Tech Support Forum - View Single Post

Vikesrock8411 · 11-30-2005, 06:55 PM

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Ewido managed to clean a lot off your system...but it got a little carried away.
Please launch Ewido and click the quarantine button on the left side. Highlight each of these files then click Restore
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs

Ewido also seemed to mess with your Restore Point so I would like to set a new one before we continue.
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

Tick the checkbox - Turn off System Restore on all drives
Click Apply
Turn it back 'On' by unticking the same checkbox & click OK

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads(make sure to save these in a permanent location)
Findlop by Metallica. Unzip it to your desktop.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

We need to make it so you can see some files that owuld otherwise be invisible to you. Please go to Start>Run>Type regsvr32 /u occache.dll

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\SYSTEM32\cache32_dsktptr
C:\WINDOWS\STWSI
C:\Program Files\LoveFreeGames
C:\Program Files\Sizesetupooze
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\SYSTEM32\P2ECOM.dll
c:\Windows\Nail.exe
C:\WINDOWS\dpusys.ini
C:\install.cab
C:\Documents and Settings\Jason\My Documents\Win MX\Lop-Sucks.exe
C:\Documents and Settings\Jason\My Documents\lopremove.exe
C:\install.htm

Now we need to hide those files again. Please go to Start>Run> Type regsvr32 occache.dll

Reboot your system in Normal Mode.

Double click findlop.bat. It will open a notepad file.
Copy the content of that file and past it here in your reply.

Online Scans
Please open IE and go to
Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:

Find Lop log
Kaspersky Log
A new Hijackthis! Log

11-30-2005, 06:55 PM	#4 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Ewido managed to clean a lot off your system...but it got a little carried away. Please launch Ewido and click the quarantine button on the left side. Highlight each of these files then click Restore C:\Program Files\MSN Messenger\riched20.dll C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs Ewido also seemed to mess with your Restore Point so I would like to set a new one before we continue. Go to Start >> Run - type control sysdm.cpl,,4 & press Enter. Tick the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Viewing Hidden Files Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads(make sure to save these in a permanent location) Findlop by Metallica. Unzip it to your desktop. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). We need to make it so you can see some files that owuld otherwise be invisible to you. Please go to Start>Run>Type regsvr32 /u occache.dll File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\SYSTEM32\cache32_dsktptr C:\WINDOWS\STWSI C:\Program Files\LoveFreeGames C:\Program Files\Sizesetupooze C:\WINDOWS\Downloaded Program Files\CONFLICT.1 C:\WINDOWS\SYSTEM32\P2ECOM.dll c:\Windows\Nail.exe C:\WINDOWS\dpusys.ini C:\install.cab C:\Documents and Settings\Jason\My Documents\Win MX\Lop-Sucks.exe C:\Documents and Settings\Jason\My Documents\lopremove.exe C:\install.htm Now we need to hide those files again. Please go to Start>Run> Type regsvr32 occache.dll Reboot your system in Normal Mode. Double click findlop.bat. It will open a notepad file. Copy the content of that file and past it here in your reply. Online Scans Please open IE and go to Kaspersky WebScanner Next Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. * Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include: Find Lop log Kaspersky Log A new Hijackthis! Log