News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 26, 2014, 18:33:04
Pages: [1]   Go Down
Topic: IMPORTANT - please read before asking for help or offering help  (Read 16427 times)
0 Members and 1 Guest are viewing this topic.
« on: August 04, 2006, 08:42:41 »
Malware Scum, Die!
TeMerc Offline
Countermeasures Leader
Administrator WWW

Karma: 66
Posts: 6145

Following are some guidelines that will make it easier for experts in this forum to provide assistance.

In this forum it is strictly forbidden to offer help or advice in anyway, shape manner or form, unless you are authorized by ADMIN

The users below are authorized to offer help on this forum board:
tim s
Simon V.
Also any member listed as an MS-MVP.

Any information or help posted by unauthorized members is subject to immediate removal without notice by Mods\Admin.

***Do not use the attachment option to add your HijackThis! log file. Please include it into your post***

HijackThis analysts go thru a rigorous and lengthy period of training to get 'certified' to offer analysis. This is not to imply that they are infallible, and do not make mistakes. By registering to become a member, you acknowledged:
The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Before posting:
Check to see if the problem and solution are already mentioned in the forums - you may be able to determine a fix from these instead of starting a new thread. (You can use the Search option, located near the top of every page, to search for posts related to your problem.)

For ease in troubleshooting the HijackThis logs and because some spyware can be easily removed, it's a good idea to first run a good spyware removal program, we recommend using Malwarebytes' Anti-Malware.
Download it from here and save it to your desktop

If you're using IE7 you may get prompted to allow the download, please do so.
  • Double-click mbam-setup.exe icon: and when the download dialog box appears, please tick the 'Launch Malwarebytes' Anti-Malware when download completes' as displayed:
  • Select your language when this option is displayed.
  • Follow default installation instructions
  • Decide if you would like a 'Start Menu' folder created when this option is displayed
  • Choose your options of preference on the 'Select Additional Tasks' screen
  • Review your choices at the 'Ready To Install' screen
  • At the end, be sure a checkmark is placed next to 'Update Malwarebytes' Anti-Malware' and 'Launch Malwarebytes' Anti-Malware' as displayed here:
  • Then click the button
  • Please read the information box when it appears and click the button
  • Please allow access via your firewall if an alert is presented to you
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select 'Perform full scan' as displayed here:
  • Then click  button
  • When the scan is complete, you will be presented with a message as such, click the button then click the button
  • Be sure that each item has its box ticked as displayed
  • Then click
  • When removal is completed, a log will open in Notepad. Please save it to your desktop for easy access. Copy the contents of the file and paste it back into your thread for review along with a fresh HJT log. The log is also default saved to the following location: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
* If you have really discovered a new pest in the wild, one of the spyware experts will probably ask you to send them a copy of the files before deleting them. Please try to get this to them if possible! Having a copy of the pest helps anti-spyware folks analyze what it does, how best to remove it, and how to build detection rules for programs such as MBAM and others such as Spybot Search & Destroy v1.5 andAd-Aware 2007

When posting:
Please use a 'Subject' line that briefly describes your problem. Avoid generic subject lines such as "Help" or "HijackThis Log". A better subject line might contain a brief description of the problem - "Homepage reset to" or "Porn pop ups appearing even while offline" - or even the name of an offending program file or Web site that is giving you trouble. Chances are good that SOMEONE has seen the problem before, and putting the important bits in your subject will help them notice your message.

In the body of your message, describe the problem in detail. If you can, give details about when it is happening (anything seems to trigger it) or when it first started. Also, be sure to mention what steps, if any, you have already taken to try to fix it. (This will help prevent people recommending solutions you have already tried). If you can, specify what operating system/version (e.g. Windows 95, 98, 2000...or MacOS X, etc.) you are using. If the problem involves a Web browser, specify which browser (e.g. Internet Explorer) you are using.

Finally, include a HijackThis log as mentioned above.

Important notes:
Please don't post your help requests, log files, etc. in threads started by someone else, even if you're having the same problem mentioned in that thread. Start a new thread.

Don't spam the boards with multiple copies of essentially the same request, or post your request to multiple forums. This is unlikely to get you a faster response, but likely to annoy other users, including those that could give you assistance. Such duplicate messages will be removed, and in severe cases, the poster will be blocked from the forums.
*If you are not sure which forum your post belongs in, just post it in ONE forum - the admin or a moderator will put it in the proper forum if it's not already there.

Don't send help requests, log files, etc. to individual users (including moderators or the administrator), e.g. by email or private messages. When a problem is posted and solved on the boards, the solutions are available to everyone. Solving one through private channels takes just as much time (or more), but doesn't help anyone else. It also distracts whomever you're pestering from dealing with problems they have more experience with.

Most importantly...don't be rude to the other forum users! Even the site admins, moderators and the spyware experts that are solving problem after problem on the boards are unpaid volunteers, and have real lives and day jobs. Please do not 'DEMAND' someone come to your aid, or act discourteous to someone giving away their time to help you out.

Some questions that occasionally come up:

Q: My post has been viewed X times, but nobody has replied. Why not?

A: If someone knows how to answer your question, they'll answer it...but if not, they'll leave it for someone who does. Most problems posted on these boards get solved, but it can take some time before the right people see your message and respond to it. Another reason for multiple views to subjects that appear to be overlooked is that some replies are simple copy and pastes and do not require much research. While other logs require 20-30 minutes or more to research and craft a reply. So not all analysts will reply to posts in order.

