Looks like you've done some good work....but I have some jobs for you to do.
Quote:
|
I found info on how to remove the annoying "spyware removal wizard" but I can't find the registry entry mentioned in regedit.
|
Not sure what you're referring to on this....if you can expand on that a bit, please...
Also, you can't Killbox registry entries...for that, you need a regfix:
Copy and paste the following into Notepad (don't forget to copy and paste
REGEDIT4):
Quote:
REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM]
|
Save the file as "
delete.reg". Make sure to save it with the quotes. It should look like this:
Close Notepad.
Double click on the
delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
---------------------------------------------------------------------------------------------
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist
(make sure you do not miss any) and click
Fix Checked
O4 - HKLM\..\Run: [ivhmirm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ivhmirm.dll,iaumlkg
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02a78de4...p/RdxIE601.cab
Close HijackThis now.
---------------------------------------------------------------------------------------------
Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.
Delete the following if they exist:
C:\WINDOWS\system32\ivhmirm.dll
If it resists deletion, Killbox it.
---------------------------------------------------------------------------------------------
The unwanted tools were part of Smitfraud fix, which it appears you ran. I'd like you to download it anew, and post results from Option 1, after running this next tool....
- Download combofix from one of these locations:
- Double click on combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri)
Extract the content (a folder named
SmitfraudFix) to your Desktop.
Open the
SmitfraudFix folder and double-click
smitfraudfix.cmd
Select option
#1 -
Search by typing
1 and press
"Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!
--------------------------------------------
Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
---------------------------------------------------------------------------------------------
Please return with results from:
combofix (C:\ComboFix.txt)
SmitfraudFix (rapport.txt)
HJT
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006