Jump to content


Photo

Please - Need help after all instructions/FAQ


  • Please log in to reply
5 replies to this topic

#1 ale_br_zu

ale_br_zu

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 17 July 2004 - 05:23 AM

Hi,

I followed all steps (including FAQ). I installed all 4 softwares (Spybot S&D, etc) plus Hijaac this.

Have found the following new BHO's:
{00000010-6F7D-442C-93E3-4A4827C2E4C8} C:\windows\nem219.dll
{089FD3F3-5086-46B5-996B-EE0BDDA8362A} C:\windows\bkigs.dll

And the following new entry:
[lpsygxymd] C:\windows\system32\zdablpu.exe

There are also some other entries in the HijackThis log that I cannot understand and I would need help. I am not sending it here, as per instructions/FAQ.

After cleaning and recleaning my computer, the only software that still detects the problem is the Spybot S&D. The problem it finds are:

VX2/f (1 Registry Key)
DSO Exploit (6 Registry Changes)

Thank you very much for all your help.

Cheers,

Ale

#2 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 17 July 2004 - 08:58 AM

Let's have a look at a HijackThis Log.

If you don't already have HijackThis, Download HijackThis from
http://www.spywarein.../HijackThis.exe and create a log.
Unzip HijackThis to a folder other than your Desktop or the Temp folder, and put in in a permanent folder (such as C:\Program Files\HijackThis\HijackThis.exe)
Run the program, and press Scan. You will notice the Scan button will turn into a "Save Log" button. Save the log and Post that log onto this topic.
DO NOT Delete or modify anything yet, as some of it is needed to keep your system in Good Shape.
Follow this link http://www.netstar.me.uk/hjt/hjt.html

I saw that your VX2 log is clean.
http://forums.spywar...t=0

#3 ale_br_zu

ale_br_zu

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 17 July 2004 - 10:54 AM

Tks Autodad!

All my softwares have been updated since Thursday. (Windows XP, Symantec Internet Security, Ad-aware, Spybot, SpySweeper, Aluria Spyware).

Today I have dowloaded Mozilla to avoid IE and downloaded SpywareBlaster.

I followed all instructions on Ad-aware from PGPhantom and the Spybot tutorial on Bleeping Computer.

Most recent situation I followed:

Step 1 - Started with Ad-aware. It found 7 objects (VX2, Roings, Roings, Possible Browser Hijack attempt, Possible Browser Hijack attempt, DyFuCa and BroadCastPC). All deleted. VX2 Cleaner Plug-in run and the message was: system is clean.

Step 2 - I ran Spybot. It found: Hit Box (4 entries - cookies from Mozilla), VX2/f (1 entry - Registry Key), DSO Exploit (5 entries - Registry Change), Teen Sex (1 entry - Registry value). 2 new and 2 that I could not yet remove. All "fixed" by Spybot.

Step 3 - I ran Spybot again and it found only the DSO Exploit (5 entries - Registry Change). Again all "fixed" by Spybot.

Step 4 - I reboot

Step 5 - When Spybot loaded, I denied the following entries to change:
Entry "lpsygxymd", in the category "System Startup global entry";
Entries "Start Page" and "Start Page", in the categories "Browser page" and "Browser Page"

Entries "{8E718888-423F-876E-00A0C9082467}" and "{EF99BD32-C1FB-11D2-892F-0090271D4F88", in the category Global browser toolbar, I tried to deny for more than 15 times each, when I finally clicked on ALLOW CHANGE for both.

Step 6 - I ran HijackThis and the log is attached below:

Logfile of HijackThis v1.98.0
Scan saved at 1:46:34 AM, on 18/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\User\My Documents\spy\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {089FD3F3-5086-46B5-996B-EE0BDDA8362A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [lpsygxymd] C:\WINDOWS\System32\zdablpu.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

Thank you very much for all your help.

Cheers,

Ale

PS: If it is the case, I have the option of keeping the "sick computer" out of the internet and use a pseudo health one (but with dial up) to download any patches. Then I transfer to the sick machine by infrared.

#4 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 17 July 2004 - 12:37 PM

Hi ale_br_zu,

Open Hijackthis, click Scan, then put a check next to the following entries:

O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: jimmyhelp.CBrowserHelper - {089FD3F3-5086-46B5-996B-EE0BDDA8362A} - (no file)

O4 - HKLM\..\Run: [lpsygxymd] C:\WINDOWS\System32\zdablpu.exe


Now, close all open Windows and browsers (have only HJT open) and click "Fix Checked".

Then, reboot to safe mode (tap F8 while restarting) and delete this file:

C:\WINDOWS\System32\zdablpu.exe

You may have to show hidden files:

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Then reboot normally and post a new log.

Also please take a look at this link regaurding the DSO Exploit bug in Spybot.
http://forums.net-in...showtopic=17159
And this link about the false positive for VX2/f
http://forums.net-in...showtopic=19521

Let us know how you made out.

#5 ale_br_zu

ale_br_zu

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 18 July 2004 - 09:48 AM

Thanks Autodad!

It seems that I am now free from all malware. I have tried what you told me plus a couple of other things.

Initially the 2 O2 (BHO) got unamed, but were not deleted on my first trial with Hijack This. So i needed to perform the same operation twice.

The O4 disappeared, but as I had SpyBot Resident for 'Tea Timer' and I accepted the change, when I logged in in SafeMode, the file zdablpu.exe was not in there anymore.

Also, due to the TeaTimer, the 2 registry keys that gave me headache yesterday, were still beng captured by Ad-Aware everytime. So I unchecked this TeaTimer option and manually erased the values on both registry entries.

My Log right now is below. If you could please have a look, I guess evrything is now safe.

Logfile of HijackThis v1.98.0
Scan saved at 12:28:52 AM, on 19/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\User\My Documents\spy\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: MA111 Configuration Utility.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

I undestood the false positive VX2/f and the bug on DSO. Since I keep my windows updated, it is just a matter of waiting for the next version of Spybot.

My doubts now are:

1 - Based on this log, am I free now?
2 - Are the 2 first R0's OK in the log?
3 - If I follow the instructions from the article regarding the use of IE, basically I still need to install IESPYAD, ENOUGH, BHBLASTER, JAVA (from SUN) and another one that I forgot (the site is off rght now). If I do all, should I be safe/clean at least to download the WIndows updates with IE?
4 - If I only work with FireFox from now on (I changed from Mozilla today), do I need to install the Java Sun to be more protected or is it just for IE?

Once more, thank you very much for taking your time to help me. You are really super!

With all these learnings from the last 5 days, I have already started to help friends and relatives with similar problems.

Cheers,

Ale

#6 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 18 July 2004 - 11:20 AM

Hi ale_br_zu,

You're welcome.

I would fix the 2 RO's in HJT:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Other than that, it looks good!

I would Download and install:

SpywareBlaster will block bad ActiveX and malevolent cookies.
IESPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Check for updates occaisionally.

Then follow the suggestions from Tony Klein here:
So how did I get infected in the first place?

If you interested in learning the correct way to help people with their logs, you might be interested in the Boot Camp here at SWI.

Stay safe. :wave:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button