Re: Results-report for David
From: Winged (Winged_at_nofollow.com)
Date: 05/27/05
- Next message: Dave Baker: "Re: Unknown progran "XXX YYY ZZZ""
- Previous message: Michael Pelletier: "Europe going open source?"
- In reply to: Ken Ward: "Re: Results-report for David"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 19:49:16 -0500
Ken Ward wrote:
> On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
> <zladovic@globalnet.hr> wrote:
>
>
>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>news:Qv%ke.237$Pm3.195@trnddc08...
>>
>>>From: "Joseph Ladovic" <zladovic@globalnet.hr>
>>>
>>>| Hello Dave,
>>>|
>>>| Thank you very much for your advice.
>>>|
>>>| It did not work.
>>>|
>>>| It repeats itself again and again.
>>>|
>>>| As I stated earlier: (title) Please your advice.....
>>>| Some dialers I cleaned all.
>>>| Some dialers stayed in.
>>>|
>>>| I tried to remove some registry entries (my experiment)
>>>| but WindowsXP program stops me.
>>>| (At REGEDIT I found these entries.)
>>>|
>>>| I see: it is connected directly with WindowsXP program.
>>>| How to seperate it? The rest of dialers from WindowsXP program?
>>>| