Tech Support Forum - View Single Post

Ricvai · 07-18-2005, 10:35 AM

Download smithrem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.softpedia.com/progDownloa...oad-22503.html

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Go to Start>Run and type services.msc. Scroll down and look for services called ZESOFT. Double click at the service and choose disable at the startup type and click stop button to stop the service.

~~~~~~~~~~~~
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

* Open Spybot Search & Destroy.
* In the Mode menu click "Advanced mode" if not already selected.
* Choose "Yes" at the Warning prompt.
* Expand the "Tools" menu.
* Click "Resident".
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* In the File menu click "Exit" to exit Spybot Search & Destroy.
~~~~~~~~~~~~

Now scan with HJT and place a checkmark next to each of the following items:
================================================== =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O15 - Trusted Zone: http://www.hotink.com
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
================================================== =

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Open Ad-aware and do a full scan. Remove all it finds.

Now open Ewido Security Suite

* Click [Scanner]
* Click [Complete System Scan] to begin scanning.
* Click [OK] when prompted to clean files
* With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
* Once finished, click the [Save report] button
* Save the report to your desktop

Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Delete the following Files indicated in RED if they still exist.

C:\WINDOWS\zeta.exe

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

07-18-2005, 10:35 AM	#4 (permalink)
Ricvai Registered User Join Date: May 2005 Location: My Posts: 199 OS: Windows XP service pack 1 Corporate Edition	Download smithrem.zip and save the file to your desktop. Right click on the file and extract it to it's own folder on the desktop. Place a shortcut to Panda ActiveScan on your desktop. Please download the trial version of Ewido Security Suite here: http://www.softpedia.com/progDownloa...oad-22503.html Please read Ewido Setup Instructions Install it, and update the definitions to the newest files. Do NOT run a scan yet. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates: Ad-Aware SE Setup Don't run it yet! Next, please reboot your computer in SafeMode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode. Go to Start>Run and type services.msc. Scroll down and look for services called ZESOFT. Double click at the service and choose disable at the startup type and click stop button to stop the service. ~~~~~~~~~~~~ While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. * Open Spybot Search & Destroy. * In the Mode menu click "Advanced mode" if not already selected. * Choose "Yes" at the Warning prompt. * Expand the "Tools" menu. * Click "Resident". * Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. * In the File menu click "Exit" to exit Spybot Search & Destroy. ~~~~~~~~~~~~ Now scan with HJT and place a checkmark next to each of the following items: ================================================== = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm O15 - Trusted Zone: http://www.hotink.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing) ================================================== = Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Open Ad-aware and do a full scan. Remove all it finds. Now open Ewido Security Suite * Click [Scanner] * Click [Complete System Scan] to begin scanning. * Click [OK] when prompted to clean files * With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK]. * Once finished, click the [Save report] button * Save the report to your desktop Close Ewido Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present. Delete the following Files indicated in RED if they still exist. C:\WINDOWS\zeta.exe Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked! Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply. Let us know if any problems persist.