Dak

Its probably something similar to the reasoning behind this, although using some kind of in-game reward as opposed to money (as klaynos said). One of the iframes in the first site points to http://www.darkwars.org/index.php?a=clicked&id=90570 which, when viewed, gives this message: "You have just been recruited as one of Dansri0t's regular buyers!" So yeah, cheeky manipulation of the 'in-game insentive for reffering' probably. slightly off-topic, but one of the popups from the site above is the funnyest ive ever seen. 'IQ test. Are you stupid? click here to find out' lolz. I might click it just to see what happens. Out of interest, what's the difference between iframes and frames?

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 Its concidered 'risk ware', in that it can be an infection vector -- I wouldnt worry about it tho. Are any scans still finding things?

Zone-alarm. Windows firewall is one-way, which means if a trojan gets on your computer, theres nothing to stop it 'calling home' and downloading lots of crap onto your computer. Zonealarm is a two-way firewall, which gives you extra protection against trojans. If you install zonealarm, make sure to turn windows firewall off to avoid conflicts. (start > settings > control pannel > windows firewall) I wouldnt particulaly reccomend ScanSpyware or Spybouncer, as they are both on this list I guess you cant be 100% sure, espescially after getting a rootkit; however, Its quite common, after shifting an infection, to pick up residual bits of infections (left-over files, registry entries etc) that by themselves are harmless. The HijackThis log shows no active malware, and none of the infections in your last scanspyware/spywarebounser log can run in a way that wont show up in a HJT log, so I presume that they were inactive/left-over bits; espescially as none of the registry entries found match up to the files. To be sure, if you update and scan with all of the following programs: SpySweeper Microsoft Anti-spyware Ewido AVG As you have scanned with these already, they should already have found and removed everything that theyre going to find. If they find anything again, its a good indication that the files are being put back by some active malware. A good online anti-virus scanner is http://www.kaspersky.com/virusscanner so if you want to double-check, you could do that scan. It wont delete any files, but it will tell you if any are infected.

RE: creditcards, yes if you've used your creditcard online since getting infected you should definately cancel it. Part of haxdoors function is to look out for and steal creditcard info. RE: blacklight, looks like it glitched the first time and run properly the second. other than that, your guess is as good as mine. RE: spysweeper, its fine. The only file that looks like it could be dodgy is c:\documents and settings\sean{y}\local settings\temp\~dfbd4b.tmp, but its more-than-likely ok. if your concerned, run CCleaner again to clean out your temp files, and then run ms-antispyware and AVG to make sure your PC is clean. No problem

Cool, winlogon/notify and iexplore.exe seem to be intact. Dont bother with the rootkit revealer log if its playing up. To finish up cleaning delete any of the following files, if present -- C:\Windows\System32\avpu32.dll C:\Windows\System32\avpu64.sys C:\Windows\System32\klgcptini.dat C:\Windows\System32\qz.dll C:\Windows\System32\qz.sys C:\Windows\System32\stt82.ini also: 1)Update and scan with AVG 2) Flushing system restore To remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected) a. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. b. Reboot. c. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. ----------- 3) Cleaning temp files ...incase some maliciouse files are hiding there. Download and install CCleaner. Double click the CCleaner icon, and make sure only the following are checked under the "windows" tab: temporary internet files empty recycle bin temporary files old prefetch data Then click the 'applications' tab, and uncheck everything apart from temporary files under FireFox. Now, click on "analyse" and then "run cleaner" ----------- 4) Get rid of tools You may as well delete l2mfix, blacklight and rootkitrevealer, unless you want to keep them for any reason. ----------- 5) Get a firewall Download and install either ZoneAlarm or Sunbelt-Kerio. ---------- 6) Change all of your online passwords, due to haxdoors keylogger. Also, if you have used your creditcard online lately, I'd cancel it and get a new one. ---------- 7) Let the moral of the story be this: Avoid cracks, cos they have a tendancy to infect your computer.

That O20 belongs to spysweeper; also, the blackice log indicates that the haxdoor rootkit is no longer present. to make sure/fix the damage that haxdoor may have done: Could you post up a rootkit revealer log if it will work now (scan, and then go to file > save to generate a log file). Also, download l2mfix Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then use option 5 to solve this error condition. And go to http://virusscan.jotti.org/ and upload the file C:\Program Files\Internet Explorer\iexplore and copy/paste the results into this thread

Where are you guys getting all these haxdoors from? Rootkit revealer is supposed to start a service like that. Download and Save F-Secure Blacklight to your desktop. Double-click blbeta.exe then accept the agreement. click > scan then > next, After the scan has completed, dont click on 'next', because legit items can also be present there... Blacklight should have made a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers) Post the contents of the log in your next reply along with a fresh HijackThis log please.

