Tech Support Forum - View Single Post

Scorpex · 06-01-2005, 11:50 AM

amd802,

yes,that Avast O23 entry is OK

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears).

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time).

C:\WINDOWS\System32\winnook.exe

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\System32\LogFiles\A5281300.so
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\System32\LogFiles

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode

Run an online scan at http://www.pandasoftware.com/activescan/ and save the results from the scan! Include this log in your next post.

Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.

4SG

06-01-2005, 11:50 AM	#4 (permalink)
Scorpex Analyst, Security Team Join Date: Mar 2005 Location: NY Posts: 350 OS: XP Pro/Home SP2	amd802, yes,that Avast O23 entry is OK Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears). Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time). C:\WINDOWS\System32\winnook.exe Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\System32\LogFiles\A5281300.so O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: *Please remember to close all other windows, including browsers then click Fix checked.* Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\System32\winnook.exe C:\WINDOWS\System32\LogFiles Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Reboot into Normal Mode Run an online scan at http://www.pandasoftware.com/activescan/ and save the results from the scan! Include this log in your next post. Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply. 4SG