For the LOVE of GAWWD someone...

Discussion in 'Windows Desktop Systems' started by kc_Lily, Dec 6, 2005.

  1. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    Okay peoplz, I realize you have much better things to do than help a silly idiotic girl such as myself. But i am going to make the attempt before i explode my mother board so i can at least sday that i asked...
    Please excuse my spelling, i have NO TIME to spell check my finger-pecking.
    I am delerious, up all night, need to use my computer-ONLINE to complete finals.
    and someone....recently downloaded **** to my pc that has exploded.
    My background:
    I used to know a bit more about running command prompts as my ex-boyfriend is a dba and helped me to remove bastard AOL files from the registry..
    since then..
    many years later, with an unprotected computer running crappy spyware and anti-virus..
    i being the loser i am allowed my machine to become infected, and i DO NOT want to download anymore crap to scan the registry and rid files blah blah..
    i want to rip the bastard out myself, but i am not quite sure what i am looking for.
    I have been able to remove some aol **** AGAIN.
    but am not sure where the latest ass is hiding..i need help with manual removal..
    Pertinent info(please excuse my shorthand as i know it is not proper but i hope you get the gist.
    files that need to be removed are located:
    C:\WINDOWS\system32..
    search.html (can remove but reappears upon reboot)
    z15.exe
    z13.exe
    z14.exe
    z11.exe
    cmd32.exe (yes! i know i am retarded for getting this!)
    wpa.dbl
    obviously i cannot just click and delte, as the sysytem will not allow me..."access denied"program currently in use blah blah...because **** has encoded itself into my registry..

    so, i have gone to
    run-command prompt line "cmd"
    Now in dos mode:
    i type "regedit"
    i have located all paths for
    HKCU
    HKLM
    \software\microsoft\windows\current version\ run
    and deleted some "cmd" files and cleaned obvious software **** ..but i cannot find these files..
    I did notice
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DevicePath:
    REG_EXPAND_SZ\\%systemroot%\inf
    is this anything?
    i need help? please take pity on me before i explode my machine because i am willing to do it to rid it of this crap. I will borrow a friend's laptop or sit in a lab if i have to...
     
  2. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    please feel free to email me at Karen_carnessali@Yahoo.com
    cause if this machine explodes due to my "browsing" before someone can help me ...i could still use some direction for the next one i will destroy
    thanks!
     
  3. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    latest log:Scan Information: Object Name Status Action Infection Time C:\wsetup.exe Infected Quarantined Trojan-Clicker.Win32.Small.hn 12/06/05 12:22:42 C:\Quarantined Trojan-Downloader.Win13:07:45 C:\WINDOWS\system32\z16.exe Infected Quarantined Trojan-Dropper.Win32.Delf.pb 12/06/05 13:07:46
     
    Last edited: Dec 8, 2005
  4. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,931
    Location:
    Seattle
    Please post a Hijackthis log so we can assist you better
     
  5. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    I second that. We can get this one. Just post it when you have a chance.
     
  6. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    okay so now that i have loudly broadcast that i have wide-open ports to invade, and explore to god knows how many experts and probably gave you additional info to boot. I am going to go lurk about and try to "slepp" on this for an hour."and to any that want to eploit my retardedness and vunerabilities that i am so loudly advertising..well, i have nothin to hijack to speak of so eplore away and be awed by my $0 bank account and lack of any credit cards etc..enjoy. i am now BITTER! :)I AM SORRY for bothering you all..any who had the misfortune of reading this far...I apologize.I will stop now. !
     
  7. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    ummm, I'm confused.

    Posting the hijackthis log will allow us to diagnose, and recommend what to remove. hijackthis is capable of fixing your issue, without much fuss.

    Please, please post it.
     
  8. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    i am afraid to download this zip file now...okay, i will do it! I just deleted winzip.but screw it...doesn't it seem asinine to download a zip file that i am receiving from someone on the internet because my computer is infected with a virus and spyware from someone else who already dowloaded a file from an unknown source?i do not mean to offend you.i am just laughing at how stupid i am..isn't that like class #1 of NO nos?! okay i am doing it because i am that dumb.
     
  9. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    sorry!i have been up for 30 hours now and o am a bit behind..you are dealing with a "special needs" person..i am exceptionally RETARDED when it comes to technical issues.okay, now it is asking me to register my "hijack this"do you need a detailed log or just the list of infected files?
     
  10. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    detailed log. it will put it in a text file. copy the text, paste it here, we will go to work.
     
    kc_Lily likes this.
  11. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    I know your fustrated but you need to calm down a bit. It won't help you try to fix this problem. As suggested run hijackthis so we can see exactly what's going on.
     
    kc_Lily likes this.
  12. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    hello

    I am taking a quick break from working on a research paper to check back in.
    i attempted hijack this, but was asked for a registration fee after the initial scan and my request for a report.
     
    Last edited: Dec 8, 2005
  13. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  14. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,931
    Location:
    Seattle
    Already suggested post #4.
     
  15. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Yes, we do need that hijackthis log... while you are on that site kc lily, go ahead and download his tools to rid your system of coolwebsearch.

    Look forward to seeing it, just glancing at the spybot log there is a bunch of goodies still installed on your system, bunch of Yahoo bloat, some AOL.
     
  16. kc_Lily

    kc_Lily OSNN One Post Wonder

    Messages:
    8
    thank you so much!
    i am rested, took my pc offline and ripped everything out. I was afraid that i was going to have just strat all over-wipe everything out. But, i have checked and tested and there have been no reoccurances. so, far. I just logged-back on tonight and all suystems seem to be good, no reoccurrance of the worm.
    it was a learning experience. It was nice to know that you were all here.
    thanks!
    i have finals that i need to complete now, but i will be back to check-in, perhaps learn and just generally be a pain in the ass.
    thanks!
    :):laugh:
    -Karen
     
  17. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    I would still post a HijackThis log for me to check. ;)
     
  18. Grandmaster

    Grandmaster Electronica Addict Political User Folding Team

    Messages:
    10,574
    Location:
    Santa Clara, CA
    Haha, I guess she doesn't want the help :p
     
  19. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Karen, I think you misunderstand.

    Hijackthis is a program that will tell a qualified uer what is infecting-troubling some areas of your computer. It sends nothing out about who you are or personal information. It simply creates a log of things that it finds. If you would post that log file here many of the informed users that frequent this site can help to get things fixed.

    I would suggest also that you download, update and run.

    Spybot, search and destroy. It is a program that will remove unwanted popups, ads, and or some forms of viruses.
    Ad-Aware by Lavasoft. A program of the same sort as the one above, but has some differences to help catch other forms of software pests.
    AVG Free Anti-Virus. Free, easy to use Anti-Virus that doesn't use up alot of system resources, such as memory.


    I personally use all of the above and Hijackthis on all my computers.

    http://www.lavasoftusa.com/software/adaware/
    http://users.belgacom.net/bn657515/spybot/spybot-downloading.htm
    http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5