Tech Support Forum - View Single Post - Urllogic and Loadingwebsite popups (and others), plus IGetNet. Please help!

greyknight17 · 03-05-2005, 10:33 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and delete Narrator

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components and delete ba3cd172-2c36-4a94-a8ed-b4895bcd88e5

Close the Registry Editor now.

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\system32\wivwkk.exe
C:\WINDOWS\system32\HZLHQQ.EXE
C:\WINDOWS\system32\eoieaa.dll
C:\WINDOWS\system32\cylcpp.dll
C:\WINDOWS\system32\pawpvv.dat
C:\WINDOWS\System32\vmss\
C:\WINDOWS\system32\hzlhqq.exe
C:\WINDOWS\system32\Spanish Rose.scr <- is this your screensaver? If not, delete it also.
C:\WINDOWS\system32\Wild Irish Rose.scr <- is this your screensaver? If not, delete it also.
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\hukhnn.exe <<--Make sure that this filename does not have a space in it when you put it into KillBox. If it has a space, delete it so it looks like hukhnn.exe instead of huk hnn.exe

If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder.

Run the CleanUp program now and choose Yes when it asks if you want to log off.

Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here.

03-05-2005, 10:33 PM	#10 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run and delete Narrator HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components and delete ba3cd172-2c36-4a94-a8ed-b4895bcd88e5 Close the Registry Editor now. Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): C:\WINDOWS\system32\wivwkk.exe C:\WINDOWS\system32\HZLHQQ.EXE C:\WINDOWS\system32\eoieaa.dll C:\WINDOWS\system32\cylcpp.dll C:\WINDOWS\system32\pawpvv.dat C:\WINDOWS\System32\vmss\ C:\WINDOWS\system32\hzlhqq.exe C:\WINDOWS\system32\Spanish Rose.scr <- is this your screensaver? If not, delete it also. C:\WINDOWS\system32\Wild Irish Rose.scr <- is this your screensaver? If not, delete it also. C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\hukhnn.exe <<--Make sure that this filename does not have a space in it when you put it into KillBox. If it has a space, delete it so it looks like hukhnn.exe instead of huk hnn.exe If you have Windows XP, go to C:\Windows\Prefetch and delete everything inside that Prefetch folder. Run the CleanUp program now and choose Yes when it asks if you want to log off. Restart and run these programs/scripts again - HijackThis (both the scan log and the StartupList), Silent Runners, Find-qoologic, DllCompare and Find-It. Post those new logs here. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools