Tech Support Forum - View Single Post

**Deckard** · 10-15-2006, 08:43 PM

We're really close. These last steps and it should be clean.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\DriverLoad
C:\WINDOWS\SYSTEM32\azfd6ea9.sys
C:\WINDOWS\SYSTEM32\iehttpcheck.bat
C:\WINDOWS\trnty.dll
C:\WINDOWS\file.bat

Download Attachment
Download the file attached to this post and save it to your desktop. Extract it and double-click on the quaa.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now.

Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.

Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
Enter your e-mail address, country, and state and click Scan Now.
Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
Begin the scan by selecting My Computer. Note:
- Please turn off the real time scanner of any existing antivirus program while performing the online scan.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on See report then click Save report.
- It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Reboot
Please reboot. I want to make sure the entries I removed from the registry do not come back.

Re-run ComboFix
Double click combofix.exe & follow the prompts. When the tool has finished, it will move the old log to C:\ComboFix2.txt and produce a new log in C:\ComboFix.txt.

Post the Panda Scan result along with the C:\ComboFix.txt log.

10-15-2006, 08:43 PM	#7 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	We're really close. These last steps and it should be clean. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\DriverLoad C:\WINDOWS\SYSTEM32\azfd6ea9.sys C:\WINDOWS\SYSTEM32\iehttpcheck.bat C:\WINDOWS\trnty.dll C:\WINDOWS\file.bat Download Attachment Download the file attached to this post and save it to your desktop. Extract it and double-click on the quaa.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker. Enter your e-mail address, country, and state and click Scan Now. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control. Begin the scan by selecting My Computer. Note: Please turn off the real time scanner of any existing antivirus program while performing the online scan. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report. It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report. Reboot Please reboot. I want to make sure the entries I removed from the registry do not come back. Re-run ComboFix Double click combofix.exe & follow the prompts. When the tool has finished, it will move the old log to C:\ComboFix2.txt and produce a new log in C:\ComboFix.txt. Post the Panda Scan result along with the C:\ComboFix.txt log. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006 Last edited by Deckard; 11-02-2006 at 06:54 PM.