Tech Support Forum - View Single Post

tetonbob · 03-02-2006, 08:46 AM

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

----------------------------------------------------------------------

Click Start->Run - type SERVICES.MSC & then click on the OK button

Locate the service - Aluria Security Center Spyware Eliminator Service
Double-click on it to open the Properties dialog.
Under the General tab:
Stop the service by using the Stop button.
Change the Startup type to Disabled & then click on the OK button
Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
In the popup box that appears, copy/paste ASCService Click on the OK button

----------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

----------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MyWebSearch
Aluria Software - it’s rogueware and we highly recommend that you uninstall them. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. See this site for more information.
.

Do not reboot at this time if asked.

----------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe

----------------------------------------------------------------------

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 /u occache.dll

Delete these files/folders if present:

C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
C:\WINDOWS\LASTGOOD\DOWNLOADED PROGRAM FILES\eied.inf
C:\WINDOWS\switchagreement.txt
C:\PROGRAM FILES\MyWebSearch
C:\Documents and Settings\xp\Cookies\xp@tribalfusion[1].txt
C:\Program Files\FunWebProducts
C:\WINDOWS\LastGood\Downloaded Program Files\eied.inf
C:\WINDOWS\LastGood\Downloaded Program Files\start.inf
C:\Program Files\Aluria Security Center

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 occache.dll

----------------------------------------------------------------------

Reboot in normal mode.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

----------------------------------------------------------------------

Post a new HJT log, and the Kapsersky scan log.

How is your system behaving now, please?

03-02-2006, 08:46 AM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,251 OS: 2000 Pro; XP Pro; XP Home	Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. ---------------------------------------------------------------------- Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Aluria Security Center Spyware Eliminator Service Double-click on it to open the Properties dialog. Under the General tab: Stop the service by using the Stop button. Change the Startup type to Disabled & then click on the OK button Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... In the popup box that appears, copy/paste ASCService Click on the OK button ---------------------------------------------------------------------- Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad: REGEDIT4 [-HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. ---------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: MyWebSearch Aluria Software - it’s rogueware and we highly recommend that you uninstall them. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. See this site for more information. . Do not reboot at this time if asked. ---------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\Program Files\Aluria Security Center\ascserv.exe ---------------------------------------------------------------------- Go to Start>Run then copy and paste, or type the following, then press Enter: regsvr32 /u occache.dll Delete these files/folders if present: C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf C:\WINDOWS\LASTGOOD\DOWNLOADED PROGRAM FILES\eied.inf C:\WINDOWS\switchagreement.txt C:\PROGRAM FILES\MyWebSearch C:\Documents and Settings\xp\Cookies\xp@tribalfusion[1].txt C:\Program Files\FunWebProducts C:\WINDOWS\LastGood\Downloaded Program Files\eied.inf C:\WINDOWS\LastGood\Downloaded Program Files\start.inf C:\Program Files\Aluria Security Center Go to Start>Run then copy and paste, or type the following, then press Enter: regsvr32 occache.dll ---------------------------------------------------------------------- Reboot in normal mode. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan ---------------------------------------------------------------------- Post a new HJT log, and the Kapsersky scan log. How is your system behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009