Tech Support Forum - View Single Post

**Deckard** · 02-11-2007, 04:04 PM

Okay, let's get rid of what I can see.

P2P Software
I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Disable SpySweeper
Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper:

Go to the Options>Program Options.
Uncheck Load at Windows Startup.
Click Shields and uncheck all items there.
Uncheck Home page shield.

Disable Windows Defender
Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. To disable Defender:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Disable AVG AntiSpyware Guard
Please disable AVG AntiSpyware's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AVG AS Guard:

Open AVG AntiSpyware by double-clicking the AVG AS system tray icon.
Click the Shield tab at the top
Click on the word active to change it to inactive.
Close AVG AntiSpyware.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

J2SE Runtime Environment 5.0
Viewpoint Media Player

Please let me know if any of these were unable to uninstall.

Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):

O4 - HKLM\..\Run: [MSRT] svcmon.exe
O4 - HKLM\..\RunServices: [MSRT] svcmon.exe

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\Viewpoint
C:\WINDOWS\system32\svcmon.exe
C:\deleteme.exe
C:\tempdeleft.exe
C:\tempdelet.exe

Reboot
Reboot your system to Normal Mode.

Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded, click on NEXT.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database: extended
- Scan Options: Scan Archives and Scan Mail Bases
Click OK
Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
Now under select a target to scan, select My Computer
The program will start and scan your system.
The scan will take a while so be patient and let it run all the way.
Once the scan is complete it will display if your system has been infected.
Click on the Save as Text button and save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.

With Your Next Post...
Please paste the following with your next reply (in this order please):

Kaspersky scan report,
a new HiJackThis log taken after Kaspersky finishes.

02-11-2007, 04:04 PM	#4 (permalink)
Deckard Mentor, Analyst - Security Team Join Date: May 2006 Location: Oregon Posts: 2,503 OS: MacOS X, Debian, OpenBSD, Windows	Okay, let's get rid of what I can see. P2P Software I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any. Disable SpySweeper Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable SpySweeper: Go to the Options>Program Options. Uncheck Load at Windows Startup. Click Shields and uncheck all items there. Uncheck Home page shield. Disable Windows Defender Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. To disable Defender: Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. Disable AVG AntiSpyware Guard Please disable AVG AntiSpyware's Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable AVG AS Guard: Open AVG AntiSpyware by double-clicking the AVG AS system tray icon. Click the Shield tab at the top Click on the word active to change it to inactive. Close AVG AntiSpyware. Uninstall Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): J2SE Runtime Environment 5.0 Viewpoint Media Player Please let me know if any of these were unable to uninstall. Reboot Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows. HijackThis Fixes Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any): O4 - HKLM\..\Run: [MSRT] svcmon.exe O4 - HKLM\..\RunServices: [MSRT] svcmon.exe Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis. Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\Viewpoint C:\WINDOWS\system32\svcmon.exe C:\deleteme.exe C:\tempdeleft.exe C:\tempdelet.exe Reboot Reboot your system to Normal Mode. Online Scan Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files. Once the files have been downloaded, click on NEXT. Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: extended Scan Options: Scan Archives and Scan Mail Bases Click OK Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done. Now under select a target to scan, select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run all the way. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button and save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. With Your Next Post... Please paste the following with your next reply (in this order please): Kaspersky scan report, a new HiJackThis log taken after Kaspersky finishes. __________________ The chance to begin again in a golden land of opportunity and adventure. Need HijackThis help? Please read MicroBell's Five Step Process before posting. Please donate and help keep this site free to all. UNITE/ASAP: Proud member since 2006