Tech Support Forum - View Single Post

tinag · 04-25-2005, 04:54 PM

Hi there --

We're making progress. I've found out why TDS-3 wouldn't run on your system (it's a conflict with your language setting), but let's not worry about that one for now, as we've got some things to work with here. We'll come back to it later if we need to.

It's unclear whether C:\WINDOWS\system32\conime.exe is a good file associated with your language settings, or a bad one indicative of a virus. Let's get some more information about it. Go into the C:\WINDOWS\system32 folder and right-click on conime.exe. Select Properties from the context menu that pops up, go to the Version tab, and get all the information you can from there (click on the individual Item Names under Other Version information so that you can see the details for each). Post that information here.

Download KillBox.
Download Spybot 1.3. Install the program and update the definitions file.

Reboot your system into Safe Mode: restart it and then repeatedly tap the F8 key until the menu appears, then select Safe Mode.

Open Spybot and run a scan. Fix all the entries indicated in red.

Run Killbox. Cut and paste this filename into it:

C:\WINDOWS\system32\in10b6.dll

Check the Delete on Reboot box and the Unregistered DLL box. Click the red X. When it asks you to confirm the file for deletion, click Yes; when it asks to reboot now, click YES. If you get a “Pending FileRename Operations Registry Data has been Removed by External Process!" message, then just restart manually. Here's the list of files to delete -- some of them may not exist:

Empty CounterSpy's quarantine list. I haven't worked with this application myself, but its user manual says to do the following: select View menu > Spyware Scan > Manage Spyware Quarantine, put checks next to the items in the list, and click Permanently remove spyware to delete them.

Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any):

R3 - Default URLSearchHook is missing

Please close all other windows, including browsers, then click Fix checked.

Reboot your system into normal mode.

Run Mwav again and post the results here as before.

So in your next post, we need
a fresh HijackThis log ,
a fresh Mwav log,
and the information about the conime.exe file.

04-25-2005, 04:54 PM	#14 (permalink)
tinag Join Date: Mar 2005 Location: VT (via NL and TO) Posts: 341 OS: WinXP SP2 Pro and Home	Hi there -- We're making progress. I've found out why TDS-3 wouldn't run on your system (it's a conflict with your language setting), but let's not worry about that one for now, as we've got some things to work with here. We'll come back to it later if we need to. It's unclear whether C:\WINDOWS\system32\conime.exe is a good file associated with your language settings, or a bad one indicative of a virus. Let's get some more information about it. Go into the C:\WINDOWS\system32 folder and right-click on conime.exe. Select Properties from the context menu that pops up, go to the Version tab, and get all the information you can from there (click on the individual Item Names under Other Version information so that you can see the details for each). Post that information here. Download KillBox. Download Spybot 1.3. Install the program and update the definitions file. Reboot your system into Safe Mode: restart it and then repeatedly tap the F8 key until the menu appears, then select Safe Mode. Open Spybot and run a scan. Fix all the entries indicated in red. Run Killbox. Cut and paste this filename into it: C:\WINDOWS\system32\in10b6.dll Check the Delete on Reboot box and the Unregistered DLL box. Click the red X. When it asks you to confirm the file for deletion, click Yes; when it asks to reboot now, click YES. If you get a “Pending FileRename Operations Registry Data has been Removed by External Process!" message, then just restart manually. Here's the list of files to delete -- some of them may not exist: Empty CounterSpy's quarantine list. I haven't worked with this application myself, but its user manual says to do the following: select View menu > Spyware Scan > Manage Spyware Quarantine, put checks next to the items in the list, and click Permanently remove spyware to delete them. Open Hijack This and click Scan. If they still exist -- and some might not -- check all of the following entries (make sure you do not miss any): R3 - Default URLSearchHook is missing *Please close all other windows, including browsers, then click Fix checked.* Reboot your system into normal mode. Run Mwav again and post the results here as before. So in your next post, we need a fresh HijackThis log , a fresh Mwav log, and the information about the conime.exe file. __________________ Have TSF volunteers helped you? Please consider helping TSF by subscribing or donating. Thanks!