http://sgforums.com/forums/2250/topics/321603 en-US 60 <p>Thanks for the reply again, mayi.</p> <p>Nvm, I'll just skip... As of now..&nbsp; the lappie's fine... no problem yet.... You're my lappie's savior :D</p> Mon, 14 Jul 2008 16:39:55 +0800 sgforums.com:2250:321603:8240641 Detached http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by Detached:</div> <div class="quote_body"> <p><br /> How sia? Don't joke liao leh :(</p> </div> </blockquote> <p>Not kidding. Norton is a huge resource eater.</p> <p>You can uninstall Norton...</p> <p>And use this free antivirus - <a href= "http://www.antivir-pe.com/freet/index.php?id=25&amp;amp;domain=free-av.com" rel= "nofollow">http://www.antivir-pe.com/freet/index.php?id=25&amp;domain=free-av.com</a></p> Mon, 14 Jul 2008 16:36:08 +0800 sgforums.com:2250:321603:8240629 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by ndmmxiaomayi:</div> <div class="quote_body"> <p>Ask RP not to use Norton.</p> </div> </blockquote> <p><br /> How sia? Don't joke liao leh :(</p> Sat, 12 Jul 2008 15:04:25 +0800 sgforums.com:2250:321603:8236272 Detached http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by Detached:</div> <div class="quote_body"> <p>Update!</p> <p>The lappie has been hanging since the last CF, I could be surfing some sites on IE and the whole screen just freeze up. Running Taskmanager and ending whatever IE, MSN, Explorer.exe and re-running Explorer.exe doesn't solve the problem... die die gotta force shutdown..</p> <p>The process charge for 84 running processes shown on taskmanager gave me a shock.. RTVscan.exe (which I believe it's the antivirus) is running at 75k and all the usual processes that used to take like couple of hundred memory.. now takes thousands to run.. Total commit charge was capped at 60% when it hung..</p> <p>Save.Our.Soul!</p> </div> </blockquote> <p>Ask RP not to use Norton.</p> Sat, 12 Jul 2008 13:08:46 +0800 sgforums.com:2250:321603:8236067 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>Lol...no matter how strong a virus is, the uber-reformat will remove it <img src="/images/emoticons/classic/icon_lol.gif" alt= "icon_lol.gif" /></p> Sat, 12 Jul 2008 00:11:59 +0800 sgforums.com:2250:321603:8235310 ceecookie http://sgforums.com/forums/2250/topics/321603 <p>Update!</p> <p>The lappie has been hanging since the last CF, I could be surfing some sites on IE and the whole screen just freeze up. Running Taskmanager and ending whatever IE, MSN, Explorer.exe and re-running Explorer.exe doesn't solve the problem... die die gotta force shutdown..</p> <p>The process charge for 84 running processes shown on taskmanager gave me a shock.. RTVscan.exe (which I believe it's the antivirus) is running at 75k and all the usual processes that used to take like couple of hundred memory.. now takes thousands to run.. Total commit charge was capped at 60% when it hung..</p> <p>Save.Our.Soul!</p> Fri, 11 Jul 2008 23:48:04 +0800 sgforums.com:2250:321603:8235268 Detached http://sgforums.com/forums/2250/topics/321603 <p>Couldn't upload it to mediafire, after I clicked on upload - it returned an error page again. What could be the problem? It used to work for me.</p> <p>Anyway, sent the log to your email. Thanks :D</p> Fri, 11 Jul 2008 23:07:09 +0800 sgforums.com:2250:321603:8235222 Detached http://sgforums.com/forums/2250/topics/321603 <p>Gotcha!