Tech Support Forum - View Single Post

Susan528 · 04-26-2007, 07:44 AM

Hi Maq2000 and welcome to TechSupport!

Use Internet Explorer to download ATF-I get an error when I use Firefox.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

STEP 1.
======
Stop and Disable Service

Go to Start > Run and type in Services.msc then cllick OK
Click the Extended tab.
Scroll down until you find Boonty Games - BOONTY
Click once on the service to highlight it.
Click Stop
Right-Click on the service.
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on ‘Disabled'
Click the 'Apply' tab, then click 'OK'

The service is now stopped and disabled.

Please set your system to show all files; please see here if you're unsure how to do this.
===================
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O2 - BHO: C:\WINDOWS\System32\ahd838jdgh.dll - {A25849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ahd838jdgh.dll (file missing)
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\svehost.exe<=file
C:\Program Files\Common Files\BOONTY Shared\<=folder
Exit Explorer, and reboot as normal afterwards.

======
Please download AVG Anti-Spyware from HERE
and save that file to your
desktop.
This is a 30 day trial of the program

Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen
- select the icon "Update"
- then select the "Update now" link.
- Next select the "Start Update" button,
the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then
select ""Quarantine".".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found
"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting
your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or
programs while ewido is scanning, it may interfere with the scanning proccess:
Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all
actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.

Post back a fresh HijackThis log and the results from AVG anti-spyware.

04-26-2007, 07:44 AM	#2 (permalink)
Susan528 Analyst, Security Team Join Date: Nov 2006 Posts: 215 OS: WinXP Pro	Re: Problem access internet/trojan help Hi Maq2000 and welcome to TechSupport! Use Internet Explorer to download ATF-I get an error when I use Firefox. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose:Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE:If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. STEP 1. ====== Stop and Disable Service Go to Start > Run and type in Services.msc then cllick OK Click the Extended tab. Scroll down until you find Boonty Games - BOONTY Click once on the service to highlight it. Click Stop Right-Click on the service. Click on 'Properties' Select the 'General' tab Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box From the drop-down menu, click on ‘Disabled' Click the 'Apply' tab, then click 'OK' The service is now stopped and disabled. Please set your system to show all files; please see here if you're unsure how to do this. =================== Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: O2 - BHO: C:\WINDOWS\System32\ahd838jdgh.dll - {A25849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ahd838jdgh.dll (file missing) O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\system32\svehost.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: C:\WINDOWS\system32\svehost.exe<=file C:\Program Files\Common Files\BOONTY Shared\<=folder Exit Explorer, and reboot as normal afterwards. ====== Please download AVG Anti-Spyware from HERE and save that file to your desktop. This is a 30 day trial of the program Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program. Once the setup is complete you will need run ewido and update the definition files. On the main screen select the icon "Update" then select the "Update now" link. Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select ""Quarantine".". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found " Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess: Lauch ewido-anti-spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Next select the "Reports" icon at the top. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware and reboot your system back into Normal Mode. Post back a fresh HijackThis log and the results from AVG anti-spyware. __________________ Proud member of ASAP since 2005 If you feel we've helped you, Please donate to the forum