|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
 Posted: Mon Jun 07, 2004 4:36 am Post subject: HELP ME IF YOU CAN please |
|
|
keep reading...
Last edited by Lost_and_confused on Tue Jun 08, 2004 3:27 am, edited 2 times in total |
|
| Back to top |
|
 |
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Mon Jun 07, 2004 4:41 am Post subject: |
|
|
keep going...
Last edited by Lost_and_confused on Tue Jun 08, 2004 3:28 am, edited 1 time in total |
|
| Back to top |
|
|
Blast
News Admin
Premium Member
Joined: Sep 20, 2003
Posts: 1832
Location: A Kiwi in Sydney, Australia
|
| Posted: Mon Jun 07, 2004 5:34 am Post subject: |
|
|
Can you cut and paste your log so it is viewable without downloading the file. It makes it far easier for the experts
cheers....
_________________
Blast
---------------------------
"Timing is the essential factor in the success of any raindance"
--------------------------- |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Mon Jun 07, 2004 6:11 am Post subject: |
|
|
Ive posted an updated one...
Last edited by Lost_and_confused on Tue Jun 08, 2004 3:28 am, edited 1 time in total |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Mon Jun 07, 2004 3:10 pm Post subject: |
|
|
almost to the newest post...
Last edited by Lost_and_confused on Tue Jun 08, 2004 3:29 am, edited 1 time in total |
|
| Back to top |
|
|
QuietFusion
1st Responder
Premium Member
Joined: Feb 27, 2004
Posts: 1176
Location: USA
|
| Posted: Mon Jun 07, 2004 9:22 pm Post subject: |
|
|
Hi,
First search for your Hosts file and delete it. The file is located in the following folder:
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
NOTE: Don't delete lmhosts or Hosts each is a SAM file that you need. Just the Hosts file.
We'll get you a newer hosts file later when we're finished.
Now download LSPFix
1.Unzip and run LSPFix.
2.Check 'I know what I'm doing'.
3.Select inetadpt.dll.
4.Click the right-pointing 'arrows' and move all instances of inetadpt.dll and nothing else to the Remove (RHS) side
5.Click the 'Finished' button. (if you exit with the X at top right nothing happens)
6. Delete inetadpt.dll
Save the following uninstallers to your desktop, you'll need these later
http://lop.com/toolbar_uninstall.exe
http://lop.com/new_uninstall.exe
Now download Download the following CWshredder, Ad-aware, & Spy-Bot.
- Updating Ad-aware:
Double-Click the Desktop Icon > Click 'Check For Updates Now' > Click 'Connect'
- Updating Spybot:
Double-Click the Desktop Icon > Click Update > Drop-Down Box UniDo(Europe) > Select Pure-Elite(USA) or EON (AU) > Click 'Search for Updates' > Click 'Download Updates'
Now rebooot into safe mode (press f8 during reboot, select safe mode) and DON'T reconnect to the net.
Run both of the uninstallers you saved to your desktop.
Click 'Fix' with CWShredder and allow the program to fix what it finds.
Close CWShredder, open Ad-aware and make the following changes to the settings in Ad-aware.
- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
Check: "Let Windows remove files in use at next reboot."
Press 'Proceed'
Press 'Start'
- Select option 'Use Custom scanning options'
- Click 'Activate in-depth scan'
- Press 'Select drives\folders to scan' Select the active partition which is usually C:
- Click Customize
- Make the following are all are Checked
*'Scan Within Archives'
*'Scan Active Processes'
*'Scan Registry'
*'Deep Scan Registry'
*'Scan My IE Favorites For Banned URL'S
*'Scan My Hosts File'
- Click Proceed
Now press "Next" to let Ad-aware scan your drives...
Allow the Ad-aware to fix what it finds.
Close Ad-aware and open Spybot.
- Click 'Search & Destroy'
- Click 'Check for Problems' (the program will now search your HDD)
- Make sure all finding are checked and click 'Fix Selected Problems'
Close SpyBot and Reboot!
