Tech Support Forum - View Single Post

sUBs · 01-11-2006, 05:11 PM

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run.

Right click on this & select 'Save As' - DNSManual.bat
Doubleclick on DNSManual.bat & allow it to run.

SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

Please download the file attached - regdel.zip
From within regdel.zip, doubleclick regdel.reg & allow it to merge with the Registry
This will remove some malware entries from the Registry

* * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * *

Launch KillBox.exe & select the following options:

delete on Reboot

All files (if available)

Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy

C:\WINDOWS\system32\biqrexpj.exe
C:\WINDOWS\system32\DH9013.exe
C:\WINDOWS\system32\jcosnf.exe
C:\WINDOWS\SYSTEM32\0wao7k9k.dll
C:\Documents and Settings\RICH\Application Data\Sskknwrd.dll
C:\Documents and Settings\RICH\Application Data\Sskuknwrd.dll

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

* * * * * *

After you have rebooted, delete the contents of this folder, leaving it empty:

C:\Program Files\Norton AntiVirus\Quarantine\

This would empty the System Volume Information folder
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

Tick on the checkbox - Turn off System Restore on all drives
Click Apply

Turn it back 'On' by unticking the same checkbox & click OK

Repeat the Kaspersky scan & post the resultant log along with a fresh HJT log. Let me know how the machine is behaving now.

01-11-2006, 05:11 PM	#5 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,453 OS: N/A	Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. Right click on this & select 'Save As' - DNSManual.bat Doubleclick on DNSManual.bat & allow it to run. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain Please download the file attached - regdel.zip From within regdel.zip, doubleclick regdel.reg & allow it to merge with the Registry This will remove some malware entries from the Registry * * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * * Launch KillBox.exe & select the following options: delete on Reboot All files (if available) Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy C:\WINDOWS\system32\biqrexpj.exe C:\WINDOWS\system32\DH9013.exe C:\WINDOWS\system32\jcosnf.exe C:\WINDOWS\SYSTEM32\0wao7k9k.dll C:\Documents and Settings\RICH\Application Data\Sskknwrd.dll C:\Documents and Settings\RICH\Application Data\Sskuknwrd.dll * Go to the File menu, and choose Paste from Clipboard * Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. * * * * * * After you have rebooted, delete the contents of this folder, leaving it empty: C:\Program Files\Norton AntiVirus\Quarantine\ This would empty the System Volume Information folder Go to Start >> Run - type control sysdm.cpl,,4 & press Enter Tick on the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Repeat the Kaspersky scan & post the resultant log along with a fresh HJT log. Let me know how the machine is behaving now. __________________ Question - what have you done for the community today? Last edited by sUBs; 01-16-2006 at 04:06 PM.