Jump to content


Photo

Help Me!thanks!


  • Please log in to reply
9 replies to this topic

#1 cathy

cathy

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 20 June 2011 - 03:21 PM

My computer got a problem.
"MS Removal tool" has pop up when I turn on the computer,
and the wallpaper change to blue.

Here is the report.
Thanks a lot.

Attached Files


  • reahwhems likes this

#2 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 20 June 2011 - 04:12 PM

My computer got a problem. "MS Removal tool" has pop up when I turn on the computer, and the wallpaper change to blue. Here is the report.

Hi cathy,
Orlano & edwin are both good at analyzing a HiJackThis report. They will study it for sure! (I hope, that nothing real serious has infected your computer: a rootkit or a rouge!)
Cheers,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#3 Guest_Orlando_*

Guest_Orlando_*
  • Guests

Posted 20 June 2011 - 06:43 PM

Hi cathy,

Check these:

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

and the strings which end in: "(no file)" and click on "Fix", then restart Windows and when it is starting press f8, choose "Safe Mode with Networking" and then do a complete scan with Norton (I see you have it) or Immunet.

If you have any problems, feel free to contact me with PM,
Orlando

#4 cathy

cathy

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 21 June 2011 - 02:09 AM

Thanks sweidre and Orlando.

But..
Sorry that my computer have another problem now :(

I can't open exe file.
It shows
"Application HIJACKTHIS.EXE cannot be activated.
Reason: suspected in virus activity and moved to quarantine.
Please active your antivirus software to clean application."


Thats I can not use Hijackthis to fix it.
What can I do?

Thanks a lot!!!

#5 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 21 June 2011 - 03:12 AM

Thanks sweidre and Orlando. But..Sorry that my computer have another problem now :(
I can't open exe file. It shows
"Application HIJACKTHIS.EXE cannot be activated. Reason: suspected in virus activity and moved to quarantine. Please active your antivirus software to clean application."
Thats I can not use Hijackthis to fix it. What can I do? Thanks a lot!!!

Hi cathy,
As Orlando has taken over your case, you should get advice from him. Orlando is Italian and time in Italy should now be 05:10 AM (GMT +1 hour), so he is hopefully sleeping good now! I know, that you have both Immunet & Norton as Antivirus softwares. If Norton has placed HiJackThis.exe in its quarantine, I cannot help you, because I am not familiar with Norton. If Immunet has placed HiJackThis.exe as a malware in its quarantine, it is for sure a "false positive". Look at Immunet front screen -> Computer -> History -> Quarntine. If you see HiJackThis.exe in the left pane of the quarantine window, highlight this line (row), then you should see details in the right pane. Unfortunately copy to clipboard does not work in the right pane, so you must make a note on a piece of paper of the whole original path leading to the file "HiJackThis.exe".
Click on the button "restore" and now the file will be restored to its original path. Click not on button "remove", because the file is clean for sure and should be in use!
If you have the latest version of Immunet v.3.0.2.6548 installed, then your click on "restore" will automatically place the HiJackThis.exe file & its full path into the Exclusion List of Immunet, so Immunet will ignore this file in the future (=whitelisted).
If you have an older version of Immunet installed, you must manually place HiJackThis.exe & its full path into the Exlusion List of Immunet thus: Immunet Front Sheet -> Product ->Settings ->Protection Exclusions -> File Exclusions -> Add New Exclusion -> Browse (search & fill in the full path, that you noted on the the slip of paper). When settings are done, remember so click on the button "Apply" to save your settings!

Now, HiJackThis.exe is restored and works OK, unless Norton regards the file as malicious!
You should then report this "false positive" to the Immunet Cloud, but this Orlando will fix for you tomorrow!

I hope, that this will work now for you until Orlando will attend this Immunet Forum!
Cheers,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#6 Guest_Orlando_*

Guest_Orlando_*
  • Guests

Posted 21 June 2011 - 07:18 AM

I think it isn't a FP, but a rogue software, I have found on the internet this guide, which can help you with that rogue, if you don't resolve with the guide I can connect with you by TeanWiever in remote to fix the problem.

Orlando

#7 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 21 June 2011 - 10:32 AM

I think it isn't a FP, but a rogue software, I have found on the internet this guide, which can help you with that rogue, if you don't resolve with the guide I can connect with you by TeanWiever in remote to fix the problem.
Orlando

Hi Orlando,
Have a look at this thread about Combofix for removal of rouges & rootkits:
"Combofix + Malwarebytes' A-M (Videos & Instructions) Removal of Rouges, Rootkits, Viruses & Spywares"
http://forum.immunet...ch__1#entry5180
Good Luck Orlando,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#8 Guest_Orlando_*

Guest_Orlando_*
  • Guests

Posted 21 June 2011 - 11:50 AM

Rogue Software are my speciality, I like them. I have already saw them, but I prefer a manual removal to stay secure and then a scan with antimalware for check expert errors, all humans can do errors.

Orlando

#9 sweidre

sweidre

    Legendary Member

  • Immunet Insiders
  • PipPipPipPip
  • 1,138 posts
  • LocationIdre parish, Älvdalen municipality, Dalarna county, Sweden

Posted 21 June 2011 - 07:14 PM

Rogue Software are my speciality, I like them. I have already saw them, but I prefer a manual removal to stay secure and then a scan with antimalware for check expert errors, all humans can do errors.

Hi Orlando,
I hope & expect you will fix cathys rouge problem yourself!
Cheers,
sweidre

My computer details with softwares have been moved to My Personal Page -> About me : http://forum.immunet.com/index.php?app=core&module=usercp&tab=members&area=aboutme


#10 malwarekiller

malwarekiller

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 21 August 2011 - 06:37 AM

google for mbam download and install,perform a full scan and post logs on next reply....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users