Tech Support Forum - View Single Post

Ried · 10-13-2006, 09:06 PM

Hello addy771,

Once again, disable Windows Defender as it may interfere with our fixes.

Download AlcanShorty from here.

Click the download button below and agree to download the fix.
Download Alcanshorty to your desktop.
DoubleClick alcanshorty_en.exe and click install
This will create a new folder on your desktop called alcanshorty_en
Open that folder and doubleclick Run.bat
Once the fix starts, your icons and desktop will disappear, this is normal.

Make sure you have a working internet connection. In case your firewall gives an alert, don't block it,
because alcanshorty needs to download some additional files to let the tool run properly.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Delete the following Files and Folders if they still exist.

c:\windows\system\rules.dat
c:\windows\dh.ini
c:\program files\common files\InetGet
C:\Documents and Settings\Adam\Desktop\Stuff\programs\KrazyBall.exe[NNBALL638.EXE]
C:\Documents and Settings\Adam\Desktop\Stuff\programs\NamesToolkit-Setup.exe[saap.exe]
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DCE13809-C6AE-4CB6-9152-30B53B.asq

-----------------------------------

**If the above resist deletion, boot into Safe Mode and delete.

-----------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bolded text into Notepad:

REGEDIT4

[-hkey_current_user\software\Fun Web Products}

[-hkey_local_machine\software\FocusInteractive]

[-hkey_local_machine\software\MySearch}

[-hkey_local_machine\software\zanu]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}]

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

-----------------------------------

Reboot your system.

-----------------------------------

Run another online scan at Panda and post the results here along with a new HijackThis log.

How is your system behaving?

10-13-2006, 09:06 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,596 OS: WinXP and Vista	Hello addy771, Once again, disable Windows Defender as it may interfere with our fixes. Download AlcanShorty from here. Click the download button below and agree to download the fix. Download Alcanshorty to your desktop. DoubleClick alcanshorty_en.exe and click install This will create a new folder on your desktop called alcanshorty_en Open that folder and doubleclick Run.bat Once the fix starts, your icons and desktop will disappear, this is normal. Make sure you have a working internet connection. In case your firewall gives an alert, don't block it, because alcanshorty needs to download some additional files to let the tool run properly. Wait for the complete script execution box to popup and press OK. Press exit to terminate the BFU program. ----------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ----------------------------------- Delete the following Files and Folders if they still exist. c:\windows\system\rules.dat c:\windows\dh.ini c:\program files\common files\InetGet C:\Documents and Settings\Adam\Desktop\Stuff\programs\KrazyBall.exe[NNBALL638.EXE] C:\Documents and Settings\Adam\Desktop\Stuff\programs\NamesToolkit-Setup.exe[saap.exe] C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\DCE13809-C6AE-4CB6-9152-30B53B.asq ----------------------------------- If the above resist deletion, boot into Safe Mode and delete. ----------------------------------- Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bolded text into Notepad: REGEDIT4 [-hkey_current_user\software\Fun Web Products} [-hkey_local_machine\software\FocusInteractive] [-hkey_local_machine\software\MySearch} [-hkey_local_machine\software\zanu] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}] Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes** to merge/add it to the registry. You may delete the file afterwards. ----------------------------------- Reboot your system. ----------------------------------- Run another online scan at Panda and post the results here along with a new HijackThis log. How is your system behaving? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."