Thread: help needed with Malware takeover
View Single Post
Old 08-14-2007, 06:13 AM   #12 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,348
OS: N/A


Re: help needed with Malware takeover
Spyhunter - These programs are rogueware and we highly recommend that you uninstall them. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

You can read up about SpyHunter from here >http://www.spywarewarrior.com/rogue_...re.htm#sh_note

Quote:
I need to find someone who (still) operates XP.
For the moment, download a temporary copy from here >http://www.dll-files.com/dllindex/dl...shtml?framedyn


After you have fixed framedyn.dll, open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Program Files\Norton AntiVirus\Quarantine\62AE6F6F.exe"
'C:\Program Files\Norton AntiVirus\Quarantine\77AB3D8E"
"C:\Program Files\Norton AntiVirus\Quarantine\77B078EB"
"C:\Program Files\Norton AntiVirus\Quarantine\7955211B"
"C:\Program Files\Norton AntiVirus\Quarantine\7D6772A1.exe"
"C:\Program Files\Norton AntiVirus\Quarantine\7D6A1C9D.exe"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"C:\Program Files\Trend Micro\HijackThis\backups"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
Last edited by sUBs; 08-14-2007 at 06:14 AM.
sUBs is offline