Tech Support Forum - View Single Post

sUBs · 07-07-2005, 03:42 PM

I notice that you have two anti-virus programs on your machine. That's not a good idea!!

Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.

Please download these additional files/programs :- (Do not run them unless instructed to do so)
Unplug your computer from the Internet when you have finished downloading
1. ETRemover_v130.zip - Unzip to a new folder on Desktop.
  - From that folder, click on ETRemover_v130.exe
  - Click About >> check for updates
  - After it has updated itself, close that program.
2. fixssk.reg - Right click on this & choose "Save As...". Save it to your Desktop & name it as "fixssk.reg"
  Double click on fixssk.reg & click on Yes when asked to merge into the registry.
3. I have attached a file - regdlara.txt - to this post. Save it to Desktop & rename it as "regdlara.reg".
Using KillBox
1. Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.
  - C:\WINDOWS\system32\ide21201.vxd
    C:\WINDOWS\system\QBUninstaller.exe
    C:\WINDOWS\system32\bose.ico
    C:\WINDOWS\system32\kill all spywareadsfadsf123.ico
2. Start KillBox.
  1. Go to the [File] menu, and choose [Paste from Clipboard].
    Verify that you've done this properly by clicking the dropdown-arrow next to the [Full Path of File to Delete] field. The filenames you pasted will be found in there.
  2. Select/tick the following:
    - "Delete on Reboot"
    - "End Explorer Shell While Killing File"
    - "Unregister.dll Before Deleting" if it's not grayed out.
  3. Click the RED X button.
  4. Click [Yes] at the 'Delete on Reboot' prompt. Click [Yes] at the Pending Operations prompt.
Reboot to SafeMode
Run ETRemover_v130.exe, then click the [Kill Elite Toolbar] button and wait until it finishes its work.

* Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!
Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :
- CxtPls
  Elite ToolBar
  180 Search Assistant
Locate and delete the following folder(s), if present:
- C:\Program Files\180searchassistant
  C:\WINDOWS\EliteToolBar
  C:\Program Files\Aprps
  C:\Documents and Settings\All Users\Application Data\AdDestroyer
  C:\WINDOWS\system32\nsvsvc
  C:\Program Files\Cas\Client\
Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\hhnjnk.exe reg_run
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} -
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
Run KillBox
1. Click [Replace on Reboot] and check the [Use Dummy] box.
2. Paste the following into the top [Full Path of File to Delete] box.
  - C:\WINDOWS\system32\hhnjnk.exe
3. Click the red-and-white [Delete File].
4. Click Yes at the Replace on Reboot prompt.
5. Click No at the Pending Operations prompt.
6. Repeat steps 2-5 above for these files:
  - C:\WINDOWS\system32\__delete_on_reboot__nnopoek.dll
    C:\WINDOWS\system32\ddrnrca.exe
    C:\WINDOWS\system32\iiqwq.dll
    C:\WINDOWS\system32\wwbab.dat
7. Click [Replace on Reboot] and check the [Use Dummy] box.
8. Paste the following file into the top [Full Path of File to Delete] box.
  - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rrpk.exe
9. Click the red-and-white [Delete File] button.
10. Click "Yes" at the Replace on Reboot prompt.
11. Click "Yes" at the Pending Operations prompt to restart your computer. You do not need to reboot into Safe Mode this time.
When your computer reboots, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
1. Click [Options...]
2. Move the arrow down to [Custom CleanUp!]
3. Put a check next to the following:
  - Empty Recycle Bins
  - Delete Cookies
  - Delete Prefetch files
  - [X]Scan local drives for temporary files (Please uncheck this option)
  - Cleanup! All Users
4. Click [OK]
5. Press the [CleanUp!] button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders
Run another Panda scan and post the new log here.

In your next post, please include fresh copies of:
1. HiJackThis log
2. Panda's log

07-07-2005, 03:42 PM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,335 OS: N/A	I notice that you have two anti-virus programs on your machine. That's not a good idea!! Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them. Please download these additional files/programs :- (Do not run them unless instructed to do so) Unplug your computer from the Internet when you have finished downloading ETRemover_v130.zip - Unzip to a new folder on Desktop. From that folder, click on ETRemover_v130.exe Click About >> check for updates After it has updated itself, close that program. fixssk.reg - Right click on this & choose "Save As...". Save it to your Desktop & name it as "fixssk.reg" Double click on fixssk.reg & click on Yes when asked to merge into the registry. I have attached a file - regdlara.txt - to this post. Save it to Desktop & rename it as "regdlara.reg". Using KillBox Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard. C:\WINDOWS\system32\ide21201.vxd C:\WINDOWS\system\QBUninstaller.exe C:\WINDOWS\system32\bose.ico C:\WINDOWS\system32\kill all spywareadsfadsf123.ico Start KillBox. Go to the [File] menu, and choose [Paste from Clipboard]. Verify that you've done this properly by clicking the dropdown-arrow next to the [Full Path of File to Delete] field. The filenames you pasted will be found in there. Select/tick the following: "Delete on Reboot" "End Explorer Shell While Killing File" "Unregister.dll Before Deleting" if it's not grayed out. Click the RED X button. Click [Yes] at the 'Delete on Reboot' prompt. Click [Yes] at the Pending Operations prompt. Reboot to SafeMode Run ETRemover_v130.exe, then click the [Kill Elite Toolbar] button and wait until it finishes its work. * Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware! Uninstall the following programs, if present, using Control Panel > Add/Remove Programs : CxtPls Elite ToolBar 180 Search Assistant Locate and delete the following folder(s), if present: C:\Program Files\180searchassistant C:\WINDOWS\EliteToolBar C:\Program Files\Aprps C:\Documents and Settings\All Users\Application Data\AdDestroyer C:\WINDOWS\system32\nsvsvc C:\Program Files\Cas\Client\ Run a scan with HiJackThis & select(tick) the following & click [Fix checked] : O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\hhnjnk.exe reg_run O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - Run KillBox Click [Replace on Reboot] and check the [Use Dummy] box. Paste the following into the top [Full Path of File to Delete] box. C:\WINDOWS\system32\hhnjnk.exe Click the red-and-white [Delete File]. Click Yes at the Replace on Reboot prompt. Click No at the Pending Operations prompt. Repeat steps 2-5 above for these files: C:\WINDOWS\system32\__delete_on_reboot__nnopoek.dll C:\WINDOWS\system32\ddrnrca.exe C:\WINDOWS\system32\iiqwq.dll C:\WINDOWS\system32\wwbab.dat Click [Replace on Reboot] and check the [Use Dummy] box. Paste the following file into the top [Full Path of File to Delete] box. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rrpk.exe Click the red-and-white [Delete File] button. Click "Yes" at the Replace on Reboot prompt. Click "Yes" at the Pending Operations prompt to restart your computer. You do not need to reboot into Safe Mode this time. When your computer reboots, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click [Options...] Move the arrow down to [Custom CleanUp!] Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click [OK] Press the [CleanUp!] button to start the program. Reboot/logoff when prompted. * CleanUp! will delete all the files in your temp folders Run another Panda scan and post the new log here. In your next post, please include fresh copies of: 1. HiJackThis log 2. Panda's log __________________ Question - what have you done for the community today? Last edited by sUBs; 07-07-2005 at 03:43 PM.