Tech Support Forum - View Single Post

tetonbob · 01-25-2008, 04:44 PM

Looking much better.

Of the items found by Kaspersky, many are in System Resore points, which we'll address later.

A couple are in Windows One Care Quarantine. Since I've never used it, I can't advise on how exactly to finally remove the items from quarantine, but there should be a way to access that feature from within the application.

Something like:

Click Change OneCare Settings in the Main OneCare user interface
Click on the Viruses & Spyware Tab
And then click on the Quarantine button

There should be some sort of option to finally remove items from quarantine. If you can't find it, don't worry, as items in quarantine have been rendered harmless, I'm just being tidy.

Other items are in Spybot's quarantine:

When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files.

1. Open Spybot.
If you have a shortcut on your desktop, double click it.
or
Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy.
2. On the left side, click "Recovery".
3. Select (place a check) beside ALL the backup files that contain quarantined items.
4. Click on the Purge Selected Items button.
5. A dialog will appear, stating that the backup will be removed. Click Yes.
6. When the Recovery window is empty, Exit Spybot.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

My Way Search Assistant

See here:

http://www.bleepingcomputer.com/unin...Assistant.html

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete this folder if it exists:

C:\Program Files\MyWaySA

Let me know how the machine is behaving, and if you had any troubles with the last steps.

01-25-2008, 04:44 PM	#22 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,618 OS: 2000 Pro; XP Pro; XP Home	Re: Pop ups and slow computer Looking much better. Of the items found by Kaspersky, many are in System Resore points, which we'll address later. A couple are in Windows One Care Quarantine. Since I've never used it, I can't advise on how exactly to finally remove the items from quarantine, but there should be a way to access that feature from within the application. Something like: Click Change OneCare Settings in the Main OneCare user interface Click on the Viruses & Spyware Tab And then click on the Quarantine button There should be some sort of option to finally remove items from quarantine. If you can't find it, don't worry, as items in quarantine have been rendered harmless, I'm just being tidy. Other items are in Spybot's quarantine: When files found by other scanners are in the Recovery directory inside the Spybot-S&D directory, it is only a backup. It is no longer of any harm there, as the file won't be loaded from there. But once you are sure you don't need the backup, go to the Recovery section inside Spybot-S&D and purge the files. 1. Open Spybot. If you have a shortcut on your desktop, double click it. or Click Start, then All Programs, then Spybot - Search & Destroy and then Spybot - Search & Destroy. 2. On the left side, click "Recovery". 3. Select (place a check) beside ALL the backup files that contain quarantined items. 4. Click on the Purge Selected Items button. 5. A dialog will appear, stating that the backup will be removed. Click Yes. 6. When the Recovery window is empty, Exit Spybot. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: My Way Search Assistant See here: http://www.bleepingcomputer.com/unin...Assistant.html --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll Close HijackThis now. --------------------------------------------------------------------------------------------- Delete this folder if it exists: C:\Program Files\MyWaySA Let me know how the machine is behaving, and if you had any troubles with the last steps. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009