Tech Support Forum - View Single Post

MicroBell · 07-09-2005, 03:54 PM

Ok Mel. Here we go.....

You may want to print these instructions out so you can follow along.

Open My Computer>>View>>FolderOptions>>View Tab>>Advance Advanced settings box, under the "Hidden files" folder, select Show all files>>Apply>>OK

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(es) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

VIEWPOINT
E2Give

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\DMLADM.EXE

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe
O4 - HKCU\..\RunServices: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe
O4 - HKCU\..\RunOnce: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe
O4 - HKCU\..\RunServicesOnce: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe

C:\Program Files\Viewpoint <--delete that folder.
C:\Program Files\E2G <--delete that folder.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\SYSTEM\DMLADM.exe
C:\WINDOWS\Buddy.exe
C:\WINDOWS\newdevin.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\SYSTEM\in10b6s.dll
C:\WINDOWS\SYSTEM\dosxpd.exe
C:\WINDOWS\SYSTEM\SWin32.dll
C:\WINDOWS\SYSTEM\sprmove.exe
C:\WINDOWS\SYSTEM\istinstall_adlogix.exe
C:\WINDOWS\SYSTEM\fixmapirs.exe
C:\WINDOWS\SYSTEM\cekqmu.exe
C:\WINDOWS\SYSTEM\diantzpt.exe
C:\WINDOWS\SYSTEM\dwcrnt.exe

Once you reboot....

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows..post another hijackthis log and the log from the following scan...

Run an online scan from http://www.pandasoftware.com/actives..._principal.htm

Select the "Autofix/Clean" option. Save the activescan log it creates and post it here.

07-09-2005, 03:54 PM	#7 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Ok Mel. Here we go..... You may want to print these instructions out so you can follow along. Open My Computer>>View>>FolderOptions>>View Tab>>Advance Advanced settings box, under the "Hidden files" folder, select Show all files>>Apply>>OK Please go to at least two of these sites and run an online Virus Scan. Be sure to have the AutoFix box(es) checked. http://housecall.trendmicro.com/ http://www3.ca.com/virusinfo/virusscan.aspx http://www.pandasoftware.com/actives..._principal.htm http://www.bitdefender.com/scan/license.php http://us.mcafee.com/root/mfs/default.asp http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/virusinfo/virusscan.aspx Download and install CleanUp! but do not run it yet. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed. VIEWPOINT E2Give Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure) C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE C:\WINDOWS\SYSTEM\DMLADM.EXE Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe O4 - HKCU\..\RunServices: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe O4 - HKCU\..\RunOnce: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe O4 - HKCU\..\RunServicesOnce: [DMLADM] C:\WINDOWS\SYSTEM\DMLADM.exe C:\Program Files\Viewpoint <--delete that folder. C:\Program Files\E2G <--delete that folder. Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. C:\WINDOWS\SYSTEM\DMLADM.exe C:\WINDOWS\Buddy.exe C:\WINDOWS\newdevin.exe C:\WINDOWS\ru.exe C:\WINDOWS\SYSTEM\in10b6s.dll C:\WINDOWS\SYSTEM\dosxpd.exe C:\WINDOWS\SYSTEM\SWin32.dll C:\WINDOWS\SYSTEM\sprmove.exe C:\WINDOWS\SYSTEM\istinstall_adlogix.exe C:\WINDOWS\SYSTEM\fixmapirs.exe C:\WINDOWS\SYSTEM\cekqmu.exe C:\WINDOWS\SYSTEM\diantzpt.exe C:\WINDOWS\SYSTEM\dwcrnt.exe Once you reboot.... Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp!* button to start the program. Reboot/logoff when prompted. Once back to normal windows..post another hijackthis log and the log from the following scan... Run an online scan from http://www.pandasoftware.com/actives..._principal.htm Select the "Autofix/Clean" option. Save the activescan log it creates and post it here. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder