Tech Support Forum - View Single Post

Ried · 03-03-2006, 10:21 AM

Hello galefly and welcome,

Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

The following programs can be downloaded to a disc or other removable media and brought to this PC:

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido. **Updates will transfer to removable media

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it.

---------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Viewpoint
AWS (Weatherbug)

Run a scan in HijackThis. 'Check' each of the following if they still exist:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

Click 'Fix Checked' and close HijackThis.

---------------------------

Wsing Windows Explorer, navigate to and delete the following Folders if they still exist.

C:\Program Files\Viewpoint
C:\PROGRA~1\AWS

---------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

---------------------------

Run Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
NOTE: During some scans with ewido it is finding cases of false positives.
You will need to step through the process of cleaning files one-by-one.
If ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select "Perform action on all infections"
If you are unsure of any entry found select none for now.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop

Close Ewido

---------------------------

Reboot into Normal Mode.

---------------------------

See if you can get an online scan:

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.

Click on see report. Then click Save report

Please post that log in your next reply along with a new HijackThis log and the results of the Ewido scan.

03-03-2006, 10:21 AM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,883 OS: WinXP and Vista	Hello galefly and welcome, Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. The following programs can be downloaded to a disc or other removable media and brought to this PC: Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Updates will transfer to removable media The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. --------------------------- Go to My Computer->Tools->Folder Options->View** tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. --------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: Viewpoint AWS (Weatherbug) Run a scan in HijackThis. 'Check' each of the following if they still exist: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU) Click 'Fix Checked' and close HijackThis. --------------------------- Wsing Windows Explorer, navigate to and delete the following Folders if they still exist. C:\Program Files\Viewpoint C:\PROGRA~1\AWS --------------------------- Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Standard CleanUp!" *Uncheck the following: -Delete Newsgroup cache -Delete Newsgroup Subscriptions -Scan local drives for temporary files Click OK Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility --------------------------- Run Ewido: Click on scanner Click on Complete System Scan and the scan will begin. NOTE: During some scans with ewido it is finding cases of false positives. You will need to step through the process of cleaning files one-by-one. If ewido detects a file you KNOW to be legitimate, select none as the action. DO NOT select "Perform action on all infections" If you are unsure of any entry found select none for now. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop Close Ewido --------------------------- Reboot into Normal Mode. --------------------------- See if you can get an online scan: Perform an online scan using Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Check Now** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Enter your e-mail address, country, and state & click Scan Now* ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and wants you to buy the program for removal as we will address this later. Click on see report. Then click Save report Please post that log in your next reply along with a new HijackThis log and the results of the Ewido scan. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."