Tech Support Forum - View Single Post

MicroBell · 07-10-2005, 01:06 AM

Yup. We got some cleaning to do...

Did you run all those programs I listed at the start? That should have cleared some of this out already.

Download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip

Download, install, and update Ewido Security Suite

Install ewido security suite
Launch ewido, there should be a big E icon on your desktop, double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update
Click on Start

The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido.

Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Delete the following folders in BOLD.

C:\WINDOWS\system32\FLEOK
C:\WINDOWS\bundles
C:\WINDOWS\bsx32
C:\WINDOWS\system32\vmss

**Note** Make sure you get that "Bundles" folder as it's were most of the spyware/adware files are located.

Now we need to kill some files...

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\system32\stlb2.xml
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\Documents and Settings\Joe Braucht\Application Data\Sskcwrd.dll
C:\Documents and Settings\Joe Braucht\Application Data\Sskknwrd.dll
C:\WINDOWS\system32\Cache\videoinst.exe
C:\WINDOWS\system32\idm32.dll
C:\WINDOWS\system32\mzsign32.dll
C:\WINDOWS\system32\rym.dll
C:\WINDOWS\system32\saieau.dat
C:\WINDOWS\system32\saie_gdf.dat
C:\WINDOWS\system32\saie_kyf.dat
C:\WINDOWS\system32\stlb2.xml
C:\WINDOWS\system32\winupdt.008
C:\WINDOWS\system32\winupdt.bin
C:\Documents and Settings\Joe Braucht\Local Settings\Temporary Internet Files\Ssk.log

If Killbox gives you a pending operation error or doesn't reboot..ignor it and reboot manually.

On the reboot...boot right back to safe mode. Once in safe mode...

Run Ewido:

Click [Scanner]
Click [Complete System Scan] to begin scanning.
Click [OK] when prompted to clean files
With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
Once finished, click the [Save report] button
Save the report to your desktop

Close Ewido

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
[X]Scan local drives for temporary files (Please uncheck this option)
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Once back to normal windows...

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Once your back to normal windows again...run another Panda scan and save it's log. Post all those logs in your next reply.

So I need....

Panda Scan log
Ewido Log
L2mfix log

07-10-2005, 01:06 AM	#4 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Yup. We got some cleaning to do... Did you run all those programs I listed at the start? That should have cleared some of this out already. Download and install CleanUp! but do not run it yet. NOTE Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. Download KillBox http://www.bleepingcomputer.com/file...re/KillBox.zip Download, install, and update Ewido Security Suite Install ewido security suite Launch ewido, there should be a big E icon on your desktop, double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Click on Start The update will start and a progress bar will show the updates being installed. After the updates are installed, exit Ewido. Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Delete the following folders in BOLD. C:\WINDOWS\system32\FLEOK C:\WINDOWS\bundles C:\WINDOWS\bsx32 C:\WINDOWS\system32\vmss Note Make sure you get that "Bundles" folder as it's were most of the spyware/adware files are located. Now we need to kill some files... Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. C:\WINDOWS\system32\stlb2.xml C:\Program Files\Windows Media Player\wmplayer.exe.tmp C:\Documents and Settings\Joe Braucht\Application Data\Sskcwrd.dll C:\Documents and Settings\Joe Braucht\Application Data\Sskknwrd.dll C:\WINDOWS\system32\Cache\videoinst.exe C:\WINDOWS\system32\idm32.dll C:\WINDOWS\system32\mzsign32.dll C:\WINDOWS\system32\rym.dll C:\WINDOWS\system32\saieau.dat C:\WINDOWS\system32\saie_gdf.dat C:\WINDOWS\system32\saie_kyf.dat C:\WINDOWS\system32\stlb2.xml C:\WINDOWS\system32\winupdt.008 C:\WINDOWS\system32\winupdt.bin C:\Documents and Settings\Joe Braucht\Local Settings\Temporary Internet Files\Ssk.log If Killbox gives you a pending operation error or doesn't reboot..ignor it and reboot manually. On the reboot...boot right back to safe mode. Once in safe mode... Run Ewido: Click [Scanner] Click [Complete System Scan] to begin scanning. Click [OK] when prompted to clean files With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK]. Once finished, click the [Save report] button Save the report to your desktop Close Ewido Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp!* button to start the program. Reboot/logoff when prompted. Once back to normal windows... Download L2mfix from one of these two locations: http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Once your back to normal windows again...run another Panda scan and save it's log. Post all those logs in your next reply. So I need.... Panda Scan log Ewido Log L2mfix log __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder