Thank you for your patience.
Please print out or copy this page to
Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.
Select all the items in the '
quote' box below by highlighting them. Copy them to clipboard by pressing [
Ctrl] + [C] on your keyboard. Go to
Start > Run and type
notepad.exe. Click OK. Paste the contents of clipboard unto notepad by pressing
[ctrl] + [v] on your keyboard. Name this file as
Nailer.cmd & save this file on desktop. We shall use it afterwards.
Quote:
@ECHO OFF
cd %windir%
sc stop SvcProc
sc config SvcProc start= disabled
sc delete SvcProc
attrib -s -r -h svcproc.exe
del /a /f svcproc.exe
echo REGEDIT4 > nailer.reg
echo. >> nailer.reg
echo [-HKEY_CURRENT_USER\Software\aurora] >> nailer.reg
regedit /s nailer.reg
del nailer.reg
exit
|
Download
KillBox v2.0.0.175 . We shall need it later.
Download
Ccleaner and click on the '
Issues' tab to clean the orphaned registry entries
++++++++++++++++++++++++++++++++++++
--- Reboot your system into Safe Mode ---
++++++++++++++++++++++++++++++++++++
- Shut Windows down, and then turn off the computer.
- Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
- As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears.
- Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.
Run
Nailer.cmd by double clicking it. This should delete the O23 entry but it never hurts to check.
Go to
Start->Run and type in
services.msc and hit OK. Then look for
System Startup Service (SvcProc) and double click on it. Click on the
Stop button and under Startup type, choose
Disabled.. Click Apply, then OK, then close any open windows.
Run
KillBox. Select "
Delete on Reboot". Select all the items in the 'quote' box below by highlighting them. Copy them to clipboard by pressing
[Ctrl] + [C] on your keyboard. Go to the File menu, and choose
"Paste from Clipboard".
Quote:
C:\Documents and Settings\Administrator\Desktop\swksetup.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\ehtxyrg.exe
"C:\Program Files\Norton AntiVirus\Norton_Antivirus_2004_All_Versions_patch .zip.exe"
|
Click the red-and-white "
Delete File" button. Click "
Yes" at the Delete on Reboot prompt. Click "
No" at the Pending Operations prompt.
Go to
Start->Run and type in
regedit and hit OK. Go to
File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to the following and delete the Folder in
RED(fix whatever applies, if it's not there just skip it):
HKEY_CURRENT_USER\Software\
aurora
The scans has detected the presence of malware in
SpySubtract's backup folder. These can be deleted by accessing
SpySubtract's Main Menu. Click on the
Restore button. From there, you will be presented with a list of backups that were made, along with their date, time and size.
- Select Clean Session - 1100230386.ssb & Clean Session - 1100888820.ssb
- Press the "Delete" button
- The backup set will be removed
Run CleanUp! now. Click Yes when it asks you if you want to logoff.
Scans also detected malware in
Norton's Recycle Bin. Simply right click on it & select "
empty Norton Protected Recycle Bin" to delete them.
Reboot Windows back into Normal Mode.
In your next reply, please include fresh copies of :- HijackThis log
- Findit's log