Tech Support Forum - View Single Post

tetonbob · 08-20-2005, 01:12 PM

Jim, Jim, Jim.... I want to help you, I really do, and I understand your frustration. To best do that, I require all the information I've asked for in front of me at the same time.......or we can be chasing sprites. Not all our tools see the same things, and I know we've got some nasties hiding, so it's best to wait to post until all instructions have been completed, and all logs collected, unless there are problems along the way which need attention.

Please apply this fix, and then follow the instructions at the end.

All right, here we go:

Reboot to safe mode.

Go to C:\windows\tasks and have a look.

Do you see this task ?

AAA201F095ADB9CC

If you do, delete it. If not, do the following:

Most likely it is invisible and needs to be unhidden.

Click Start>run and type cmd to open a command prompt, paste in this command then press enter.

attrib -s -h -r C:\windows\tasks\*.job

Close the command prompt and open the windows\tasks folder.

Delete this task:

AAA201F095ADB9CC

Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{72F46506-69E8-4B2A-2C6B-F6AEECAFDF16}"

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jmttzrjycrmyxjotskz.com/...iV26VvmT9l.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Search for and delete the following files in bold:

c:\docume~1\owner\applic~1\online~1
C:\PROGRA~1\LOGOBO~1

Restart and run a new HijackThis scan. Save the log file and post it here.

I would like one post with fresh logs from the following, please:

Panda ActiveScan
HJT Startup List
SilentRunners
HJT scan

Please wait until you have run all the scans and collected all the logs before posting your results.

08-20-2005, 01:12 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,804 OS: 2000 Pro; XP Pro; XP Home	Jim, Jim, Jim.... I want to help you, I really do, and I understand your frustration. To best do that, I require all the information I've asked for in front of me at the same time.......or we can be chasing sprites. Not all our tools see the same things, and I know we've got some nasties hiding, so it's best to wait to post until all instructions have been completed, and all logs collected, unless there are problems along the way which need attention. Please apply this fix, and then follow the instructions at the end. All right, here we go: Reboot to safe mode. Go to C:\windows\tasks and have a look. Do you see this task ? AAA201F095ADB9CC If you do, delete it. If not, do the following: Most likely it is invisible and needs to be unhidden. Click Start>run and type cmd to open a command prompt, paste in this command then press enter. attrib -s -h -r C:\windows\tasks\.job Close the command prompt and open the windows\tasks folder. Delete this task: AAA201F095ADB9CC* Click START…RUN…Type in regedit. Make sure just “My Computer” is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake. Now navigate to each of the following keys and delete the file/folder/entry I highlighted in RED HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{72F46506-69E8-4B2A-2C6B-F6AEECAFDF16}" If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jmttzrjycrmyxjotskz.com/...iV26VvmT9l.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search for and delete the following files in bold: c:\docume~1\owner\applic~1\online~1 C:\PROGRA~1\LOGOBO~1 Restart and run a new HijackThis scan. Save the log file and post it here. I would like one post with fresh logs from the following, please: Panda ActiveScan HJT Startup List SilentRunners HJT scan Please wait until you have run all the scans and collected all the logs before posting your results. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009