Tech Support Forum - View Single Post

Ried · 03-04-2006, 06:59 PM

Hi evangelion1010,

The delay in your reply is understood.

Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions.

If you deleted DelO15Domains already, we need it again:

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Do not run it yet.

Download Ewido Security Suite

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

---------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.

---------------------------

Run a scan in HijackThis. 'Check' each of the following if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [Microsoft IT Updated] srss.exe
O4 - HKCU\..\Run: [Windows Client/Server Runtime Server] csrs.exe
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://*.search-soft.net
O15 - Trusted Zone: http://*.windowsupdate.com

Click 'Fix Checked' and close HijackThis.

---------------------------

Delete the following Files and Folders if they still exist.

C:\WINDOWS\SYSTEM32\winuptd.exe
C:\WINDOWS\system32\xscan.exe
D:\KaZaA\bdcore.dll.updpnd
Do a search via Start>Search for these 2 files and delete. Careful of the spelling, make sure it is exactly as shown below:
csrs.exe
srss.exe

---------------------------

Right click on DelO15Domains and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

---------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------

Reboot into Normal Mode.

---------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply along with a new HijackThis log and the results of the Ewido scan.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

03-04-2006, 06:59 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,582 OS: WinXP and Vista	Hi evangelion1010, The delay in your reply is understood. Please copy this page to Notepad since you will not have any browsers open while you are carrying out these instructions. If you deleted DelO15Domains already, we need it again: Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Do not run it yet. Download Ewido Security Suite Install Ewido Security Suite When installing, under "Additional Options" uncheck.. Install background guard Install scan via context menu Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. --------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. --------------------------- Run a scan in HijackThis. 'Check' each of the following if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [Microsoft IT Updated] srss.exe O4 - HKCU\..\Run: [Windows Client/Server Runtime Server] csrs.exe O15 - Trusted Zone: http://.63.219.181.7 O15 - Trusted Zone: http://.windowsupdate.microsoft.com O15 - Trusted Zone: http://.search-soft.net O15 - Trusted Zone: http://.windowsupdate.com Click 'Fix Checked' and close HijackThis. --------------------------- Delete the following Files and Folders if they still exist. C:\WINDOWS\SYSTEM32\winuptd.exe C:\WINDOWS\system32\xscan.exe D:\KaZaA\bdcore.dll.updpnd Do a search via Start>Search for these 2 files and delete. Careful of the spelling, make sure it is exactly as shown below: csrs.exe srss.exe --------------------------- Right click on DelO15Domains and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again. --------------------------- Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. --------------------------- Reboot into Normal Mode. --------------------------- Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply along with a new HijackThis log and the results of the Ewido scan. * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."