] %systemroot%\octblido.exe

IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis


2.) Delete Files on Reboot

Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot.
Navigate to each file (in RED) and click on it once, and then click on the Open button.

O4 - HKLM\..\Run: [octblido] C:\windows\system32\octblido.exe

You will now be asked if you would like to reboot your computer to delete the file.
Click on the Yes button if you are finished, otherwise click on the No button to continue entering files.


after the reboot,
Post me a fresh HijackThis Log…………….


2OG

 

Did the Hijackthis scan again and it looks like I have 2 of those HKLM,one is a kernelfaultcheck and the other is a octblido.Want me to check both of them?

 

NO, the other one is a good line...

 

For some reason the word pad is not coming up to let me copy it like it did the 1st time.How do I get that up?

 

Nevermind I figured it out.I wasnt clicking the "Do a system scan and save a log file" Sorry about that

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:50 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [octblido] %systemroot%\octblido.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 3059 bytes

 

@ Zoneblitz,

You can find it here:

C:\Program Files\Trend Micro\HijackThis\HijackThis.log

just double click on it to open.

 

I finally figured it out.Its above your post.Let me know.

 

I'm quite capable of figuring out where the posts are. Been doing this a long time.

Did you delete that line??? It's still there. Delete it again and if it comes back, you may have a rootkit that's putting it back.

let me know.

 

ok I make it to the window that opens that reads "Enter File to delete on reboot"

What do I do here?

All I see in the box are
Backups(when I open this one theres alot of stuff but I dont see anything in red)
Hijackthis(this is the saved word pad document from this scan)
Hijackthis(this is to run hijackthis)

 

I’m really sorry, Zoneblitz, but I don’t have the time to give Basic Computer Literacy Classes.

I’m not getting paid for this so my only suggestion is to get an older brother/sister that understands the basics of a computer to help you.

When the 04 line is gone and the file associated with it has been deleted, you will be clean..

Have a nice day,
2OG

 

Let me make sure im going to the right place.When I double click HiJackThis from my desktop do I click the one that reads " None of the above just start the program"??You never said in your post so I was just guessing.Sorry for any inconvience ive caused you.

 

When all else fails, try reading the instructions.

When you get it, let me know..

 

I cant figure it out.Been trying an hour now.

I type this O4 - HKLM\..\Run: [octblido] C:\windows\system32\octblido.exe but it says not found.Myabe I cant find it because we deleted it already?

Oh well thanks for your help.I really do appreciate it.

 

Have a few more simple questions for you since you are very knowlegable.

1.Is the Bluejoke considered a virus?

2.I pay money to mcafee every year for a antivirus program.Does having a antivirus really worth it?What really made me angry is i called them when I got this and they wanted to charge money to remove this.Mine expires in 2 months.Should I renew?

3.After I got this I sent some people pictures via email.Is there any chance I might have gave them this bluejoke too?Just curious.

Thanks in advance!!

 

I am really busy right now but I will try to get back to you later and answer some or all of your questions. It may be tomorrow.

hang in there. if you were able to delete that 04 line then you'll be ok and I can help you delete the file with an easier method.

 

Thanks again

 

2oldGeek, i really appreciate your help and was wondering if there was anything i could do to help you out. you helping me has inspired me to help others, i did well in school and was always decent with computers. i am now interested in helping others in removing malware from their computers and was wondering where you learned the info you know.