Re: Results-report for David
From: Winged (Winged_at_nofollow.com)
Date: Thu, 26 May 2005 19:49:16 -0500
Ken Ward wrote:
> On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
> <firstname.lastname@example.org> wrote:
>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>>From: "Joseph Ladovic" <email@example.com>
>>>| Hello Dave,
>>>| Thank you very much for your advice.
>>>| It did not work.
>>>| It repeats itself again and again.
>>>| As I stated earlier: (title) Please your advice.....
>>>| Some dialers I cleaned all.
>>>| Some dialers stayed in.
>>>| I tried to remove some registry entries (my experiment)
>>>| but WindowsXP program stops me.
>>>| (At REGEDIT I found these entries.)
>>>| I see: it is connected directly with WindowsXP program.
>>>| How to seperate it? The rest of dialers from WindowsXP program?
>>>| Please, do you know answer?
>>>| Best regards.
>>>Here is the web page: http://www.safer-networking.org/en/index.html
>>>Did you update SpyBot S&D ?
>>>The DSO Exploit was patched "long ago" by Microsoft and like I said it is
>>a "False Postive"
>>>declaration. Rwead the web site, get all thye updates and don't fudge
>>with the Registry.
>>I can not remove next entries.
>>Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)
>>AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
> Try using BHODemon to check for & remove Browser Helper Objects (BHO).
> Try using Process Explorer www.sysinternals.com to find out which
> processes are running that use items you cannot remove.
> See if they run in safe mode.
> Chase down dll that contain hostiles & delete - you may have to kill
> some processes to do this. Experiment.
> Sometimes the best way to delete the files is from a MS-DOS window.
> Open the window & navigate to where the file exists - use process
> explorer to kill any process holding the target file open - delete the
> target file in the DOS window - restart the killed process from
> Process Explorer - see if the file comes back - if it does, there is a
> dropper file somewhere that needs to be removed first.
A Better Internet is a serious issue. There is a full blown Trojan on
Removal procedure is here:
Atlpz is a Trojan downloader removal instructions here or second link
Hotsearchbar can be removed with spybot S&D
Open spybot, update then in advanced mode and under tools open BHOs and
remove hotbar bho, Imunize, then complete scan.
URLSearch Hook is part of abetterInternet. I am not sure what rotue is
but I suspect that may be the dialer. To remove this package (spybot or
Ad-aware won't) Use
I believe that package will remove the dialer. I suspect you may also
want to run the current version of cwshredder I believe a copy can be
found at www.majorgeeks.com under spyware tools.
That will get what you know about, but I still recommend re-building the
system, that said most folks think I am paranoid.
Oh one more thing, quit using IE as your default browser. A
betterinternet uses an open exploit in IE that should have been fixed
months ago. This would not have infected firefox.