Tech Support Forum - View Single Post - Ad-ware

MicroBell · 06-01-2005, 07:39 PM

Ok..next pass...

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..

Make sure you run each of those tools above!

Download and install CleanUp http://cleanup.stevengould.org/

Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK..

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove anything related to MyBlueLight. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll
O3 - Toolbar: Browser Bar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\BlueLight Internet\toolbar.dll
O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\Program Files\BlueLight Internet\Toolbar.dll
O4 - HKLM\..\Run: [ptr] C:\WINNT\system32\ptr.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w

C:\Program Files\BLSearch <--delete that folder
C:\Program Files\BlueLight Internet <--delete that folder
C:\WINNT\system32\ptr.exe <--delete that file

Now run the cleanup utility and reboot/logoff when prompted.

Once back to normal windows....

Download ewido security suite from here… http://www.ewido.net/en/download/

Update it’s database from here.. http://www.ewido.net/en/download/updates/
Run a scan and let it clean the PC. Post a new hijackthis log when complete

06-01-2005, 07:39 PM	#6 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Ok..next pass... Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log….. Make sure you run each of those tools above! Download and install CleanUp http://cleanup.stevengould.org/ Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK.. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove anything related to MyBlueLight. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mybluelight.com/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mybluelight.com/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mybluelight.com/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.mybluelight.com/s/search?r=minisearch R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll O3 - Toolbar: Browser Bar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\BlueLight Internet\toolbar.dll O3 - Toolbar: MyBlueLight - {25EEFF3E-58EE-4811-95CC-78F922605006} - C:\Program Files\BlueLight Internet\Toolbar.dll O4 - HKLM\..\Run: [ptr] C:\WINNT\system32\ptr.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\BLSearch\blspc.exe" -w C:\Program Files\BLSearch <--delete that folder C:\Program Files\BlueLight Internet <--delete that folder C:\WINNT\system32\ptr.exe <--delete that file Now run the cleanup utility and reboot/logoff when prompted. Once back to normal windows.... Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Run a scan and let it clean the PC. Post a new hijackthis log when complete __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder