Thread: Project 1 and other pop up problems
View Single Post
Old 09-23-2006, 10:46 AM   #4 (permalink)
Eclipse2003
TSF Enthusiast
 
Eclipse2003's Avatar
 
Join Date: Apr 2005
Location: Ohio
Posts: 1,154
OS: XP


Can you tell me what Third Party Software you are using to disable DeluxeCommunication, Net.Net, AdvSearch, etc…?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

====================================================================================================

Showing Hidden files, folders, and system files and folders

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled.

Also make sure that the System Files and Folders are showing / visible.

Uncheck the Hide protected operating system files option.
====================================================================================================

Suspicious File Packer

Before fixing anything, Please download the Suspicious File Packer → http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\WINDOWS\system32\alfa.exe
C:\WINDOWS\system32\Chip.dll
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
====================================================================================================

Disable Software that may interfere with fixes

Windows Defender

To disable Real-Time Protection:

* Go to "Tools" | "General Settings"
* Scroll down to "Real-time protection options"
* Uncheck "Turn on real-time protection (recommended)"
* Remember to reactivate this feature when we have finished all our work.
====================================================================================================

P2P Software Installed

P2P Software
I see you have BitComet, Kazaa and Limewire installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation. I will make recommendations below for removal highlighted in Orange, which you can choose to ignore, where this P2P application is involved. I’ll leave the decision to you.
====================================================================================================


Downloads

Cleanup!

Cleanup! and install it. You will use this later.


Kazaa Begone

Download KazaaBegone and unzip it to your desktop. Warning: This version has a bug that can cause your Internet connection to be broken when removing New.Net, WebHancer or CommonName. Before using KazaaBegone, download WinsockFix just in case you need it (if it breaks your internet connection, run it).

SDFix

Download SDFix and save it to your desktop.

ComboFix <- This is a different version from the one you ran earlier, please replace the version you have with this one

1. Download from one of the following locations Combofix to your desktop -

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Save this log to your desktop as combo1.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
====================================================================================================

Delete Bad Registry Entries

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"BidSlayer"=-
"msvmsvcv"=-
"DeluxeCommunications"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"explorer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"1A:Stardock TrayMonitor"=-
"WT GameChannel"=-
"New.net Startup"=-
"Trickler"=-
"wcmdmgr"=-
"BrowseProxy"=-
"websearch"=-
Plugin"=-
"AltnetPointsManager"=-
"updmgr"=-
"P2P Networking"=-
"BlockChecker"=-
"RegistryMechanic"=-
"retsu"=-
"werinit"=-
"msvmsvcv"=-
"newname"=-
"DeluxeCommunications"=-
"explorer"=-
"defender"=-
"keyboard"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices\not active]
"1A:Stardock TrayMonitor"=-
====================================================================================================

Rebooting in Safe Mode

Next, reboot your computer in SafeMode :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.
====================================================================================================


Add/Remove Programs

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

BitComet
Limewire
Kazaa

====================================================================================================

HiJackThis! Fixes

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe


Please remember to close all other windows, including browsers then click Fix checked.
====================================================================================================

Tools

Kazaa Begone

Run KazaaBegone.exe
Select "Search and destroy all installed components"then click "Go.
====================================================================================================

Deleting Files and Folders

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\NewDotNet
c:\windows\temp\adware
C:\WINDOWS\wt
C:\Program Files\websearch
C:\Program Files\AdvSearch
C:\Program Files\MyWebSearch
C:\Program Files\Altnet
C:\WINDOWS\System32\P2P Networking
C:\Program Files\Admanager Controller
C:\Program Files\Block Checker
C:\Program Files\MessengerPlus! 3
C:\WINDOWS\svcwinra.exe
c:\nwnmff_e10.exe
c:\dfndrff_e10.exe
c:\kybrdff_e10.exe
C:\Program Files\Limewire
C:\Program Files\BitComet
C:\Program Files\Kazaa

====================================================================================================

Tools

CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and DO NOT reboot when prompted.


SDFix
  • Right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file
    Report.txt back onto the forum with a new HijackThis log

====================================================================================================

Rebooting in Normal Mode


Reboot your system in Normal Mode.
====================================================================================================

Online Virus/Spyware Scan

Panda Activescan

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
====================================================================================================

Tools

HiJackThis!

Please run a new HiJackThis! Scan and post the results with your next reply
====================================================================================================

Summary: Please make sure you have completed all of the steps above and include the following in your next post

New HiJackThis! Log
Panda ActiveScan Log
Report.txt
ComboFix Log
Eclipse2003 is offline