</p> <p>working on it now, will update as soon as I'm done :P</p> <p>Thanks again <img src= "/images/emoticons/classic/icon_biggrin.gif" alt= "icon_biggrin.gif" /></p> Fri, 11 Jul 2008 18:35:49 +0800 sgforums.com:2250:321603:8234749 Detached http://sgforums.com/forums/2250/topics/321603 <p>Download <a href="http://www.atribune.org/ccount/click.php?id=1" rel="nofollow"><strong><span style="color: blue;">ATF Cleaner</span></strong></a> and save it to your desktop.</p> <p>Double click on <strong>ATF-Cleaner.exe</strong> to run it.</p> <p>&nbsp;</p> <ul> <li>Click on <strong>Main</strong> at the top.</li> <li>Tick all the boxes except the <strong>Prefetch</strong> and <strong>Cookies</strong> box.</li> <li>Click on <strong>Empty Selected</strong> button.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">If you use Firefox</span></p> <p>&nbsp;</p> <ul> <li>Click on <strong>Firefox</strong> at the top.</li> <li>Tick all the boxes except <strong>Firefox Cookies</strong> and <strong>Firefox Saved Passwords</strong>.</li> <li>Click on <strong>Empty Selected</strong> button.</li> </ul> <p>&nbsp;</p> <p><span style="text-decoration: underline;">If you use Opera</span></p> <p>&nbsp;</p> <ul> <li>Click on <strong>Opera</strong> at the top.</li> <li>Tick all the boxes except <strong>Opera Cookies</strong> and <strong>Opera Saved Passwords</strong>.</li> <li>Click on <strong>Empty Selected</strong> button.</li> </ul> <p>&nbsp;</p> <p>Close ATF Cleaner when you are done.</p> <hr /> <p>&nbsp;</p> <ol> <li>Please download <a href= "http://www.besttechie.net/tools/mbam-setup.exe" rel= "nofollow"><strong><span style="color: blue;">Malwarebytes' Anti-Malware</span></strong></a> and save it to a convenient location.</li> <li>Double click on <strong>mbam-setup.exe</strong> to install it.</li> <li>Before clicking the <strong>Finish</strong> button, make sure that these 2 boxes are checked (ticked): <div style="margin-left: 2em"><strong>Update Malwarebytes' Anti-Malware<br /> Launch Malwarebytes' Anti-Malware</strong></div> </li> <li>Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the <strong>Update</strong> tab. Under <strong>Update Mirror</strong>, select one of the websites and click on <strong>Check for Updates</strong>.</li> <li>Select the <strong>Scanner</strong> tab. Click on <strong>Perform full scan</strong>, then click on <strong>Scan</strong>.</li> <li>Leave the default options as it is and click on <strong>Start Scan</strong>.</li> <li>When done, you will be prompted. Click <strong>OK</strong>, then click on <strong>Show Results</strong>.</li> <li>Checked (ticked) all items and click on <strong>Remove Selected</strong>.</li> <li>After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the <strong>Logs</strong> tab. The bottom most log is the latest.</li> </ol> <p>&nbsp;</p> Wed, 09 Jul 2008 22:28:32 +0800 sgforums.com:2250:321603:8230881 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by ndmmxiaomayi:</div> <div class="quote_body"> <p>Email can work?</p> <p>Copy and paste the the whole log.</p> <p>Mail is ndmmxiaomayi AT gmail DOT com</p> <p>AT = @</p> <p>DOT = .</p> <p>Remove all the spaces.</p> </div> </blockquote> <p><br /> Sent :D</p> <p>Thanks mayi</p> Wed, 09 Jul 2008 21:39:07 +0800 sgforums.com:2250:321603:8230750 Detached http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by Detached:</div> <div class="quote_body"> <p><br /> The same ol' thing, couldn't disable my antivirus but I still went ahead with running the CFScript.txt.</p> <p>I couldn't upload the log to mediafire, it returned a page error.</p> </div> </blockquote> <p>Email can work?</p> <p>Copy and paste the the whole log.