Q: "My post has been viewed only 9 times, but the one next to it has been viewed 800 times! Am I that unpopular?"

A: Posts with a lot of views are usually old topics that have been on the boards for some time. Occasionally, someone will reply to an older topic, which has the side-effect of bumping it back up to the top of the board, which is why topics with a lot of replies may still appear near the top. (See next question.) To be sure that your message is being noticed, and by the right people, be sure to use a Subject line that helps identify your problem - avoid generic subject lines like "Help please" or "HijackThis log".

Q: What does it mean when somebody replies to a message with "BUMP"?

A: Occasionally someone will "bump" a topic back to the top of the list by posting a reply. If this is the only purpose of the reply, the poster might just put "bump" as the text of the message to indicate this. (Note: Please refrain from indiscriminately bumping topics until they are at least 24 hours old.)
« Last Edit: April 26, 2009, 15:19:45 by TeMerc » Logged

« Reply #1 on: April 07, 2007, 19:46:01 »
Malware Scum, Die!
TeMerc Offline
Countermeasures Leader
Administrator WWW

Karma: 66
Posts: 6145

HijackThis! now has its own installer, being nearly foolproof.

Please download HijackThis! SetUp from here. Save the file to your desktop.
  • Double-click the icon to begin the installation.
  • Follow the prompts for the default install location of:'C:\Program Files\HijackThis'.
  • Tick the button when the option appears.
  • Then hit the button.
  • At the 'Ready To Install' section hit the button and HJT will open
  • Then press the button. Once you've pressed the button, it will turn into a button.
  • Click the button and a notepad file will open up with the contents of the scan. Right-click in the saved log, and select.
  • Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.
Note: The Trend Micro HijackThis! is now out of beta and if you have already installed it there is no need to install the version listed above. Please be sure to update your beta version if you have it.


Some of the common tasks performed with HijackThis!

Open HJT
  • Click the button.
  • Then click the button in the lower right hand of the program.
  • Select the button.
  • In the upper left hand side of the program tick the two boxes
  • Select when prompted by the dialog box.
The resultant scan will produce a notepad log file, please paste that log file back into your thread.

Using ADS Spy
Open HJT
  • Click the button
  • Then click on the button
  • Then click the button
  • Then untick the box
  • Then click the button
  • When it finds the file, select it and hit the button
  • Close HJT
Generating an uninstall list
Open HJT
  • Open HJT, click the button.
  • Click on the button
  • Click on the button
  • Click on the button
  • Then click on the button and specify where you would like to save this file.
  • When you press button a notepad file will open with the contents of that file.
  • Copy and paste the contents of that notepad back into your thread.
Finding an uninstall command
Open HJT
  • Select the button
  • Then click the button
  • then select the button
  • Then select the button
  • Hilight the specified entry and copy the uninstall command info which will be in the upper right hand corner of HJT ash shown below

Overall HiJackThis Tutorial

How To Use The Process Manager

How To Use Hosts File Manager

How to use 'Delete On Reboot' Tool
« Last Edit: March 10, 2008, 08:55:02 by TeMerc » Logged

« Reply #2 on: July 29, 2007, 10:27:38 »
Malware Scum, Die!
TeMerc Offline
Countermeasures Leader
Administrator WWW

Karma: 66
Posts: 6145

The Trend Micro version of HijackThis is now out of beta. The current version is 2.02.

Users should update their copies immediately if they are using that version.

Note on the 'Analyze This' button: This button serves no 'real' purpose. It does not give you any information which you can use to see what is 'legit' or not. It is a very poorly designed feature to show stats on items in your log. Stay away from it. Let the helpers in the forum assist you in removing what is presented in the log.

If you are still using the older 1.99.1, that is also acceptable.

« Reply #3 on: February 23, 2008, 09:20:05 »
Malware Scum, Die!
TeMerc Offline
Countermeasures Leader
Administrator WWW

Karma: 66
Posts: 6145

To eliminate any potential conflicts with our removal methods please do not install any software of any type which you think may be helpful. In all likelihood they will not be of much use if any at all and may complicate things further.

Also please be sure to perform only the instructions that have been posted and nothing more. Instructions are given in a specific order in many cases and attempts at steps which you may think are helpful, may not be. And please refrain from using any other tools unless instructed to do so, thanks.

If you have already run any tools, please specify which tools they were and provide any logs generated by said tools. This will help the volunteers in deciding how to proceed with malware removal.
« Last Edit: June 01, 2008, 17:06:06 by TeMerc » Logged

« Reply #4 on: February 24, 2008, 22:12:57 »
Malware Scum, Die!
TeMerc Offline
Countermeasures Leader
Administrator WWW

Karma: 66
Posts: 6145

I would like to encourage users to refrain from posting a log in multiple forums when seeking help with malware removal.

When you do this, it ties up a helper on a log that another is also helping someone with. This causes one more person to have to wait that little bit longer.

If you do happen to post in another forum, and we find out, we may lock and\or delete your post.

In most cases the logs on this board are replied to well within 24 hours, usually far less.

« Last Edit: December 08, 2008, 13:29:27 by TeMerc » Logged

Pages: [1]   Go Up
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.281 seconds with 20 queries.