Thread: looots of adware/spyware keep coming all due to a bad windows media player link
View Single Post
Old 07-16-2005, 04:59 PM   #8 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,353
OS: N/A


Good work. It's looking rosy. We are almost done.

I have attached a file to this post - regdel.txt
Download it & rename it "regdel.reg" (inclusive of the quotes)
Double-click on it & answer YES when prompted to merge into the Registry

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
  • C:\WINDOWS\SYSTEM\WMASCR.DLL
    C:\WINDOWS\SYSTEM\DVNET.DLL
    C:\WINDOWS\SYSTEM\Free Picture iPod.ico
    C:\WINDOWS\SYSTEM\winupdt.bin
    C:\WINDOWS\SYSTEM\tsuninst.exe
    C:\WINDOWS\SYSTEM\stlb2.xml
    C:\WINDOWS\SYSTEM\saie_gdf.dat
    C:\WINDOWS\Buddy.exe
    C:\WINDOWS\cxtpls_loader.exe
    C:\WINDOWS\APPLICATION DATA\Lycos
    C:\WINDOWS\SYSTEM\SSI_CI32.DLL
    C:\WINDOWS\SYSTEM\QJV.DLL
    C:\WINDOWS\SYSTEM\IPSETUP.DLL
    C:\WINDOWS\SYSTEM\NYWRSPT.DLL
    C:\WINDOWS\SYSTEM\MNDMO.DLL
    C:\WINDOWS\SYSTEM\IWWPHBK.DLL
    C:\WINDOWS\SYSTEM\CRL3DV2.DLL
    C:\WINDOWS\SYSTEM\QAV.DLL
    C:\WINDOWS\SYSTEM\PXNMAP.DLL
    C:\WINDOWS\SYSTEM\WSADMOD.DLL
    C:\WINDOWS\SYSTEM\HNOPNP.DLL
    C:\WINDOWS\SYSTEM\BIOWSEUI.DLL
    C:\WINDOWS\SYSTEM\NWONN16.DLL
    C:\WINDOWS\SYSTEM\OGBCINT.DLL
    C:\WINDOWS\SYSTEM\OWBCBCP.DLL
    C:\WINDOWS\SYSTEM\WNNMM.DLL
    C:\WINDOWS\SYSTEM\biA.exe
    C:\WINDOWS\SYSTEM\Cache\ezstub.exe
    C:\WINDOWS\SYSTEM\Cache\ic_d.exe
    C:\WINDOWS\SYSTEM\Cache\videoinst.exe
    C:\WINDOWS\SYSTEM\Cache\SSK_B5 WMG Media - Rev Share 3.EXE
    C:\WINDOWS\SYSTEM\Cache\trgen-fran-default.exe
    C:\WINDOWS\SYSTEM\Cache\trgen_fran-162813.exe
    C:\WINDOWS\SYSTEM\datadx.dll
    C:\WINDOWS\SYSTEM\danput8.dll
    C:\WINDOWS\SYSTEM\Cul3d.dll
    C:\WINDOWS\SYSTEM\WMASCR.DLL
    C:\WINDOWS\SYSTEM\tsuninst.exe
    C:\WINDOWS\SYSTEM\ASSTREAM.DLL
    C:\WINDOWS\SYSTEM\VKAME.DLL
    C:\WINDOWS\SYSTEM\Ccwflt32.dll
    C:\WINDOWS\SYSTEM\mb43dmod.dll
    C:\WINDOWS\SYSTEM\cartc.dll
    C:\WINDOWS\SYSTEM\mwident.dll
    C:\WINDOWS\SYSTEM\mb4sdmod.dll
    C:\WINDOWS\SYSTEM\IS_NDI.DLL
    C:\WINDOWS\SYSTEM\QBUninstaller.exe
    C:\WINDOWS\SYSTEM\AOTXPRXY.DLL
    C:\WINDOWS\SYSTEM\MIC40.DLL
    C:\WINDOWS\SYSTEM\VEPODBC.DLL
    C:\WINDOWS\SYSTEM\Shex.exe
    C:\WINDOWS\SYSTEM\poisdecd.dll
    C:\WINDOWS\SYSTEM\dvnet.dll
    C:\WINDOWS\SYSTEM\MIC42.DLL
    C:\WINDOWS\SYSTEM\NUWRSPT.DLL
    C:\WINDOWS\SYSTEM\dascript.dll
    C:\WINDOWS\SYSTEM\dlylygu.exe
    C:\WINDOWS\SYSTEM\UJLMON.DLL
    C:\WINDOWS\SYSTEM\IAGUTIL.DLL
    C:\WINDOWS\SYSTEM\SNROBJ.DLL
    C:\WINDOWS\SYSTEM\SUSCRAP.DLL
    C:\WINDOWS\SYSTEM\NMRSES.DLL
    C:\WINDOWS\INF\BIA.INF
    C:\WINDOWS\INF\CERES.INF
    C:\WINDOWS\pppqu.dat
    C:\WINDOWS\jjjanl.exe
    C:\WINDOWS\dddfswg.dll
    C:\WINDOWS\pi1_60.exe
Select/Highlight all the filename(s) from the above.
Copy to clipboard by pressing [CTRL]+[C] on your keyboard.
Start KillBox.exe
  1. Go to the File menu, and choose Paste from Clipboard * this feature does not work on older versons of Killbox
    Click the dropdown-arrow next to the "Full Path of File to Delete" field.
    Verify that the filenames you pasted are found in there.
  2. Select/tick the following:
    • Delete on Reboot
    • End Explorer Shell While Killing File
    • Unregister.dll Before Deleting * if it's not grayed out
  3. Click the RED X button.
  4. Click Yes at the 'Delete on Reboot' prompt.
  5. Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe Then try Killbox again.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE
Quote:
Adware:adware/navhelper No disinfected C:\PROGRAM FILES\Ares
That is what Panda said of Ares. Let's uninstall it.

Uninstall the following programs, if present, using Control Panel > Add/Remove Programs :
  • Ares

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Locate and delete the following folder(s), if present:
  • C:\WINDOWS\All Users\Application Data\msw\
    C:\WINDOWS\SYSTEM\aosc\
    C:\PROGRAM FILES\Ares\

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! & configure the program as follows:
  1. Click Options...
  2. Move the arrow down to Custom CleanUp!
  3. Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • [X]Scan local drives for temporary files (Please uncheck this option)
    • Cleanup! All Users
  4. Click OK
  5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders without making a backup


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Post a new HJT log & let me know how your computer is behaving now.
__________________

Question - what have you done for the community today?
Last edited by sUBs; 07-16-2005 at 05:02 PM.
sUBs is offline