Administrator Lite Posted April 9, 2010 Administrator Share Posted April 9, 2010 Post another HJT log.Also check your file associations.You might like to run Hitman Pro too. (Hold down the shift key when you run attempt to open it) Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 9, 2010 Author Share Posted April 9, 2010 Update has been posted running Hit man now. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted April 9, 2010 Administrator Share Posted April 9, 2010 Also try Microsoft Malicious Software Removal Tool.RUN > MRT > Full Scan.Full scan will take about 4-6 Hours depending on your system. But always works for me. :) Link to comment Share on other sites More sharing options...
Administrator Lite Posted April 9, 2010 Administrator Share Posted April 9, 2010 MeTuS Client is used for DOS attacks. I suggest you remove this immediately if you want help here.Terminate these proceses (task manager):C:\Windows\Rcikia.exeC:\Windows\tsnp2std.exeC:\Program Files\MSI Afterburner\Bundle\OSDServer\RTSS.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\MSI Afterburner\MSIAfterburner.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFE.EXEC:\Program Files\Xfire\Xfire.exeC:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exeC:\Program Files\iTunes\iTunes.exeC:\Users\Media\Desktop\Private tools and exploits\MeTuS Client 3.0.2\MeTuS_Client_3.0.2.exeC:\Program Files\WinRAR\WinRAR.exeC:\Program Files\SmartFTP Client\SmartFTP.exeC:\Program Files\No-IP\DUC20.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Users\Media\AppData\Local\Google\Chrome\Application\chrome.exeDelete this via HJT:O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Media\AppData\Local\Temp\Rjg.exeO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\..\{2554BA2D-D3F2-48F7-A239-281DBFE91A87}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS1\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CS2\Services\Tcpip\..\{04799FE7-064D-422D-AF34-9EFA6272FEBF}: NameServer = 93.188.163.60,93.188.166.164O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.60,93.188.166.164Restart your computer and re-run and re-post your HJT log. Link to comment Share on other sites More sharing options...
BBs Posted April 9, 2010 Share Posted April 9, 2010 Are you sure that you fixed the items i posted above?PS:After you fixed them. (Again?) Do the following:1. Scan with SuperAntiSpyware Free Portable: Download ---> Run ---> Update ----> Scan: http://portable.superantispyware.com/sassaferun.php2. Scan with A-Squared Anti-Malware Free: Download ---> Install ---> Run ---> Update ----> Scan: http://download4.emsisoft.com/a2FreeSetup.exe3. Scan with Hitman Pro : Download ---> Install ---> Run ----> Scan: 32bit: http://files.surfright.nl/HitmanPro35.exe 64bit: http://files.surfright.nl/HitmanPro35_x64.exeThen post again a new Hijackthis Log.PS: A-Squared and SuperAntiSpyware should find and fix everything! Link to comment Share on other sites More sharing options...
HX1 Posted April 9, 2010 Share Posted April 9, 2010 that program makes undesired changes to host file.Yes wanted to point out that if you don't pay attention while installing and selecting option that 'UNDESIRED' activity will occur, and EVERYTHING that SpyBot does, can be reversed.. including locking the Hosts file from editing and the TeaTimer for IE.Truthfully registry entries would be a good place to look .. and SpyBot does that..@BBs - Hitman Pro will get the baddies and quick.. even if they smell funny..LOL Link to comment Share on other sites More sharing options...
shought Posted April 9, 2010 Share Posted April 9, 2010 Spybot S&D and Trojan Remover should be capable of fixing this, as this isn't a very nasty one (even though Trojan Remover is capable of busting some nasty ones).This file: Rcikia.exe should be removed from your PC.What's most important in malware cleaning is that you understand how it (malware) works and if you do you'll be able to make sure it doesn't get a chance at doing what it does. Lite gave you a pointer at this.Proper actions (in chronological order):- make absolutely sure no malware is running (by closing anything not vital to your system operations).- use HJT to disable the entries Lite suggested.- use a Trojan Remover normal scan (if it finds anything fix it, but don't reboot (unless it gives you no option (i.e. it has found some malware which it has to remove and is only able to do so by rebooting), then go back to step one).- use a Trojan Remover full system/disk scan (I know it takes long, but it's worth it...), make sure you fix everything, then afterwards run another normal scan.- use a Spybot S&D scan.- reboot.- If needed repeat procedure one more time.A standard guide for all malware related issues:1. Shut down all processes not vital to your system operations (this may even include explorer.exe).2. Use an online scan like TrendMicro HouseCall.3. Use Trojan Remover, Spybot S&D (, Hitman Pro) and your own AV (after each other, without rebooting in between, if you have to reboot because of some reason, do this step over).4. Reboot.5. Repeat step 3.6. Check back here for additions as my malware removal skills have gotten a little old and rusty and I might want to update this at some point.7. Done.Note: You may want to replace Trojan Remover and Spybot S&D with your 'own' preferred products, but I suggest these as they've always served me well. You also might want to use more than just two products, do make sure you finish all scans without rebooting in between before you go forward to 'reboot and repeat step 3'. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 10, 2010 Author Share Posted April 10, 2010 I think the virus is now gone however I get 2 errors.1)RTSSCannot load RTSSHocks.dll library!2)MSI On-Screen Display serverFailed to initialize main window with dark.usf skin, revering to default skin!How do I fix these? Link to comment Share on other sites More sharing options...
HX1 Posted April 10, 2010 Share Posted April 10, 2010 What are those referring too exactly.. did you use a dark skin on anything? .. and RTSSHocks belongs to what? ( Point right here being .. are these legitimate or more entries of a trojan as it proceeded to run.. ) If you still have registry entries or startup values pointing to any of these files you may need to delete them and/or cleanup what took place while you were trying to clean them up.. Why he mentions 'Rinse and Repeat' as necessary.. Link to comment Share on other sites More sharing options...
BBs Posted April 10, 2010 Share Posted April 10, 2010 For 1:Reinstall the Steam Software.For 2: Reinstall Msi Afterburn On-Screenhttp://event.msi.com/vga/afterburner/PS: If you don't have MSI Afterburn On-Screen, then check your softwarelist if you find anything like that, and try to uninstall it! Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 10, 2010 Author Share Posted April 10, 2010 Seems to be all fixed now we will see what happens in the next could of days. Link to comment Share on other sites More sharing options...
AshTheGamer Posted April 14, 2010 Author Share Posted April 14, 2010 Sorry for the double post just letting you all know its been a while and the virus has been evicted :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.