Along the lines of what swansont said, 'evolution' to a creationists means 'the process(s) which started with absolute nothingness and resulted in humans', (ie sciences 'alternative version' of the book of genesis) so it already includes things like abiogenesis, the big bang, geology, astronomy, etc.

cheers

will they reach the same maximum speed due to gravity in a vaccume, reguardless of mass?

grey screen of mystery... thats a new one for me If you go to windows search and check for files modified since 25-12-05, then you might be able to pin down the corrupt file (if a corrupt file is the problem). On winXP, its start > search > for files/folders; select 'all files and folders', and then click on the 'when was it modified' drop-down. also click on the 'more advanced options' drop-down and make sure 'search hidden/system/sub-folders' are checkd.

If you want to avoid a reformat, i dont mind trying some more stuff, but 5614's right -- a reformat's possibly the easyest option right now. If you cant get rootkit revealer to work, then try this: Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Next, please reboot your computer in SafeMode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open Ad-aware and do a full scan. Remove all it finds. Run Avast!, and fix everything that it finds Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present. Reboot back into Windows normally make a new HJT log, or post up the old HJT log you made last time if you cant run HJT to get a new log, and i'll give you some suggestions.

If you could post up a rootkit revealer log, then that'll give us the info needed to start fixing your computer. Run rootkit revealer click 'scan' in the bottom left after the scan has finished, click on 'file' and then 'save' to save a log file. post the log file up into this thread. Also, a new HijackThis log please.

What do you see when you log on? Can you see the taskbar, start button, and icons on your desktop etc? Also, could you leave the logs that you post up please. I was going to go back and have another look-see at your last HJT log, but it's gorne Also, if you know the site that installed all this crap, could you PM me the address please. Needless to say, dont plonk a link up in this thread or anything.

^ viruses cant actually run from restore points, and its better to have a dirty restore point than none atall, espescially if you have a potentially distructive virus onboard at the time. After the virus is shifted, you can 'clean' system restore by turning it off, rebooting, and turning it on again, which erases all system restore points and then makes a new (hopefully clean) one.

Ah cool, so within windows but before the user profile is loaded. cunning; that would explain why its not being inpeded by haxdoor. I'll remember that, cheers Hat's off to Avast!

No problem. If it works, it'll be the easyer fix. avast may not be on haxdoors hit-list, or you may have an older variant of it. Hang on, what do you mean outside of windows? Is it running without windows being loaded?

[edit]5641: he has haxdoor, which [edit]usualy[/edit] stops anti-viruses from working. Also, its usually root-kited so the online-scans won't see it's main components.[/edit] Oh dear. Smitfraud will have to wait for a moment... you have another nasty one that might stop the tools needed to shift smitfraud from working. Please download Rootkit revealer Unzip it, run it, click 'scan' in the bottom left, and after its finished scanning go to 'file' > 'save' to save a log file. Post the log file up please.

This is HTML-troj.smitfraud that I asked if your anti-spyware had mentioned earlyer; it downloads a fake anti-malware program (spysherrif in your case), pisses about with your desktop, and trys to get you to pay money for the full version of spysherrif to remove smitfraud (you gotta admire its audacity ). Theres no anti-malware program that can fix this yet so it will have to be done manually. I suggest that you download HijackThis and extract it to your desktop. Run HijackThis, select 'do a system scan and save a log', and copy/paste the contents of the log into this thread, and I'll tell you what needs doing.

Im not sure that website that you linked to is offering great advice, 5614... deleting explorer.exe definately wont fix his problems. Cloud, if you go to cmd and type the following in (all on one line) and hit enter then reboot, you should be able to run explorer.exe again. copy C:\windows\ServicePackFiles\i386\wininet.dll C:\windows\system32\wininet.dll Note the space after 'copy' and after the first 'wininet.dll' Which anti-virus/anti-spyware do you have?

In my experiance, system restore functions perfectly up untill the point where you need it. Then, it generally either a/ doesnt fix the problem even though, logically speaking, theres absolutely no reason that it shouldnt, or more often b/ hasn't automatically made a restore point like it should have. Nice that it behaved itself this time

I've heard a theory that Gbrowser beta's have been logged at websites for quite some time: http://www.albinoblacksheep.com/download/gbrowser

I am surprised and amazed that system restore actually fuctioned correctly for once No problem

Antibiotics usually work by inhibiting bacterial metabolism or by disrupting bacterial cell walls; the chemicals that attack them do so by affecting molecules found only in bacterial cells, and not in human cells (such as peptidoglycan, a component of bacterial cell walls but absent from human cells) Viruses have no metabolism to inhibit, and unlike bacteria i dont think that there are any components of the virus shell that are common to all viruses, thus leaving no target of attack for a viral-shell-disruptor thingy. Chemicals can be made to attack specific viruses, but not viruses in general due to their lack of common identifying features.