Home > General > Tsitra1044.exe


o Click the Close button to leave the control center screen. · On the main screen, under Scan for Harmful Software click Scan your computer. · On the left check C:\Fixed The next thing I'd do is to hunt around in \Windows\system32; \windows and c:\ for stuff created in and around a 10 second window of that date and time. Jump to content Build Theme! I would be glad to take a look at your log and help you with solving any malware problems.

scanning hidden files ... o Please leave the others unchecked. Completion time: 2007-10-23 17:44:38 - machine was rebooted . --- E O F --- Back to top #9 seymourcake seymourcake New Member New Member 10 posts Posted 14 November 2007 - Exterminate It!

tsitra11.exe is a Microsoft or Windows process but some versions of this exe carry viruses. Please check this Matcash Removal Guide and use this full registry values collection for Manual Matcash Removal. Contents of the 'Scheduled Tasks' folder "2007-10-23 20:23:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-23 17:43:00 Windows 5.1.2600 Service Pack

To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.Castle Cops To find out more information about how you got infected Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-20 16:30] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetFolders"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) "LockTaskbar"=1 (0x1) "NoSimpleStartMenu"=0 (0x0) "NoFavoritesMenu"=1 (0x1) "NoRecentDocsMenu"=0 (0x0) "NoRecentDocsHistory"=1 (0x1) "NoSMMyPictures"=1 (0x1) "NoStartMenuMyMusic"=1 (0x1) "NoResolveSearch"=1 IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06e7fbac-2133-11dc-990a-0014a5f4695f}] AutoRun\command - H:\LaunchU3.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{111E3A1D-D3B4-DFFB-0507-010707000200}] C:\WINDOWS\system32\lssas.exe .

Advertisement ages505 Thread Starter Joined: Oct 11, 2007 Messages: 2 Hi, I recently found a process running in my task manager called tsitra1044.exe. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Cheeseball81, Oct 15, 2007 #4 This thread has been Locked and is not open to further replies. Consistently helpful members with best answers are invited to staff.

The most common file size is 35,840 bytes. Have something to contribute to this discussion? scanning hidden files ... It's free.

Thread Status: Not open for further replies. Contents of the 'Scheduled Tasks' folder "2007-10-27 04:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-31 13:00:41 Windows 5.1.2600 Service Pack Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. Donnez votre avis Utile +0 Signaler Sugar 20 oct. 2007 à 22:58 Bonjour, J'ai exactement le meme probleme que toi et j'aurais aimé savoir si tu as trouvé comment s'en débarasser

Cheers 0 OPDiscussion Starter midnightmomma 9 Years Ago what i was saying was i deleted that file hours ago so i dont have access to it anymore. 0 OPDiscussion Starter midnightmomma For reasons I have detailed elsewhere on Daniweb, there is no way in hell we will consider a Dell system. ... As for ComboFix, go to the Virus section of this forum and one of Crunchie's posts will tell you where to download stuff you'll need. Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.SmartPCFixer.com is not affiliated with Microsoft, nor claim direct

In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet. PC Pitstop's Overdrive tests and spyware scan use information such as the company name, product name, or install directory. Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? lunarlander replied Mar 8, 2017 at 12:59 AM News from the web #3 poochee replied Mar 8, 2017 at 12:31 AM Help with wireless Debamar829 replied Mar 8, 2017 at 12:15

I see that you have uTorrent installed.Having P2p programs such as these raise the possibility of getting infected again.See here for information on P2P's.I will leave it up to you if Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. Use File, Exit to terminate Spybot Reboot your machine for the changes to take effect.

Register now!

Message Insert Code Snippet Alt+I Code Inline Code Link H1 H2 Preview Submit your Reply Alt+S Related Topics Windows 10 Freezes - 1 reply Need suggestions for gaming desktop - 8 scanning hidden autostart entries ... This has been a persisent problem for more than a year. Please re-enable javascript to access full functionality.

So here is my hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:19:41 PM, on 10/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot The first thing I will need you to do is to Download ONE of these anti-virus programs and install it.These are free. At the final dialogue box click Finish and it will launch Hijack This. Thread Status: Not open for further replies.

Go to http://www.virustota.../en/indexf.html Copy the following line into the white textbox: C:\Documents and Settings\Jonafer McDonald\remote.exe Click Send. If you find any of these registry values on your PC, your computer is very likely to be infected with the Matcash-trojan,adware,downloader. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. Attempting to delete F:\windows\system32\iiffghh.dllF:\windows\system32\iiffghh.dll Could not be deleted.

Save the above as CFScript.txt4. The repost your findings in relation to my questions in the Virus forum with your logs. KASPERSKY ONLINE SCANNER REPORTMonday, October 29, 2007 8:34:02 PMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: Anti-Virus database last update: 30/10/2007Kaspersky Anti-Virus database records: HijackThis logs can take a while to research.

Start here -> Malware Removal Forum. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ohphnnef.dll (file missing) O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Yahoo! Please don't get bought out by some large, impersonal company.