Tech Support Forum - View Single Post - ads in web pages with popups and redirect

sUBs · 01-07-2006, 04:32 AM

Everything seems to be on track. You're on your way to a full recovery

I still do not understand why Ewido was unable to run in Safe Mode. That where's Ewido is most effective. Perhaps you should contact the developers of Ewido to inform them of this bug in their software.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

Right click on this & select 'Save As' - DNSManual.bat
Doubleclick on DNSManual.bat & allow it to run.

SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

Go to Start->Run and type in regsvr32 /u occache.dll and hit OK.

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\SYSTEM32\DH9013.exe
C:\WINDOWS\WinDy.exe
C:\WINDOWS\SYSTEM32\DMFZX.EXE

Go to Start->Run and type in regsvr32 occache.dll and hit OK.

* * * * * *

Run CleanUp! again & then reboot your machine.

* * * * * *

As Ewido failed to run in Safe Mode, it would be reassuring if we ran another online scan froma different vendor

Perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on see report. Then click Save report

Post the contents of the report in your next reply along with a new HJT log

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

01-07-2006, 04:32 AM	#6 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Everything seems to be on track. You're on your way to a full recovery I still do not understand why Ewido was unable to run in Safe Mode. That where's Ewido is most effective. Perhaps you should contact the developers of Ewido to inform them of this bug in their software. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. Right click on this & select 'Save As' - DNSManual.bat Doubleclick on DNSManual.bat & allow it to run. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R3 - Default URLSearchHook is missing * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * Go to Start->Run and type in regsvr32 /u occache.dll and hit OK. Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\WINDOWS\Downloaded Program Files\ysbactivex.dll C:\WINDOWS\SYSTEM32\DH9013.exe C:\WINDOWS\WinDy.exe C:\WINDOWS\SYSTEM32\DMFZX.EXE Go to Start->Run and type in regsvr32 occache.dll and hit OK. * * * * * * Run CleanUp! again & then reboot your machine. * * * * * * As Ewido failed to run in Safe Mode, it would be reassuring if we ran another online scan froma different vendor Perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on see report. Then click Save report Post the contents of the report in your next reply along with a new HJT log You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Question - what have you done for the community today?