Jump to content
cathy

Help Me!thanks!

Recommended Posts

My computer got a problem. "MS Removal tool" has pop up when I turn on the computer, and the wallpaper change to blue. Here is the report.

Hi cathy,

Orlano & edwin are both good at analyzing a HiJackThis report. They will study it for sure! (I hope, that nothing real serious has infected your computer: a rootkit or a rouge!)

Cheers,

sweidre

Share this post


Link to post
Share on other sites
Guest Orlando

Hi cathy,

 

Check these:

 

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

 

and the strings which end in: "(no file)" and click on "Fix", then restart Windows and when it is starting press f8, choose "Safe Mode with Networking" and then do a complete scan with Norton (I see you have it) or Immunet.

 

If you have any problems, feel free to contact me with PM,

Orlando

Share this post


Link to post
Share on other sites

Thanks sweidre and Orlando.

 

But..

Sorry that my computer have another problem now :(

 

I can't open exe file.

It shows

"Application HIJACKTHIS.EXE cannot be activated.

Reason: suspected in virus activity and moved to quarantine.

Please active your antivirus software to clean application."

 

 

Thats I can not use Hijackthis to fix it.

What can I do?

 

Thanks a lot!!!

Share this post


Link to post
Share on other sites

Thanks sweidre and Orlando. But..Sorry that my computer have another problem now :(

I can't open exe file. It shows

"Application HIJACKTHIS.EXE cannot be activated. Reason: suspected in virus activity and moved to quarantine. Please active your antivirus software to clean application."

Thats I can not use Hijackthis to fix it. What can I do? Thanks a lot!!!

Hi cathy,

As Orlando has taken over your case, you should get advice from him. Orlando is Italian and time in Italy should now be 05:10 AM (GMT +1 hour), so he is hopefully sleeping good now! I know, that you have both Immunet & Norton as Antivirus softwares. If Norton has placed HiJackThis.exe in its quarantine, I cannot help you, because I am not familiar with Norton. If Immunet has placed HiJackThis.exe as a malware in its quarantine, it is for sure a "false positive". Look at Immunet front screen -> Computer -> History -> Quarntine. If you see HiJackThis.exe in the left pane of the quarantine window, highlight this line (row), then you should see details in the right pane. Unfortunately copy to clipboard does not work in the right pane, so you must make a note on a piece of paper of the whole original path leading to the file "HiJackThis.exe".

Click on the button "restore" and now the file will be restored to its original path. Click not on button "remove", because the file is clean for sure and should be in use!

If you have the latest version of Immunet v.3.0.2.6548 installed, then your click on "restore" will automatically place the HiJackThis.exe file & its full path into the Exclusion List of Immunet, so Immunet will ignore this file in the future (=whitelisted).

If you have an older version of Immunet installed, you must manually place HiJackThis.exe & its full path into the Exlusion List of Immunet thus: Immunet Front Sheet -> Product ->Settings ->Protection Exclusions -> File Exclusions -> Add New Exclusion -> Browse (search & fill in the full path, that you noted on the the slip of paper). When settings are done, remember so click on the button "Apply" to save your settings!

 

Now, HiJackThis.exe is restored and works OK, unless Norton regards the file as malicious!

You should then report this "false positive" to the Immunet Cloud, but this Orlando will fix for you tomorrow!

 

I hope, that this will work now for you until Orlando will attend this Immunet Forum!

Cheers,

sweidre

Share this post


Link to post
Share on other sites
Guest Orlando

I think it isn't a FP, but a rogue software, I have found on the internet this guide, which can help you with that rogue, if you don't resolve with the guide I can connect with you by TeanWiever in remote to fix the problem.

 

Orlando

Share this post


Link to post
Share on other sites

I think it isn't a FP, but a rogue software, I have found on the internet this guide, which can help you with that rogue, if you don't resolve with the guide I can connect with you by TeanWiever in remote to fix the problem.

Orlando

Hi Orlando,

Have a look at this thread about Combofix for removal of rouges & rootkits:

"Combofix + Malwarebytes' A-M (Videos & Instructions) Removal of Rouges, Rootkits, Viruses & Spywares"

http://forum.immunet.com/index.php?/topic/980-combofix-malwarebytes-a-m-videos-instructions/page__p__5180__hl__combofix__fromsearch__1&do=findComment&comment=5180

Good Luck Orlando,

sweidre

Share this post


Link to post
Share on other sites
Guest Orlando

Rogue Software are my speciality, I like them. I have already saw them, but I prefer a manual removal to stay secure and then a scan with antimalware for check expert errors, all humans can do errors.

 

Orlando

Share this post


Link to post
Share on other sites

Rogue Software are my speciality, I like them. I have already saw them, but I prefer a manual removal to stay secure and then a scan with antimalware for check expert errors, all humans can do errors.

Hi Orlando,

I hope & expect you will fix cathys rouge problem yourself!

Cheers,

sweidre

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×