Tech Support Forum - View Single Post - [SOLVED] Malware infection

Ried · 10-17-2007, 07:21 PM

Hi acareus,

Download Blockrem from HERE Unzip it to its own folder on your desktop.

-----------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Ebates_MoeMoneyMaker
SearchRelevant
Windows AdControl

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Folders

C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\SearchRelevant
c:\program files\Windows AdControl

--------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK.

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6CB-189F-421A-88CD-07CFE51CFF10}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.

Once it is running please follow the onscreen instructions.

--------------------------------------------------------------------

Reboot your system into Normal Mode and run another online scan at Panda.

Please post the Panda results and a new HijackThis log.

10-17-2007, 07:21 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,555 OS: WinXP and Vista	Re: Malware infection - HijackThis Log Help Hi acareus, Download Blockrem from HERE Unzip it to its own folder on your desktop. ----------------------------------------------------------------- Please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Ebates_MoeMoneyMaker SearchRelevant Windows AdControl -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Folders C:\Program Files\Ebates_MoeMoneyMaker C:\Program Files\SearchRelevant c:\program files\Windows AdControl -------------------------------------------------------------------- Go to Start->Run and type in regedit and hit OK. Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4) Code: REGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6CB-189F-421A-88CD-07CFE51CFF10}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91433D86-9F27-402C-B5E3-DEBDD122C339}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}] Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" It should look like this: Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it. Once it is running please follow the onscreen instructions. -------------------------------------------------------------------- Reboot your system into Normal Mode and run another online scan at Panda. Please post the Panda results and a new HijackThis log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."