Home > Hijackthis Log > Hijackthis Log (thermida.do)

Hijackthis Log (thermida.do)

Another Themida problem :-) Discussion in 'Virus & Other Malware Removal' started by truck-ja3z, Oct 18, 2008. Prefix: http://ehttp.cc/?What to do:These are always bad. I would strongly advise you to only have one Anti-Virus with the Auto-Protect feature running at any one time!If you decide to only keep one Anti-Virus installed, you should uninstall the Join our site today to ask your question. have a peek here

Once I restarted the machine a little box came up with something about personal setting and scvhost, and this logo came up from Themida and www.oreans.com I of course stopped all No, create an account now. Now if you doubleclick the log file.Go to Edit > Select all, then to Edit > copy. The second part of the line is the owner of the file at the end, as seen in the file's properties.Note that fixing an O23 item will only stop the service

I suspect the virus( trojan/worm??) is embedded in Registry Keys.But unable to identitfy. Cookiegal, Oct 22, 2008 #7 Sponsor This thread has been Locked and is not open to further replies. Article Malware 101: Understanding the Secret Digital War of the Internet Article 4 Tips for Preventing Browser Hijacking Article How To Configure The Windows XP Firewall Article Wireshark Network Protocol Analyzer

Type Y to begin the cleanup process. Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Log in or Click here to Register a free account now! The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Results: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:53:33 AM, on 10/19/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe One of the best places to go is the official HijackThis forums at SpywareInfo. All trademarks are the property of their respective owners. Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabWhat to do:If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix

Register to remove all ads. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:12:08 There's your Hijack This log. Yikes!

First, Uninstall the below old versions of software: J2SE Runtime Environment 5.0 Update 6 Sunbelt CounterSpy Now install the current version of Sun Java from: Sun Java Runtime Environment Now I The time now is 04:08 PM. -- Mobile_Default -- TSF - v2.0 -- TSF - v1.0 Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of In the last case, have HijackThis fix it.O19 - User style sheet hijackWhat it looks like: O19 - User style sheet: c:\WINDOWS\Java\my.css What to do:In the case of a browser slowdown unable to "Anniversary"...

HijackThis uses a whitelist of several very common SSODL items, so whenever an item is displayed in the log it is unknown and possibly malicious. navigate here The HijackThis web site also has a comprehensive listing of sites and forums that can help you out. Can someone Thread Tools Search this Thread 08-30-2008, 09:15 AM #1 arteld Registered Member Join Date: Aug 2008 Posts: 1 OS: Vista Hello, I had themida and But that didnt fix the problem when i restarted ..

Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. I'm using Trend internet security as my anti-virus protection. Check This Out If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address.

This site is completely free -- paid for by advertisers and donations. Join over 733,556 other people just like you! Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely

Experts who know what to look for can then help you analyze the log data and advise you on which items to remove and which ones to leave alone.

It's free. You seemed to have down off of our radar unnoticed! Cookiegal, Oct 21, 2008 #5 truck-ja3z Thread Starter Joined: Oct 18, 2008 Messages: 4 nope .. .been told that program is no good. D:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

We invite you to ask questions, share experiences, and learn. Cheers, Arthur artsluver, Dec 2, 2006 #3 artsluver Private E-2 Hi, Sorry it seems rootkitrevealer will not save its log file. Tango with Themida Started by Squamish2 , Jan 29 2007 12:56 PM Please log in to reply 1 reply to this topic #1 Squamish2 Squamish2 New Member New Member 1 posts this contact form I have down loaded HJT to wipe this themida thing and i noticed a post by "gchagurl" with the same issue.

woops.