Tech Support Forum - View Single Post

sUBs · 06-18-2006, 10:50 PM

Very good, we're almost done now. There's light at the end of the tunnel

These are programs that will protect against future infections.

Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf
Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

SpywareBlaster 3.5.1 - Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *

Locate and delete the following files/folders: (make sure you get ALL of them)

C:\WINDOWS\system32tfthot.exe
C:\WINDOWS\system32ftuninst.exe
C:\bintheredunthat\

Delete the contents of this folder, leaving it empty:

C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache
Delete Newsgroup Subscriptions
Delete Cookies

4. Click OK
5. Press the CleanUp! button to start the program.

* * * * * *

This would clear the contents of the System Volume Information folder @System Restore's cache
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

Tick on the checkbox - Turn off System Restore on all drives
Click Apply

Turn it back 'On' by unticking the same checkbox & click OK

* * * * * *

Reboot once more before posting a fresh Hijackthis log

06-18-2006, 10:50 PM	#12 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,333 OS: N/A	Very good, we're almost done now. There's light at the end of the tunnel These are programs that will protect against future infections. Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. SpywareBlaster 3.5.1 - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * Locate and delete the following files/folders: (make sure you get ALL of them) C:\WINDOWS\system32tfthot.exe C:\WINDOWS\system32ftuninst.exe C:\bintheredunthat\ Delete the contents of this folder, leaving it empty: C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\ * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Delete Cookies 4. Click OK 5. Press the CleanUp! button to start the program. * * * * * * This would clear the contents of the System Volume Information folder @System Restore's cache Go to Start >> Run - type control sysdm.cpl,,4 & press Enter Tick on the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK * * * * * * Reboot once more before posting a fresh Hijackthis log __________________ Question - what have you done for the community today?