Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy (including the zip copy) so it can't be used. ------------------------------------- Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.
All R0/R1 lines Except the one Home and one Search page you wish to keep. Plus:- O4 - HKLM\..\Run: [Internal] C:\WINDOWS\SCAN.EXE
The following activeX controls will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove.
Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-
C:\WINDOWS\SCAN.EXE
Then Reboot and post a fresh log for me to check.
The 08 lines provide extra options when you right click within programs etc. They can be malware connected, but I cannot find that the ones you have are.
In windows explorer, navigate to the windows folder, find that file and 'delete'. You may need to set the view (tools, folder options) so that you can see system and hidden files/folders.
The 08's are connected to the google toolbar that you have installed on that machine, I use it myself, and all they do is allow you to do searches etc, from a right click of selected text, yes you could remove those 08's but they don't add any overhead to the system over and above what the google toolbar is alreadty doing. If you don't want the google toolbar, then uninstall it using add/remove programs from control panel.
"In windows explorer, navigate to the windows folder, find that file and 'delete'. You may need to set the view (tools, folder options) so that you can see system and hidden files/folders"
sorry, chris. did exactly what you said to the tee, but i cant find C:/windows/scan.exe. should i just leave it then?
ChrisRLG
3.9K Posts
0
March 13th, 2004 18:00
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Please delete the old copy (including the zip copy) so it can't be used.
-------------------------------------
Check these in hijackthis, AND WITH ALL OTHER WINDOWS CLOSED, fix checked.
All R0/R1 lines Except the one Home and one Search page you wish to keep.
Plus:-
O4 - HKLM\..\Run: [Internal] C:\WINDOWS\SCAN.EXE
The following activeX controls will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove.
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-
C:\WINDOWS\SCAN.EXE
Then Reboot and post a fresh log for me to check.
The 08 lines provide extra options when you right click within programs etc. They can be malware connected, but I cannot find that the ones you have are.
ChrisRLG
3.9K Posts
0
March 13th, 2004 19:00
In windows explorer, navigate to the windows folder, find that file and 'delete'. You may need to set the view (tools, folder options) so that you can see system and hidden files/folders.
The 08's are connected to the google toolbar that you have installed on that machine, I use it myself, and all they do is allow you to do searches etc, from a right click of selected text, yes you could remove those 08's but they don't add any overhead to the system over and above what the google toolbar is alreadty doing. If you don't want the google toolbar, then uninstall it using add/remove programs from control panel.
Spunjer
174 Posts
0
March 13th, 2004 19:00
chris said
Then Reboot to safe mode (F8 on boot) and delete the following files/folders:-
C:\WINDOWS\SCAN.EXE
i made it to safe mode. so how do i delete this file? also, can he safely delete all the 08's pertaining to GOOGLETOOLBAR?
Message Edited by Spunjer on 03-13-2004 03:23 PM
Spunjer
174 Posts
0
March 14th, 2004 23:00
"In windows explorer, navigate to the windows folder, find that file and 'delete'. You may need to set the view (tools, folder options) so that you can see system and hidden files/folders"
sorry, chris. did exactly what you said to the tee, but i cant find C:/windows/scan.exe. should i just leave it then?
Message Edited by Spunjer on 03-14-2004 07:49 PM
ChrisRLG
3.9K Posts
0
March 15th, 2004 08:00
If it is not there you don't need to worry. Do check out my website below for safety hints etc.
Regards