Once complete post a fresh log in your thread. If anything remains, we'll use hijackthis to remove.
_________________
You want security? Turn off Javascript & Active X!!!
Last edited by QuietFusion on Mon Jun 07, 2004 9:31 pm, edited 1 time in total |
|
| Back to top |
|
|
LoPhatPhuud
Security Expert
Premium Member
Joined: Mar 09, 2002
Posts: 297
|
| Posted: Mon Jun 07, 2004 9:24 pm Post subject: |
|
|
| oops, Quiet Fusion got here first. Withdrawing post. |
|
| Back to top |
|
|
negster22
1st Responder
Premium Member
Joined: Mar 10, 2004
Posts: 519
Location: USA
|
| Posted: Mon Jun 07, 2004 10:07 pm Post subject: |
|
|
Hi Lost,
First go to this location and download lspfix. Keep it on hold in the event you lose your internet access.
http://www.cexx.org/lspfix.htm
Close all browser windows. Now check and let HiJack fix the following entries by hitting "FIX":
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search200.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search200.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search200.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 127.0.0.0 localhost
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O3 - Toolbar: mail clock - {35BE0372-370F-5A4B-7F87-B6447D97A74D} - C:\PROGRA~1\WMADUM~1\does nurb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [axis defy]
C:\PROGRA~1\DEBUGS~1\Media long htm.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
http://www.bundleware.com/activeX/DS3/DS3.cab
Inspect these folders and determine if these are applications you want or need.
C:\PROGRAM FILES\WMADUM~1\does -->mail clock toolbar
C:\PROGRAM FILES\DEBUGS~1\Media long
If you have determined these are not valid folders you can delete them using the following directions:
Make sure you can view hidden & system files -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Now reboot into SAFE MODE:
Directions to boot into SAFE MODE here:
http://service1.symantec.com/SUPPORT/ts...2409420406
Delete these folders:
C:\PROGRAM FILES\WMADUM~1\does -->mail clock toolbar
C:\PROGRAM FILES\DEBUGS~1\Media long
Reboot
Please run this Look2Me Utility to rule out an infection and post back the log it returns, along with a new HJT Log
http://download.broadbandmedic.com
Negster22 |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Tue Jun 08, 2004 3:34 am Post subject: |
|
|
next...
Last edited by Lost_and_confused on Tue Jun 08, 2004 4:09 am, edited 1 time in total |
|
| Back to top |
|
|
QuietFusion
1st Responder
Premium Member
Joined: Feb 27, 2004
Posts: 1176
Location: USA
|
| Posted: Tue Jun 08, 2004 3:49 am Post subject: |
|
|
Now download LSPFix
1.Unzip and run LSPFix.
2.Check 'I know what I'm doing'.
3.Select inetadpt.dll.
4.Click the right-pointing 'arrows' and move all instances of inetadpt.dll and nothing else to the Remove (RHS) side
5.Click the 'Finished' button. (if you exit with the X at top right nothing happens)
6. Delete inetadpt.dll
You've got to perform the above steps in order to remove this,
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
Ad-aware and Spybot will remove what I can't see in your log. Most of what I posted were changes to the settings in Ad-aware. They're detailed so you don't get lost. Both programs are free, if you really want to remove the crap off your system, then downloading both programs is a wise decision.
You can remove more from your log. Close all your browsers and place a check next to the following:
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\keyboard\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/DS3/DS3.cab
The following are not bad, you don't need these on start up
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Orbitt-2003\Insightbb\Insight\BBClient\Programs\RegCon.exe" /admincheck
now click fix.
Download VX2Finder from this link:
http://tools.zerosrealm.com/VX2Finder.exe
1.) Run Vx2Finder click on the *click to find VX2.BetterInternet* button.
2.) Then click *make log*.
3.) Post the log in this thread.
Also, post a fresh hijackthis log too.
