9 replies to this topic

[cathy]

My computer got a problem.
"MS Removal tool" has pop up when I turn on the computer,
and the wallpaper change to blue.

Here is the report.
Thanks a lot.

Attached Files

•  hijackthis.zip   5.47KB   3 downloads

[sweidre]

My computer got a problem. "MS Removal tool" has pop up when I turn on the computer, and the wallpaper change to blue. Here is the report.

Hi cathy,
Orlano & edwin are both good at analyzing a HiJackThis report. They will study it for sure! (I hope, that nothing real serious has infected your computer: a rootkit or a rouge!)
Cheers,
sweidre

[cathy]

Thanks sweidre and Orlando.

But..
Sorry that my computer have another problem now

I can't open exe file.
It shows
"Application HIJACKTHIS.EXE cannot be activated.
Reason: suspected in virus activity and moved to quarantine.
Please active your antivirus software to clean application."


Thats I can not use Hijackthis to fix it.
What can I do?

Thanks a lot!!!

[sweidre]

Thanks sweidre and Orlando. But..Sorry that my computer have another problem now
I can't open exe file. It shows
"Application HIJACKTHIS.EXE cannot be activated. Reason: suspected in virus activity and moved to quarantine. Please active your antivirus software to clean application."
Thats I can not use Hijackthis to fix it. What can I do? Thanks a lot!!!

Hi cathy,
As Orlando has taken over your case, you should get advice from him. Orlando is Italian and time in Italy should now be 05:10 AM (GMT +1 hour), so he is hopefully sleeping good now! I know, that you have both Immunet & Norton as Antivirus softwares. If Norton has placed HiJackThis.exe in its quarantine, I cannot help you, because I am not familiar with Norton. If Immunet has placed HiJackThis.exe as a malware in its quarantine, it is for sure a "false positive". Look at Immunet front screen -> Computer -> History -> Quarntine. If you see HiJackThis.exe in the left pane of the quarantine window, highlight this line (row), then you should see details in the right pane. Unfortunately copy to clipboard does not work in the right pane, so you must make a note on a piece of paper of the whole original path leading to the file "HiJackThis.exe".
Click on the button "restore" and now the file will be restored to its original path. Click not on button "remove", because the file is clean for sure and should be in use!
If you have the latest version of Immunet v.3.0.2.6548 installed, then your click on "restore" will automatically place the HiJackThis.exe file & its full path into the Exclusion List of Immunet, so Immunet will ignore this file in the future (=whitelisted).
If you have an older version of Immunet installed, you must manually place HiJackThis.exe & its full path into the Exlusion List of Immunet thus: Immunet Front Sheet -> Product ->Settings ->Protection Exclusions -> File Exclusions -> Add New Exclusion -> Browse (search & fill in the full path, that you noted on the the slip of paper). When settings are done, remember so click on the button "Apply" to save your settings!

Now, HiJackThis.exe is restored and works OK, unless Norton regards the file as malicious!
You should then report this "false positive" to the Immunet Cloud, but this Orlando will fix for you tomorrow!

I hope, that this will work now for you until Orlando will attend this Immunet Forum!
Cheers,
sweidre

[sweidre]

I think it isn't a FP, but a rogue software, I have found on the internet this guide, which can help you with that rogue, if you don't resolve with the guide I can connect with you by TeanWiever in remote to fix the problem.
Orlando

Hi Orlando,
Have a look at this thread about Combofix for removal of rouges & rootkits:
"Combofix + Malwarebytes' A-M (Videos & Instructions) Removal of Rouges, Rootkits, Viruses & Spywares"
http://forum.immunet...ch__1#entry5180
Good Luck Orlando,
sweidre

[sweidre]

Rogue Software are my speciality, I like them. I have already saw them, but I prefer a manual removal to stay secure and then a scan with antimalware for check expert errors, all humans can do errors.

Hi Orlando,
I hope & expect you will fix cathys rouge problem yourself!
Cheers,
sweidre

[malwarekiller]

google for mbam download and install,perform a full scan and post logs on next reply....