Tech Support Forum - View Single Post

MoralTerror · 08-05-2006, 04:27 AM

Hi paulmath

IMPORTANT DO NOT SKIP THIS PART - You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. Extract (unzip) HijackThis to the new directory. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.

Please use Symantec's guide to remove the Norton Quarantine files.

--------------------------------

Open Internet Explorer and click Tools > Internet options. Under temporary internet files click on Delete Files and ok. Select yes when prompted to delete.

Open Control Panel and double-click the Java Icon.

Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

--------------------------------

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm082YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

Remember to close all other windows and click Fix Checked

--------------------------------

Perform an online scan with Internet Explorer with

eTrust Antivirus Web Scanner

You will be prompted to install an ActiveX component from Computer Associates. Click "install" then wait for the definitions to update. Once the definitions have updated select My Computer and click Start Scan

Once the scan is complete it will display if your system has been infected. Highlight the Scan results and copy/paste them into your next reply.

--------------------------------

Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here.

--------------------------------

Required Logs

eTrust report
uninstall_list.txt
new HijackThis log

How is it behaving now?

08-05-2006, 04:27 AM	#10 (permalink)
MoralTerror Analyst, Security Team Join Date: Nov 2005 Location: UK Posts: 1,968 OS: xp	Hi paulmath IMPORTANT DO NOT SKIP THIS PART - You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT , or another name of your choice. Extract (unzip) HijackThis to the new directory. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files. Please use Symantec's guide to remove the Norton Quarantine files. -------------------------------- Open Internet Explorer and click Tools > Internet options. Under temporary internet files click on Delete Files and ok. Select yes when prompted to delete. Open Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. -------------------------------- Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any) O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm082YYUS O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab Remember to close all other windows and click Fix Checked -------------------------------- Perform an online scan with Internet Explorer with eTrust Antivirus Web Scanner You will be prompted to install an ActiveX component from Computer Associates. Click "install" then wait for the definitions to update. Once the definitions have updated select My Computer and click Start Scan Once the scan is complete it will display if your system has been infected. Highlight the Scan results and copy/paste them into your next reply. -------------------------------- Open HijackThis and click Open the Misc Tools section, under System Tools click Open uninstall manager... and click Save list. Save it to HijackThis directory and post the entire contents of uninstall_list.txt here. -------------------------------- Required Logs eTrust report uninstall_list.txt new HijackThis log How is it behaving now?