Tech Support Forum - View Single Post

**LonnyRJones** · 12-03-2007, 03:12 AM

Good job so far

Delete FixWareout SmitfraudFix and there folders, c:\fixwareout
c:\program files\smithfraudfix

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt

Code:

file::
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D030D021-9183-4732-833A-AFBC9D51CD98}]
[-HKEY_CLASSES_ROOT\clsid\{9c2d86aa-4067-4270-8d51-e6dc5e805d62}]
[-HKEY_CLASSES_ROOT\hdtip.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{13F3C16A-B40A-4E77-AAA3-EA79ABB50FE6}]
[-HKEY_CLASSES_ROOT\hdtip.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9C2D86AA-4067-4270-8D51-E6DC5E805D62}"=-

http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.

12-03-2007, 03:12 AM	#2 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,648 OS: xp	Re: Malaware~Browser HiJack Good job so far Delete FixWareout SmitfraudFix and there folders, c:\fixwareout c:\program files\smithfraudfix Think Prevention: Put in place a good hosts file http://www.mvps.org/winhelp2002/hosts.htm How To Download and Extract the HOSTS file: http://www.mvps.org/winhelp2002/hosts2.htm Repeat that proccess about once or twice a month Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents of the code box below into a new text file. (dont include the word code) Save it as file name: cfscript.txt Code: file:: C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D030D021-9183-4732-833A-AFBC9D51CD98}] [-HKEY_CLASSES_ROOT\clsid\{9c2d86aa-4067-4270-8d51-e6dc5e805d62}] [-HKEY_CLASSES_ROOT\hdtip.ToolBar.1] [-HKEY_CLASSES_ROOT\TypeLib\{13F3C16A-B40A-4E77-AAA3-EA79ABB50FE6}] [-HKEY_CLASSES_ROOT\hdtip.ToolBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9C2D86AA-4067-4270-8D51-E6DC5E805D62}"=- http://users.pandora.be/bluepatchy/m...s/CFScript.gif As in the picture above drag and drop cfscript.txt onto combofix.exe when it is finished a text will open, post it. __________________ Our help is voluntary. But this site needs donations to operate.