Tech Support Forum - View Single Post - Zeno, Adware-Look2Me, Qoolaid

sUBs · 03-04-2006, 02:21 PM

Please read this post completely before begining the fix.

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

SpywareBlaster 3.5.1 - Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * *

Launch ThunderBird & delete this email from the inbox:

Tue, 19 Apr 2005 12:12:34 -0700]/UNNAMED/[From "CareerBuilder.com" <Jobs@alerts.CareerBuilder.com>][Date Wed, 20 Apr 2005 04:59:08 -0400]/UNNAMED/[From "CareerBuilder.com" <Jobs@alerts.CareerBuilder.com>][Date Sat, 30 Apr 2005 01:11:30 -0400]/UN ... /[From ... /[From eBay Inc <support_id_43160986491@ebay.com>][Date Fri, 19 Aug 2005 04:05:42 +0400]/html

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

F2 - REG:system.ini: UserInit=userinit.exe

* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

Tick - 'Show hidden files and folder'
Untick - 'Hide file extensions for known types'
Untick - 'Hide protected operating system files'
Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

C:\Documents and Settings\Owner\Desktop\Lauren's Stuff\setupstuff\BSINSTALL.exe
C:\SS1001.exe
C:\WINDOWS\icont.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\install_id6.exe
C:\WINDOWS\system32\s_install_ID8.exe
C:\WINDOWS\system32\Tagasuarus5.exe

Delete the contents of this folder, leaving it empty:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
C:\quarantine\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.

Reboot & post another HijackThis log

03-04-2006, 02:21 PM	#10 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,326 OS: N/A	Please read this post completely before begining the fix. Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. SpywareBlaster 3.5.1 - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * Launch ThunderBird & delete this email from the inbox: Tue, 19 Apr 2005 12:12:34 -0700]/UNNAMED/[From "CareerBuilder.com" <Jobs@alerts.CareerBuilder.com>][Date Wed, 20 Apr 2005 04:59:08 -0400]/UNNAMED/[From "CareerBuilder.com" <Jobs@alerts.CareerBuilder.com>][Date Sat, 30 Apr 2005 01:11:30 -0400]/UN ... /[From ... /[From eBay Inc <support_id_43160986491@ebay.com>][Date Fri, 19 Aug 2005 04:05:42 +0400]/html * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": F2 - REG:system.ini: UserInit=userinit.exe * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files' Click Yes to confirm & then click OK Locate and delete the following files/folders: (let me know if you fail to find/delete any) C:\Documents and Settings\Owner\Desktop\Lauren's Stuff\setupstuff\BSINSTALL.exe C:\SS1001.exe C:\WINDOWS\icont.exe C:\WINDOWS\pf78.exe C:\WINDOWS\system32\install_id6.exe C:\WINDOWS\system32\s_install_ID8.exe C:\WINDOWS\system32\Tagasuarus5.exe Delete the contents of this folder, leaving it empty: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ C:\quarantine\ * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot & post another HijackThis log __________________ Question - what have you done for the community today?