click on the link "Essential spyware removal steps and other hijackthis help forums" below and follow all the instructions (Step 1-5) and post the hijackthis log(In the virus forum) after reading (Instructions a/b/c) after downloading/running all the programs mentioned there alongwith the Online anti-virus scans (instructions on how to run the online virus scans http://forums.thatcomputerguy.us/index.php?showtopic=5122 ).Update all the programs ie spybot http://www.safer-networking.org/en/howto/update.html ,also update your windows xp .
before logging into safe mode to run it .Then repost your hijackthis log so the experts can help you remove the remaining nasty spyware .
When we're done cleaning off your system, i'd
recommend that you install all the
critical windows updates available from
Microsoft, upto
service pack 1. This will help to make your system more secure and prevent many '
problems' from reoccuring in the future.
Next, locate
CWShredder that you downloaded earlier and run it, then:
1. Click "
Check For Update"
(
If an update isn't available, skip to step #4.)
2. Click "
Click here to Download the upate".
3. When the new version has been downloaded, click "
Save".
4. Click "
Fix ->"
Download, unzip to your desktop
About:Buster and run it, then:
Locate
About:Buster that you downloaded earlier and run it, then:
1. Click "
Update".
2. Click "
Check For Update"
(
If no new version is available, skip to step #4.)
3. Click "
Download Update", and wait for it to be installed.
4. Click "
Start".
(
Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
(
Wait for the about:blank scan to complete.)
6. Click "
Ok", to scan once more.
7. Click "
Yes", to shutdown any IE sessions currently open.
8. Click "
Yes", to begin the second pass.
9. Click "
Save log", and post this log back along with your new log.
10. Click "
Exit".
11. Click "
Exit".
Reboot your computer normally.
Download
LSPFix and unzip to your desktop, then run it. Now, we need to:
1. check(tick) "
I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:
fltmgr.dll
3. then click "
>>", moving each one, individually, to the 'Remove' pane.
4.
(double-check, and make sure that only the above files are in the 'Remove'pane.) 5. click "
Finish >>"
Now, let's open a
command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u dcnd.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're '
in use', try deleting them from "
Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike.
Message Edited by Midnight Star on 02-24-2005 01:58 PM
Message Edited by Midnight Star on 02-24-2005 02:01 PM
jamez kann
860 Posts
0
February 24th, 2005 17:00
before logging into safe mode to run it .Then repost your hijackthis log so the experts can help you remove the remaining nasty spyware .
Midnight Star
4.8K Posts
0
February 24th, 2005 17:00
Hello! and welcome to the Dell forums.
-
Let's see what we can do...
-
When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many ' problems' from reoccuring in the future.
Go to www.trendmicro.com, and then:
1. Click " Free Online Scan".
2. Click " Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) " Auto Clean".
3. Click " Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Reboot your computer into " Safe Mode"
Next, locate CWShredder that you downloaded earlier and run it, then:
1. Click " Check For Update"
( If an update isn't available, skip to step #4.)
2. Click " Click here to Download the upate".
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Download, unzip to your desktop About:Buster and run it, then:
Locate About:Buster that you downloaded earlier and run it, then:
1. Click " Update".
2. Click " Check For Update"
( If no new version is available, skip to step #4.)
3. Click " Download Update", and wait for it to be installed.
4. Click " Start".
( Wait for the initial ADS scan to complete.)
5. Click "Yes", to shutdown any IE session currently open.
( Wait for the about:blank scan to complete.)
6. Click " Ok", to scan once more.
7. Click " Yes", to shutdown any IE sessions currently open.
8. Click " Yes", to begin the second pass.
9. Click " Save log", and post this log back along with your new log.
10. Click " Exit".
11. Click " Exit".
Reboot your computer normally.
Download LSPFix and unzip to your desktop, then run it. Now, we need to:
1. check(tick) " I know what i'm doing".
2. click on (highlight) each occurance of the following, one at a time:
fltmgr.dll
3. then click " >>", moving each one, individually, to the 'Remove' pane.
4. (double-check, and make sure that only the above files are in the 'Remove'pane.)
5. click " Finish >>"
Now, let's open a command prompt and unregister the dll(s) we're going to remove, by entering the following:
regsvr32 /u dcnd.dll
It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save on the typing.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\craig\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {19CFC766-6870-4EF2-AFC9-D746264306A1} - C:\WINDOWS\System32\dcnd.dll
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\craig\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [cmprops] C:\WINDOWS\System32\cmprops.exe
O4 - HKCU\..\Run: [Windows Update Client ] C:\WINDOWS\system32\wuclient.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\DOCUME~1\craig\LOCALS~1\Temp\se.dll
C:\WINDOWS\System32\dcnd.dll
C:\WINDOWS\System32\cmprops.exe
C:\WINDOWS\system32\wuclient.exe
c:\windows\system32\fltmgr.dll
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike.
Message Edited by Midnight Star on 02-24-2005 01:58 PM
Message Edited by Midnight Star on 02-24-2005 02:01 PM