Tech Support Forum - View Single Post

**Angelfire777** · 06-14-2008, 11:36 PM

Hi,

That's odd.. everything that kaspersky detected was gone..

MBAM wasn't configured to delete all it detected..We'll use otmoveit2 to delete it instead so you won't need another 19 mins to run the scan again.

Uninstall the mirc application again please and let me know how it goes.

Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

[kill explorer] HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} HKEY_CURRENT_USER\Software\xjado HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss HKEY_CLASSES_ROOT\WUSN.1 C:\Program Files\STC C:\winserv.exe C:\WINDOWS\system32\osrouter.dll emptytemp [start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

*Re-run kaspersky online scanner.

*Download Gmer

Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click "Rootkit" tab and click "Scan"
Once done, click "Copy"
Open Notepad and hit "ctrl+v" to paste the log.
Reconnect to the internet and post the log back to this thread please.

On your next reply, please include a

Fresh DSS log
kaspersky scan log
gmer log
otmoveit2 log

06-14-2008, 11:36 PM	#22 (permalink)
Angelfire777 Moderator/Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Oct 2006 Posts: 2,853 OS: XP	Re: Uninstalling Malware and IE Hijacking Hi, That's odd.. everything that kaspersky detected was gone.. MBAM wasn't configured to delete all it detected..We'll use otmoveit2 to delete it instead so you won't need another 19 mins to run the scan again. Uninstall the mirc application again please and let me know how it goes. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Code: [kill explorer] HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} HKEY_CURRENT_USER\Software\xjado HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss HKEY_CLASSES_ROOT\WUSN.1 C:\Program Files\STC C:\winserv.exe C:\WINDOWS\system32\osrouter.dll emptytemp [start explorer] Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Re-run kaspersky online scanner. Download Gmer Disconnect from internet and close running programs. There is a small chance this application may crash your computer so save any work you have open. Double click gmer.exe Let the gmer.sys driver load if asked. If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok. If no warning.... Click "Rootkit" tab and click "Scan" Once done, click "Copy" Open Notepad and hit "ctrl+v" to paste the log. Reconnect to the internet and post the log back to this thread please. On your next reply, please include a Fresh DSS log kaspersky scan log gmer log otmoveit2 log __________________ Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it.