</p> <p>Mail is ndmmxiaomayi AT gmail DOT com</p> <p>AT = @</p> <p>DOT = .</p> <p>Remove all the spaces.</p> Wed, 09 Jul 2008 21:18:12 +0800 sgforums.com:2250:321603:8230689 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by ndmmxiaomayi:</div> <div class="quote_body"> <p>Please download this file - <a href= "http://www.mediafire.com/?13diyhfhenb" rel= "nofollow">http://www.mediafire.com/?13diyhfhenb</a></p> <p>As per previous instructions, save it as <strong>CFScript.txt</strong></p> <p>Drag this file into Combofix.exe. Combofix will start running and produce a log when done. Please post this log when done.</p> </div> </blockquote> <p><br /> The same ol' thing, couldn't disable my antivirus but I still went ahead with running the CFScript.txt.</p> <p>I couldn't upload the log to mediafire, it returned a page error.</p> Wed, 09 Jul 2008 21:15:22 +0800 sgforums.com:2250:321603:8230677 Detached http://sgforums.com/forums/2250/topics/321603 <p>off topic abit.</p> <p>Mayi, and detached, sorry&nbsp;couldnt help =(</p> <p>Will do so after my olevels</p> Mon, 07 Jul 2008 19:00:24 +0800 sgforums.com:2250:321603:8224882 kenn3th http://sgforums.com/forums/2250/topics/321603 <p>Please download this file - <a href= "http://www.mediafire.com/?13diyhfhenb" rel= "nofollow">http://www.mediafire.com/?13diyhfhenb</a></p> <p>As per previous instructions, save it as <strong>CFScript.txt</strong></p> <p>Drag this file into Combofix.exe. Combofix will start running and produce a log when done. Please post this log when done.</p> Sun, 06 Jul 2008 20:57:33 +0800 sgforums.com:2250:321603:8222364 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>Update!</p> <p>There's a RUNDLL error when I logged in to windows, it reads "Error loading C:\Windows\system32\klajxgmf.dll - the specific module cannot be found"</p> Sat, 05 Jul 2008 09:30:08 +0800 sgforums.com:2250:321603:8219186 Detached http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by ndmmxiaomayi:</div> <div class="quote_body"> <p>Please post back the Combofix log.</p> <p>Log can be found at C:\Combofix.txt</p> <p>Hmm... might not be related to any virus issue...</p> <p>Sounds like an error or something.</p> </div> </blockquote> <p><br /> One thing to note: The beeping only started right after I downloaded w3hph.exe, it was fine before - now it takes so long to start windows :(</p> <p><a href="http://www.mediafire.com/?vwtcebny1tm" rel= "nofollow">http://www.mediafire.com/?vwtcebny1tm</a>&nbsp;&lt;--- Combofix log as you requested</p> Sat, 05 Jul 2008 00:56:18 +0800 sgforums.com:2250:321603:8218878 Detached http://sgforums.com/forums/2250/topics/321603 <p>Please post back the Combofix log.</p> <p>Log can be found at C:\Combofix.txt</p> <blockquote> <p>2) Whenever I log in to windows, there's always a "beep" sound (I left it out the other time)</p> </blockquote> <p>Hmm... might not be related to any virus issue...</p> <p>Sounds like an error or something.</p> Sat, 05 Jul 2008 00:53:18 +0800 sgforums.com:2250:321603:8218871 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>I think my laptop's heavily infected.. Every now and then, symantec would pop up a "static" window.. or a window to tell me it had detected a virus..</p> <p>The last detection was "Trojan.Vundo"... and it was "cleaned by deletion"..</p> <p>Gosh.. mayi... help <img src= "/images/emoticons/classic/icon_frown.gif" alt= "icon_frown.gif" /></p> Fri, 04 Jul 2008 21:37:06 +0800 sgforums.com:2250:321603:8218440 Detached http://sgforums.com/forums/2250/topics/321603 <p>Update!