Tech Support Forum - View Single Post - looots of adware/spyware keep coming all due to a bad windows media player link

sUBs · 07-16-2005, 10:33 AM

Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.

C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NNND.EXE
C:\WINDOWS\CERES.DLL
C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
C:\WINDOWS\SYSTEM\DATADX.DLL
c:\windows\system\dlylygu.exe
C:\WINDOWS\jjjanl.exe

Start KillBox.
Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox
Click the dropdown-arrow next to the "Full Path of File to Delete" field.
Verify that the filenames you pasted are found in there.
Select/tick the following:
* Replace on Reboot
* Use Dummy
* End Explorer Shell While Killing File
* "Unregister.dll Before Deleting" * if it's not grayed out
Click the RED X button.
Click "Yes" at the 'Delete on Reboot' prompt.
Click "Yes" at the 'Pending Operations' prompt.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

= = = = = = = = = = =

Reboot to Safe-Mode
Restart the computer. The computer begins processing a set of instructions known as BIOS.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
Continue to do so until the 'Windows Advanced Options' menu appears.
Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = =

Uninstall the following programs using Add/Remove Programs panel : * Some entries may not be present

Media Access
MySearch Toolbar

= = = = = = = = = = =

Run a HiJackThis scan. Select the following entries & click Fix checked :

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [dlylygu] c:\windows\system\dlylygu.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\jjjanl.exe reg_run
O4 - Startup: nnnd.exe

= = = = = = = = = = =

Locate and delete the following folder(s), if present:

c:\WINDOWS\All Users\Application Data\nsv\
c:\WINDOWS\cfgmgr52\
c:\Program Files\Media Access\
c:\Program Files\Toolbar\
c:\Program Files\MySearch\
c:\Program Files\Aprps\
C:\WINDOWS\SYSTEM\nsvsvc\
C:\WINDOWS\SYSTEM\VIDCTRL\

= = = = = = = = = = =

Run Cleanup! & configure the program up as follows:

Click Options...
Move the arrow down to Custom CleanUp!
Put a check next to the following:
- Empty Recycle Bins
- Delete Cookies
- Delete Prefetch files
- [X]Scan local drives for temporary files (Please uncheck this option)
- Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

* CleanUp! will delete all the files in your temp folders without making a backup

= = = = = = = = = = =

Reboot to Normal-Mode.

Do an online scan at Panda

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

= = = = = = = = = = =

In your next post, please include fresh copies of:

1. HiJackThis log
2. List of files that online scans failed to disinfect

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

07-16-2005, 10:33 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard. C:\WINDOWS\START MENU\PROGRAMS\STARTUP\NNND.EXE C:\WINDOWS\CERES.DLL C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE C:\WINDOWS\SYSTEM\DATADX.DLL c:\windows\system\dlylygu.exe C:\WINDOWS\jjjanl.exe Start KillBox. Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox Click the dropdown-arrow next to the "Full Path of File to Delete" field. Verify that the filenames you pasted are found in there. Select/tick the following: * Replace on Reboot * Use Dummy * End Explorer Shell While Killing File * "Unregister.dll Before Deleting" * if it's not grayed out Click the RED X button. Click "Yes" at the 'Delete on Reboot' prompt. Click "Yes" at the 'Pending Operations' prompt. * If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again. = = = = = = = = = = = Reboot to Safe-Mode Restart the computer. The computer begins processing a set of instructions known as BIOS. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the 'Windows Advanced Options' menu appears. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode. = = = = = = = = = = = Uninstall the following programs using Add/Remove Programs panel : * Some entries may not be present Media Access MySearch Toolbar = = = = = = = = = = = Run a HiJackThis scan. Select the following entries & click Fix checked : O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.EXE O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart O4 - HKLM\..\Run: [dlylygu] c:\windows\system\dlylygu.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\jjjanl.exe reg_run O4 - Startup: nnnd.exe = = = = = = = = = = = Locate and delete the following folder(s), if present: c:\WINDOWS\All Users\Application Data\nsv\ c:\WINDOWS\cfgmgr52\ c:\Program Files\Media Access\ c:\Program Files\Toolbar\ c:\Program Files\MySearch\ c:\Program Files\Aprps\ C:\WINDOWS\SYSTEM\nsvsvc\ C:\WINDOWS\SYSTEM\VIDCTRL\ = = = = = = = = = = = Run Cleanup! & configure the program up as follows: Click Options... Move the arrow down to Custom CleanUp! Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files [X]Scan local drives for temporary files (Please uncheck this option) Cleanup! All Users Click OK Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will delete all the files in your temp folders without making a backup = = = = = = = = = = = Reboot to Normal-Mode. Do an online scan at Panda Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan = = = = = = = = = = = In your next post, please include fresh copies of: 1. HiJackThis log 2. List of files that online scans failed to disinfect Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today?