Tech Support Forum - View Single Post - w32.spybot.worm- I can't get rid of it.

**src2206** · 04-29-2007, 10:02 PM

Hello and welcome to TSF

.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

_________________________________________________________________

Unfortunately we are quite limited in terms of our resources while disinfecting and cleaning Vista PC. As the OS is too new, most of the weapons in our arsenal are not compatible with Vista. Still I suggest that you follow the next steps to clean the main infection you have on board.

________________________________________________________________

P2P

I see you have P2P softwares your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine (µTorrent and Azureus) installed on will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

_________________________________________________________________

Disable Security Softwares

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

__________________________________________________________________

Show Hidden Files and Folders

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

___________________________________________________________________

Fix

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

__________________________________________________________________

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKCU\..\RunOnce: [Winsock2 driver] TFPL.EXE

Please remember to close all other windows, including browsers then click Fix checked.

__________________________________________________________________

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Windows\system32\llvk.exe
C:\Windows\system32\tfpl.exe

_________________________________________________________________

Reboot your system in Normal Mode.

__________________________________________________________________

Deckard System Scanner

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy and paste the contents of main.txt in your thread in the HijackThis Log Help forum.

_________________________________________________________________

Please provide the following logs with your next post:

C:\SDFix\Report.txt
Panda Scan
Latest DSS Scan Report

Please let me know about your systems overall behaviour and whether the internet connection has improved.

.

04-29-2007, 10:02 PM	#3 (permalink)
src2206 TSF Enthusiast Join Date: Apr 2006 Location: Kolkata, India Posts: 2,068 OS: WinXP Pro SP3 My System	Re: w32.spybot.worm- I can't get rid of it. Hello and welcome to TSF . You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------------------------------------------------------------------------------------ Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. _________________________________________________________________ Unfortunately we are quite limited in terms of our resources while disinfecting and cleaning Vista PC. As the OS is too new, most of the weapons in our arsenal are not compatible with Vista. Still I suggest that you follow the next steps to clean the main infection you have on board. ________________________________________________________________ *P2P* I see you have P2P softwares your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine (µTorrent and Azureus) installed on will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. _________________________________________________________________ *Disable Security Softwares* Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. Open Windows Defender. Click on Tools, General Settings. Scroll down and uncheck Turn on real-time protection (recommended). After you uncheck this, click on the Save button and close Windows Defender. __________________________________________________________________ *Show Hidden Files and Folders* Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK. ___________________________________________________________________ *Fix* Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. __________________________________________________________________ Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKCU\..\RunOnce: [Winsock2 driver] TFPL.EXE *Please remember to close all other windows, including browsers then click Fix checked.* __________________________________________________________________ Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Windows\system32\llvk.exe C:\Windows\system32\tfpl.exe _________________________________________________________________ Reboot your system in Normal Mode. __________________________________________________________________ *Deckard System Scanner* Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy and paste the contents of main.txt in your thread in the HijackThis Log Help forum. _________________________________________________________________ Please provide the following logs with your next post: C:\SDFix\Report.txt Panda Scan Latest DSS Scan Report Please let me know about your systems overall behaviour and whether the internet connection has improved. . __________________ Registered Linux user #426065