I've got a virus TR/Hiloti.A.163' and, it put 'Not configured' on everything in gpedit; also i can't install programs or copy/paste something, i need it to solve my virus problem; can someone say me is there copy/paste or installing, and can i enable it.
thanx
Hi,
Are you running an updated version of AVIRA? Here is a full description of the trojan:
Full description
Please download, install, update and run a FULL scan using FREE Malwarebytes. Post the log file here for us, so we can have a look at what else may be hiding in your system (Hiloti is known to download other malicious files).
Regards,
Golden
TR/Hiloti is a very malicious item that is designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits to record/steal your personal information
You will need to change all your passwords, using a known clean computer (not the infected one!) and notify your bank if you do any banking (or use credit cards) online.
First, let's flush the DNS cache and restore Ms's Hosts file.
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as administrator. Your computer will reboot itself.
Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Now Please run these two programs
Download and Run RKill
Please download RKill by Grinler from one of the 4 links below and save it to your desktop.
Link 1
Link 2
Link 3
Link 4
- Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
- Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
- A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
- Please post the resulting log in your next reply.
Then
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
- Double click combofix.exe and follow the prompts.
- When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
Quote