</p> <p>1) I couldn't disable my antivirus before running combofix with CFscript but I went ahead anyway</p> <p>2) Whenever I log in to windows, there's always a "beep" sound (I left it out the other time)</p> <p>3) I've deleted instafinder via Add/Remove Program</p> <p>4) Uploaded samples for analysis</p> Fri, 04 Jul 2008 20:44:06 +0800 sgforums.com:2250:321603:8218383 Detached http://sgforums.com/forums/2250/topics/321603 <blockquote> <div class="quote_from">Originally posted by ndmmxiaomayi:</div> <div class="quote_body"> <p>Off topic, you haven't grad?</p> </div> </blockquote> <p><br /> Grad'ed - I'm the 2nd batch <img src= "/images/emoticons/classic/icon_biggrin.gif" alt= "icon_biggrin.gif" /></p> Fri, 04 Jul 2008 17:52:19 +0800 sgforums.com:2250:321603:8218096 Detached http://sgforums.com/forums/2250/topics/321603 <p>OK, after uninstalling that, please do the following:</p> <p>Download the following file - <a href= "http://www.mediafire.com/?wlfdycs2cbg" rel= "nofollow">http://www.mediafire.com/?wlfdycs2cbg</a></p> <p>Save it as <strong>CFScript.txt</strong>. Don't change the file name. Save it in the same place as Combofix.</p> <p>Drag this file into Combofix.</p> <p>Picture for reference:</p> <p><img src= "http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif" height="65" alt="" width="149" /></p> <p>Combofix will start running and produce a log. Please upload that log to Mediafire.</p> <p>Also, it will ask you to upload samples for analysis.</p> <p><img src= "http://i266.photobucket.com/albums/ii277/sUBs_/CF-Submit_notice.gif" alt="" /></p> <p>Click <strong>OK</strong>.</p> <p><br /> Copy and paste the file path into the text box next to the Browse button (boxed up in red).</p> <p><img src="http://xs123.xs.to/xs123/08053/cfsumbit320.png" alt= "" /></p> <p>Click on <strong>Send File</strong> to upload it.</p> Thu, 03 Jul 2008 00:47:40 +0800 sgforums.com:2250:321603:8213343 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>Kazza, I did install in the past and have deleted it since months ago.</p> <p>Oh...</p> <p>One of the programs bundled with Kazza will hijack your home page...</p> <p>Uninstall this program if found - <strong>Instafinder</strong></p> Thu, 03 Jul 2008 00:33:04 +0800 sgforums.com:2250:321603:8213326 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>Off topic, you haven't grad?</p> Thu, 03 Jul 2008 00:30:29 +0800 sgforums.com:2250:321603:8213324 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>The Wixawin thingy - this is the 3rd time I've seen it. I can't put my fingers on anything yet. It seems to come with a lot of other crap, but no idea what's causing it.</p> Thu, 03 Jul 2008 00:29:15 +0800 sgforums.com:2250:321603:8213322 ndmmxiaomayi http://sgforums.com/forums/2250/topics/321603 <p>Update...</p> <p>Just couple mins ago, <a href="http://www.antispywareexpert.com" rel="nofollow">www.antispywareexpert.com</a> pop up again.. This is one of the website that automatically pop up for no reason :(</p> <p>Spy/Malware problem probably not fixed yet...</p> <p>&nbsp;</p> <p><a href= "http://www.wixawin.com/sg/ads/iphone.aspx?clickid=000ffC00OoeO31rcdqbk&amp;amp;ce_cid=000ffC00OoeO31rcdq0AtGKL8Bdtvd3f" rel= "nofollow">http://www.wixawin.com/sg/ads/iphone.aspx?clickid=000ffC00OoeO31rcdqbk&amp;ce_cid=000ffC00OoeO31rcdq0AtGKL8Bdtvd3f</a>&nbsp;&lt;-- another malicious pop up... that tells me "win this iphone"... argh...</p> Wed, 02 Jul 2008 20:35:54 +0800 sgforums.com:2250:321603:8212787 Detached http://sgforums.com/forums/2250/topics/321603