Tech Support Forum - View Single Post

**TheBruce1** · 04-26-2007, 09:06 AM

Hello again

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

--------------------------------------------------------------------------------------------
Did you also perform this step?

Copy the line below then click Start>Run>then Paste into box.

regsvr32 occache.dll

You should receive a message DllRegisterServer in occache.dll succeeded click ok.

If not, please do so now.(not to worry if you do not get the message as long as you have done the above)
---------------------------------------------------------------------------------------------
Download

Download AVG Anti-Spyware from HERE

Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet,we will shortly

----------------------------------------------------------------------------------------------
Boot into safe mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------------------------------
Safe Mode Fixes & Scans

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player(optional)

See Here why.

----------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Windows\b122.exe

----------------------------------------------------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot in Normal Mode.

-----------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report in your next reply.

--------------------------------------------------------------------------------------------------

Please run Deckard System Scanner again.

-------------------------------------------------------------------------------------------------
Logs Required
Avg scan report
Panda scan report
C:\Deckard\System Scanner\main.txt

Can you supply us with a screenshot of the pop ups your still having,if you do not know how to do this see Here then upload to imageshack or photobucket,copy/paste the image into you next reply,thanks.

04-26-2007, 09:06 AM	#6 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Hello again Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. -------------------------------------------------------------------------------------------- Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding. -------------------------------------------------------------------------------------------- Did you also perform this step? Copy the line below then click Start>Run>then Paste into box. regsvr32 occache.dll You should receive a message DllRegisterServer in occache.dll succeeded click ok. If not, please do so now.(not to worry if you do not get the message as long as you have done the above) --------------------------------------------------------------------------------------------- Download Download AVG Anti-Spyware from HERE Install AVG Anti-Spyware Double-click the icon on Desktop to launch AVG Anti-Spyware You will need to update AVG Anti-Spyware to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet,we will shortly ---------------------------------------------------------------------------------------------- Boot into safe mode Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. -------------------------------------------------------------------------------------------- Safe Mode Fixes & Scans Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Media Player(optional) See Here why. ---------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing) O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing) *Please remember to close all other windows, including browsers then click Fix checked.* -------------------------------------------------------------------------------------------- Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Windows\b122.exe ---------------------------------------------------------------------------------------------- Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware and Reboot in Normal Mode. ----------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report in your next reply. -------------------------------------------------------------------------------------------------- Please run Deckard System Scanner again. ------------------------------------------------------------------------------------------------- Logs Required Avg scan report Panda scan report C:\Deckard\System Scanner\main.txt Can you supply us with a screenshot of the pop ups your still having,if you do not know how to do this see Here then upload to imageshack or photobucket,copy/paste the image into you next reply,thanks. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by TheBruce1; 04-26-2007 at 09:07 AM.