Thread: Found a ton of Spyware, can't get rid of one on my own
View Single Post
Old 08-19-2005, 10:36 AM   #5 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,208
OS: 2000 Pro; XP Pro; XP Home


Hi oblio98 -

A few more things to do here. Please do the following in this order:

Downloads

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Download FindIt's.zip http://forums.net-integration.net/in...post&id=142443 to your desktop. Unzip/extract the files to a folder on your desktop

Download Rkfiles.zip http://skads.org/special/rkfiles.zip
Unzip/extract the contents to a permanent folder on your desktop.

The Fix

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!

Please configure CleanUp with the following settings:

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINDOWS\SYSTEM32\c41bUs.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\keys.ini
C:\PROGRAM FILES\MyWay
C:\DOCUMENTS AND SETTINGS\KRISTIN\FAVORITES\Going Places
C:\backup-20040315-150246-900.dll
C:\WINDOWS\INF\biU.inf
C:\WINDOWS\SYSTEM32\biU.exe
C:\WINDOWS\SYSTEM32\msguard.dll

Once it reboots, allow it to boot to normal mode.

Locate the FindIt's folder on your desktop

Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient...then post the FindIt's log here. Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat


REBOOT TO SAFE MODE… This tool MUST be run in safe mode!!
Once in safe mode…

Double click rkfiles.bat
It will scan for awhile, so please be patient.
Wait until the DOS window closes.
Open the C:\log.txt it created and rename it log1.txt.

Reboot ito normal mode now.

Also, run the Panda scan again and report it's findings.

So I need logs from:

FindIt's
rkfiles
Panda ActiveScan
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline