Tech Support Forum - View Single Post

**TheBruce1** · 04-24-2007, 10:58 AM

Hello and welcome to TSF

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding..

--------------------------------------------------------------------------------------------
Download

Download ComboFix from here or here

**Save it to your desktop**

----------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.

--------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Ipwindows
Outerinfo

----------------------------------------------------------------------------------------------

Run ComboFix

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Deletions

Click Start->Run and copy/paste the following text into the Run box and click OK:

regsvr32 /u occache.dll

Delete the following Files indicated in RED

c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\pvdjgjeh.dll

Now, click Start>Run and copy/paste the following text into the Run box and click OK:

regsvr32 occache.dll

----------------------------------------------------------------------------------------------

IMPORTANT!:

Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If you're having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/downlo...p1a_en_x86.exe

Thank you for your cooperation.

-----------------------------------------------------------------------------------------------

Deckark System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

----------------------------------------------------------------------------------------------

Logs Required
C:\Combofix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<-----Attached

Also let me know how your system is behaving.

04-24-2007, 10:58 AM	#4 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Hello and welcome to TSF Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.. -------------------------------------------------------------------------------------------- Download Download ComboFix from here or here Save it to your desktop ---------------------------------------------------------------------------------------------- Spywareguard Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean. Right click the running icon of Spywareguard located in the system tray Go to Menu > File > Exit and confirm the programs close. -------------------------------------------------------------------------------------------- Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Ipwindows Outerinfo ---------------------------------------------------------------------------------------------- Run ComboFix Double click on ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Deletions Click Start->Run and copy/paste the following text into the Run box and click OK: regsvr32 /u occache.dll Delete the following Files indicated in RED c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\b122.exe C:\WINDOWS\system32\pvdjgjeh.dll Now, click Start>Run and copy/paste the following text into the Run box and click OK: regsvr32 occache.dll ---------------------------------------------------------------------------------------------- IMPORTANT!: Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online. Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here. Note If you're having trouble locating the service pack SP1a here is a direct link to download it from.. http://download.microsoft.com/downlo...p1a_en_x86.exe Thank you for your cooperation. ----------------------------------------------------------------------------------------------- Deckark System Scanner Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. ---------------------------------------------------------------------------------------------- Logs Required C:\Combofix.txt C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<-----Attached Also let me know how your system is behaving. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by Ried; 04-24-2007 at 11:18 AM.