Tech Support Forum - View Single Post

Vikesrock8411 · 12-01-2005, 03:28 PM

Are you still seeing an error message or has that been taken care of?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Special Note:
Microsoft AntiSpyware Program:
Because of recent changes in the way this program now defines and detects spyware/adware, it is no longer recommended as a spyware removal tool. Microsoft has downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore”

These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted. We recommend you uninstall it.

Downloads(make sure to save these in a permanent location)
Cleanup! (Alternate Link)- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: (no name) - {1908CCF6-A320-78F3-29F8-84ADA3C9E1EE} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe
O2 - BHO: (no name) - {2126F076-D126-BD30-45BD-8ACD7CEA7DAB} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe
O4 - HKLM\..\Run: [PLAY MAIL HIDE SHIM] C:\Documents and Settings\All Users\Application Data\Obj admin play mail\mfcdeq.exe
O4 - HKLM\..\Run: [obj build bike memo] C:\Documents and Settings\All Users\Application Data\Poll bias obj build\DartWave.exe
O4 - HKCU\..\Run: [wiadefui] C:\WINDOWS\system32\wiadefui.exe
O4 - HKCU\..\Run: [mfc40u] C:\WINDOWS\system32\mfc40u.exe

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1 <<< The ~1 means that it is the first folder alphabettically beginning with that string.
:\Documents and Settings\All Users\Application Data\Obj admin play mail
C:\Documents and Settings\All Users\Application Data\Poll bias obj build

C:\WINDOWS\system32\wiadefui.exe
C:\WINDOWS\system32\mfc40u.exe

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Uncheck the following :

Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:

Ewido Log
Panda Activescan Log
A new Hijackthis! Log

12-01-2005, 03:28 PM	#6 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Are you still seeing an error message or has that been taken care of? Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Special Note: Microsoft AntiSpyware Program: Because of recent changes in the way this program now defines and detects spyware/adware, it is no longer recommended as a spyware removal tool. Microsoft has downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore” These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted. We recommend you uninstall it. Downloads(make sure to save these in a permanent location) Cleanup! (Alternate Link)- Install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: (no name) - {1908CCF6-A320-78F3-29F8-84ADA3C9E1EE} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe O2 - BHO: (no name) - {2126F076-D126-BD30-45BD-8ACD7CEA7DAB} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe O4 - HKLM\..\Run: [PLAY MAIL HIDE SHIM] C:\Documents and Settings\All Users\Application Data\Obj admin play mail\mfcdeq.exe O4 - HKLM\..\Run: [obj build bike memo] C:\Documents and Settings\All Users\Application Data\Poll bias obj build\DartWave.exe O4 - HKCU\..\Run: [wiadefui] C:\WINDOWS\system32\wiadefui.exe O4 - HKCU\..\Run: [mfc40u] C:\WINDOWS\system32\mfc40u.exe *Please remember to close all other windows, including browsers then click Fix checked.* File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1 <<< The ~1 means that it is the first folder alphabettically beginning with that string. :\Documents and Settings\All Users\Application Data\Obj admin play mail C:\Documents and Settings\All Users\Application Data\Poll bias obj build C:\WINDOWS\system32\wiadefui.exe C:\WINDOWS\system32\mfc40u.exe Tools Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Uncheck the following : Scan local drives for temporary files Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC. Reboot your system in Normal Mode. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Click on see report. Then click Save report Post the contents of the report in your next reply You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include: Ewido Log Panda Activescan Log A new Hijackthis! Log