Tech Support Forum - View Single Post

Ried · 10-15-2007, 07:10 AM

Hi,

Uniblue is a legit program. Someone there downloaded and installed it.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

1. Download ResetProtocolDefaults.reg and save it to your desktop.

2. Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop.

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Please disable the following active protection programs as they will interfere with the registry changes that need to take place.

Spybot TeaTimer

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

--------------------------------------------------------------------

Windows Defender

Open Windows Defender.
Click on Tools, Options.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

--------------------------------------------------------------------

TrojanHunter Guard

Disable TrojanHunter Guard by right clicking on the icon in your System Tray. Make sure that the program, TrojanHunter itself, is also closed/not running.

--------------------------------------------------------------------

Run a scan with HijackThis and 'check' the following entry:

O3 - Toolbar: (no name) - - (no file)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Right click on the DelO15Domains file you downloade earlier, and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.

Locate "ResetProtocolDefaults.reg" on your desktop. Right-click and select Merge (Ok the prompt)

--------------------------------------------------------------------

Reboot your system.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Please download FindAWF to your Desktop.

Double-click FindAWF.exe to start the tool.
Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here.

**Do not run any other option unless directed to do so.**

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
awf.txt
New HijackThis log

10-15-2007, 07:10 AM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,610 OS: WinXP and Vista	Re: three minute wait for IE to load Hi, Uniblue is a legit program. Someone there downloaded and installed it. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. ************************************************* 1. Download ResetProtocolDefaults.reg and save it to your desktop. 2. Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop. -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Please disable the following active protection programs as they will interfere with the registry changes that need to take place. Spybot TeaTimer Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. -------------------------------------------------------------------- Windows Defender Open Windows Defender. Click on Tools, Options. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. -------------------------------------------------------------------- TrojanHunter Guard Disable TrojanHunter Guard by right clicking on the icon in your System Tray. Make sure that the program, TrojanHunter itself, is also closed/not running. -------------------------------------------------------------------- Run a scan with HijackThis and 'check' the following entry: O3 - Toolbar: (no name) - - (no file) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Right click on the DelO15Domains file you downloade earlier, and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. Locate "ResetProtocolDefaults.reg" on your desktop. Right-click and select Merge (Ok the prompt) -------------------------------------------------------------------- Reboot your system. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan** Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Please download FindAWF to your Desktop. Double-click FindAWF.exe to start the tool. Select option #1 - Scan for bak folders by typing 1 and press 'Enter' When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here. Do not run any other option unless directed to do so. -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: Panda results awf.txt New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."