Im having trouble with the above virus or W32.IRCBot my virus scans dont seem to be able to find it so i downloaded hijack this can somone read over the HJT log and tell me what i need to do? thanks in advance Lief
Ok, the first thing that we need to do is turn off system restore. Right click "My Computer" and select "Properties". You will see a tab called, "System Restore". Select "System Restore" and check the little box next to, "Turn off System Restore on all drives". We turn this off because when we remove the Trojan, we don't want it in our "System Restore" to possibly infect the machine again. Now I need you to download the following programs. XoftspyPress here. Ad-Aware SE Personal (Lavasoft)Press here. Spybot Search & Destroy Press here. CCleaner Press here. A-Squared Free Press here. Erunt Press here. Make sure to open each of the programs and get the latest updates for all of them. This includes getting the latest DAT file for your McAfee. Since System Restore is turned off the first thing that I want you to do is run Erunt. This will make a backup of your registry. Hopefully we will not need it, however, it is a good thing to have if anything goes wrong. Remember that the backup you are making is not a backup to save for the future. I keep Erunt on my machine because if you make a backup of your registry in XP is does not copy all of the files. It is a good program to have. Now reboot your computer in safe mode. To do this as the BIOS screen appears start pressing F8 repeatedly and a DOS menu will appear. Select safe mode and run all of the programs. The next step is the crucial step. [bold]This is dangerous to do if you are a beginner so pay attention. Copy and past this text in Notepad or Word if you need to.[/bold] 1) Click Start > Run. 2) Type regedit then click OK. 3) Navigate to the keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 4) In the right pane, delete the value: "window2" = "ssvchost.exe" 5) Navigate to the key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services 6) In the left hand pane, delete the key: "Media Player" 7) Exit the Registry Editor. I know this may sound complicated but do as the instructions say. When I say navigate, I mean to find. when I say delete I mean to delete the value that I specified. Hopefully you will have little problems in accomplishing these task. After this your machine should be clean. Last item on the docket! Open "My Computer" double click the "C" drive and create a new folder. Name the new folder HijackThis. Open this folder and drag and drop your current HjT inside. Now right click HijackThis.exe and rename it to HjT.exe. Now right click it again and create a shortcut on your desktop. HjT makes backups of its work. It needs to be in its own folder. Post another report after all is complete.
That is good advice Niobis. I will suggest it if the first suggestion I made does not get the problem fixed. Thanx!
The file you told me to delete in reg edit was not found also when i boot up in safe mode is there a way to make the whole screen visible? it gets pretty confusing not being able to see what im trying to click
In the control panel go to appearance and themes > display and make your visual adjustments under the tab called settings.
