Tech Support Forum - View Single Post

Ried · 12-15-2007, 08:47 PM

Hi,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Close any open browsers.

--------------------------------------------------------------------

Disable Spybot TeaTimer as it may interfere with the fix below:

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) (if they exist)

MediaPipe
SpyBouncer

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

F2 - REG:system.ini: UserInit=userinit.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {11111111-1111-1111-1111-511111113457} -

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folder

C:\Program Files\DownloadManager\api.exe
C:\Program Files\DownloadManager\insdl.dll
C:\Program Files\DownloadManager\p2pinst.exe
C:\Program Files\DownloadManager\p2pl.exe
C:\Program Files\MediaPipe
C:\WINDOWS\Downloaded Installations\{8A09E0EA-95FA-42A9-94E6-4D716142C380}

--------------------------------------------------------------------

Reboot your sytem.

--------------------------------------------------------------------

Run another online scan at Panda and post the results here along with a new HijackThis log.

Also, how is the system behaving now?

12-15-2007, 08:47 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,551 OS: WinXP and Vista	Re: vrus and trojan help Hi, Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. ************************************************* Close any open browsers. -------------------------------------------------------------------- Disable Spybot TeaTimer as it may interfere with the fix below: Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. -------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) (if they exist) MediaPipe SpyBouncer -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: F2 - REG:system.ini: UserInit=userinit.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - O16 - DPF: {11111111-1111-1111-1111-511111113457} - Click 'Fix Checked'** and close HijackThis. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Files and Folder C:\Program Files\DownloadManager\api.exe C:\Program Files\DownloadManager\insdl.dll C:\Program Files\DownloadManager\p2pinst.exe C:\Program Files\DownloadManager\p2pl.exe C:\Program Files\MediaPipe C:\WINDOWS\Downloaded Installations\{8A09E0EA-95FA-42A9-94E6-4D716142C380} -------------------------------------------------------------------- Reboot your sytem. -------------------------------------------------------------------- Run another online scan at Panda and post the results here along with a new HijackThis log. Also, how is the system behaving now? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 12-15-2007 at 09:03 PM.