Tech Support Forum - View Single Post

**Deckard** · 10-08-2006, 09:35 PM

Let's run one more scanner, and then let's try an experiment. Once you've scanned with Dr.Web, I want you to disable Zone Alarm long enough to try to update AVG Anti-Spyware. I'm curious if Zone Alarm is the culprit.

Download Attachment
Download the file attached to this post and copy it to the computer. Extract it and double-click on the docoweatpie.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now.

Deletions
Please delete the following files (if they still exist):

C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

Download Dr.Web Cureit
Download Dr.Web CureIt to the Desktop.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured (in case if we need samples).
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

With Your Next Post...
Please paste the Dr.Web CureIt's report along with a new HijackThis taken after Dr.Web finishes.

Also let me know if disabling Zone Alarm allowed you update AVG Anti-Spyware.

10-08-2006, 09:35 PM	#6 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Let's run one more scanner, and then let's try an experiment. Once you've scanned with Dr.Web, I want you to disable Zone Alarm long enough to try to update AVG Anti-Spyware. I'm curious if Zone Alarm is the culprit. Download Attachment Download the file attached to this post and copy it to the computer. Extract it and double-click on the docoweatpie.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now. Deletions Please delete the following files (if they still exist): C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup Download Dr.Web Cureit Download Dr.Web CureIt to the Desktop. Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured (in case if we need samples). After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. With Your Next Post... Please paste the Dr.Web CureIt's report along with a new HijackThis taken after Dr.Web finishes. Also let me know if disabling Zone Alarm allowed you update AVG Anti-Spyware. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 Last edited by Deckard; 11-02-2006 at 06:54 PM.