The error is because we have removed a malware file that is still trying to run at startup, the message should not show up any more when you have completed this fix.
Please print out or copy this page to
Notepad in order to assist you when carrying out the following instructions.
Viewing Hidden Files
Go to
My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the
Hide protected operating system files option.
Downloads(make sure to save these in a permanent location)
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)
HijackThis!
Open Hijack This and click on Scan. Check the following entries
(make sure you do not miss any)
R3 - URLSearchHook: (no name) - {23211FA9-0DF1-203A-0A16-BF5E623975F4} - C:\WINDOWS\uulatagi.dll (file missing)
O2 - BHO: (no name) - {DDE6EF2C-8F28-CAED-D0AE-F09604C0EB00} - C:\WINDOWS\uulatagi.dll (file missing)
O3 - Toolbar: Search - {B4866866-246E-1035-966C-D299680846CB} - C:\WINDOWS\uulatagi.dll (file missing)
O4 - HKLM\..\Run: [Auto Updater] C:\WINDOWS\System32\aupdate.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\msbk32.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKCU\..\Run: [irassync] C:\WINDOWS\System32\irasyncd.exe
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000121.exe
Please remember to close all other windows, including browsers then click Fix checked.
Launch
KillBox.exe & select the following
options:
Select all the filenames below & then right-click & select Copy
- C:\WINDOWS\SYSTEM32\atmtd.dll
C:\WINDOWS\SYSTEM32\aupdate.exe
C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\SYSTEM32\WinNB57.dll
C:\WINDOWS\SYSTEM32\WinStat10.dll
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
C:\WINDOWS\cfgmgr52.ini
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\vidctrl
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\uulatagi.dll
* Go to the File menu, and choose
Paste from Clipboard
* Click the
RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Command <<<Unless you know what this program is
File and Folder Deletions
Delete the following Files indicated in
RED and Folders indicated in
BLUE if they still exist.
C:\PROGRAM FILES\AdDestroyer
C:\PROGRAM FILES\VBouncer
C:\Program Files\BullsEye Network
C:\Program Files\NaviSearch
C:\PROGRAM FILES\COMMON FILES\InetGet
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Reboot your system in Normal Mode.
Online Scans
Please open IE and go to
Kaspersky WebScanner
Next Click on
Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
In your next post please include:
- Kaspersky Log
- A new Hijackthis! Log