Tech Support Forum - View Single Post

tetonbob · 10-12-2005, 08:25 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

I'd like to know more about this file for my personal database, as I'm not finding much definitive information about it:

C:\WINNT\system32\Sktempdm.exe

Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here. I believe it to be related to LiteOn or Silitek; please let me know.

Update Ewido's definitions.

Before we begin the fix, we need to unload Spybot's Teatimer. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit".

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist (Don't worry if they aren't there):

WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below.

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Locate the following Files/Folders (delete folders if no filename is specified)and delete them if they exist:

C:\Program Files\AWS
C:\Program Files\Wildtangent
C:\Documents and Settings\Debbie Moss\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll

Run a new Ewido scan using the same instructions. This log should be quite a bit smaller. Save it and post it here, please.

Restart in normal mode now.

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

Choose Save, NOT run, and save to your desktop
Double-click the tmas-web-scan.exe icon
It will say "Loading TrendMicro definitions".
Click "Start Scan"

After it's done scanning, click "Scan Results"

Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Restart and run a new HijackThis scan. Save the log file and post it here.

Please return with results from:

Ewido
Antispyware.log
HJT

10-12-2005, 08:25 AM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,811 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Click Yes to confirm and then click OK. I'd like to know more about this file for my personal database, as I'm not finding much definitive information about it: C:\WINNT\system32\Sktempdm.exe Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here. I believe it to be related to LiteOn or Silitek; please let me know. Update Ewido's definitions. Before we begin the fix, we need to unload Spybot's Teatimer. To do this, right-click on the icon in the quick launch toolbar at the bottom on the screen, then select "Exit". Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist (Don't worry if they aren't there): WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below. WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) Locate the following Files/Folders (delete folders if no filename is specified)and delete them if they exist: C:\Program Files\AWS C:\Program Files\Wildtangent C:\Documents and Settings\Debbie Moss\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat/files\wtvh.dll Run a new Ewido scan using the same instructions. This log should be quite a bit smaller. Save it and post it here, please. Restart in normal mode now. Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button). Choose Save, NOT run, and save to your desktop Double-click the tmas-web-scan.exe icon It will say "Loading TrendMicro definitions". Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here. Restart and run a new HijackThis scan. Save the log file and post it here. Please return with results from: Ewido Antispyware.log HJT __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009