Tech Support Forum - View Single Post

forhockey · 07-06-2007, 06:39 PM

Hi mjman,

There isn't much left showing in your logs, but we can take a closer look.

---------------------------------------------------------------------------------------------

Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below.
Make sure to work through all the Steps in the exact order in which they are listed below.
If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

P2P Software

P2P - I see you have P2P software Azureus installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

---------------------------------------------------------------------------------------------

The following are optional removals, but I recommend you remove them

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
WildTangent
GemMaster

---------------------------------------------------------------------------------------------

Enter Safe Mode

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8
Instead of Windows loading as normal, a menu should appear
Use the up arrow key to highlight Safe Mode and press Enter.
Login with your usual account
Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

Fix all of those Logitech O18 entries except the very first, and the last one listed.

Please remember to close all other windows, including browsers then click Fix checked.

---------------------------------------------------------------------------------------------

Delete the following File indicated in RED if it still exists.

C:\Documents and Settings\Mike\Application Data\ezpinst.exe

The following folders in BLUE are optional to delete. If you have choosen to uninstall them previously in my instructions, then go ahead and delete them.

C:\Program Files\WildTangent
C:\Program Files\GemMaster

---------------------------------------------------------------------------------------------

Look inside the following folder in BLUE and tell me what files you see?

C:\e469f47be8f80a2705f0795f0e

---------------------------------------------------------------------------------------------

Restart your computer in Normal Mode

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

How is your system behaving now?

07-06-2007, 06:39 PM	#5 (permalink)
forhockey Analyst, Security Team Join Date: Sep 2006 Location: Ontario, Canada Posts: 2,948 OS: Windows 7 Ultimate	Re: Homepage in MSN lost to spyware!?! Hi mjman, There isn't much left showing in your logs, but we can take a closer look. --------------------------------------------------------------------------------------------- Please save these instructions to Notepad as the internet will not be available to you at certain points of the removal process. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. --------------------------------------------------------------------------------------------- P2P Software P2P - I see you have P2P software Azureus installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. --------------------------------------------------------------------------------------------- The following are optional removals, but I recommend you remove them Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): WildTangent GemMaster --------------------------------------------------------------------------------------------- Enter Safe Mode Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8 Instead of Windows loading as normal, a menu should appear Use the up arrow key to highlight Safe Mode and press Enter. Login with your usual account Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment Note: Some systems, this may be the F5 key, so try that if F8 doesn't work. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) Fix all of those Logitech O18 entries except the very first, and the last one listed. *Please remember to close all other windows, including browsers then click Fix checked.* --------------------------------------------------------------------------------------------- Delete the following File indicated in RED if it still exists. C:\Documents and Settings\Mike\Application Data\ezpinst.exe The following folders in BLUE are optional to delete. If you have choosen to uninstall them previously in my instructions, then go ahead and delete them. C:\Program Files\WildTangent C:\Program Files\GemMaster --------------------------------------------------------------------------------------------- Look inside the following folder in BLUE and tell me what files you see? C:\e469f47be8f80a2705f0795f0e --------------------------------------------------------------------------------------------- Restart your computer in Normal Mode --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- How is your system behaving now? __________________ Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 07-06-2007 at 06:42 PM.