_________________
You want security? Turn off Javascript & Active X!!! |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Tue Jun 08, 2004 4:11 am Post subject: |
|
|
Hijackthis:
--------------------
Logfile of HijackThis v1.97.7
Scan saved at 3:10:27 AM, on 6/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\keyboard\iTouch\iTouch.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Cecil Grant\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Orbitt-2003\Insightbb\Insight\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [Ad Blocker Pro] "C:\Program Files\3B Software\Ad Blocker Pro\Ad Blocker Pro.exe" -minimized
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\keyboard\iTouch\iTouch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci...insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg...cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
--------------------
VX2Finder:
--------------------
Log for VX2.BetterInternet File Finder
Files Found---
C:\WINDOWS\System32\6go4svc.dll
C:\WINDOWS\System32\6ro4svc.dll
C:\WINDOWS\System32\AbCTRES.DLL
C:\WINDOWS\System32\AeCTRES.DLL
C:\WINDOWS\System32\AfCTRES.DLL
C:\WINDOWS\System32\afd.dll
C:\WINDOWS\System32\AjLEDIT.DLL
C:\WINDOWS\System32\AoCTRES.DLL
C:\WINDOWS\System32\AoRSVC.DLL
C:\WINDOWS\System32\aqstream.dll
C:\WINDOWS\System32\AtAAMON.DLL
Guardian Key--- is called: GuardianPHUKE
Asynchronous 000
DllName C:\WINDOWS\system32\AoRSVC.DLL
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 124
ID {E1E671D6-C0FE-4F30-8523-E540D76B5E7E}
IDex DS3
User Agent String---
{E1E671D6-C0FE-4F30-8523-E540D76B5E7E}
-------------------- |
|
| Back to top |
|
|
QuietFusion
1st Responder
Premium Member
Joined: Feb 27, 2004
Posts: 1176
Location: USA
|
| Posted: Tue Jun 08, 2004 11:52 pm Post subject: |
|
|
Reboot but DON'T reconnect to the internet. Stay off the internet until the entire procedure is complete.
1.) Run Vx2Finder click on the *click to find VX2.BetterInternet* button.
2.) Open VX2Finder and click on the *click to find VX2.BetterInternet* button.
3.) Then select the *Delete these files* button.
4.) You will be left with notice about one to be deleted on reboot.
5.) Reboot
6.) Open VX2Finder again and click on these buttons in the right pane:
- user agent
- Guardian.reg
- restore policy
7.) Exit and reboot
Run the VX2 finder one last time and post a new log in your thread.[/b]
_________________
You want security? Turn off Javascript & Active X!!! |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Wed Jun 09, 2004 12:47 am Post subject: |
|
|
Done...
Why is it that every time I run SPYbot search and destroy there is:
DSO Exploit (5 entries)
Also, the darn popups are still coming up every little while. It seems like it's the same 2 or 3 most of the time. I havent had anything automatically download in a while though.
my 5 main popups:
1. http://66.33.0.35/spyblocs/adv/tdw1.html
2. http://69.20.62.53/yyy2.html
3. http://download.popularscreensavers.com...xdm185&w=r
4. http://65.61.157.153/AdServer/MemTurbo/Adm/ad.htm
5. http://www.pcsecurityshield.com/webApp/sp.asp
do they have any connection? |
|
| Back to top |
|
|
QuietFusion
1st Responder
Premium Member
Joined: Feb 27, 2004
Posts: 1176
Location: USA
|
| Posted: Wed Jun 09, 2004 1:18 am Post subject: |
|
|
There's a flaw in Spybot that won't delete them. The coder is working on it.
Here's a link with a manual fix.
http://forums.net-integration.net/index...opic=15308
Was your VX2 log clean?
_________________
You want security? Turn off Javascript & Active X!!! |
|
| Back to top |
|
|
Lost_and_confused
Trooper
Joined: Jun 07, 2004
Posts: 11
Location: USA
|
| Posted: Wed Jun 09, 2004 6:46 am Post subject: |
|
|
| when i deleted them, rebooted, and pressed the scan button again they all showed up again. Do i need to click each one and press delete or does the delete button do it all automatically? |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
