Thread: Command Service
View Single Post
Old 09-27-2006, 04:20 PM   #25 (permalink)
Hustler24
Analyst, Security Team
 
Join Date: Mar 2005
Posts: 890
OS: Windows XP Home


Much better. Your system should be running better now. Still some stuff to remove.


--------------


DISABLE ANTISPYWARE PROTECTION

Please disable Ewido Security Suite's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean.
  • Open ewido by double-clicking the yellow 'e' icon in the system tray.
  • In the 'Your security status' section, toggle the ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
  • When you reboot, ewido will prompt you as to whether you would like to "Restart the guard?". Reply "No" and set it to ''inactive'' for the duration of your cleanup.


--------------------


RUN REG FIX

Please download the attached file. Unzip it and double-click the contents. When asked whether you would like to merge the contents with the registry, say Yes.


----------------------


SAFE MODE

Reboot into Safe Mode as directed earlier


-----------------------


UNINSTALL PROGRAMS

You did say that you were going to uninstall Zero Knowledge Freedom. I noticed that it is still there. If you need to use McAfee on your network, you should uninstall it now. Uninstall the following via Add/Remove

Zero Knowledge


------------------------


DELETE FILES/FOLDERS

Please locate via Start > Find > All Files and Folders if necessary, and delete the following:

w002935c.dll
C:\WINDOWS\IA
C:\Program Files\Zero Knowledge
F:\AVICodecPackPlus21.exe


Reboot normally


---------------------


INSTALL FIREWALL

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice: .


-----------------------


ONLINE SCAN

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Post the Kaspersky log, a new HJT log and a Combofix log please.

How is the system performing now?
Attached Files
File Type: zip egotrippen.zip (225 Bytes, 2 views)
__________________
Hustler24 is offline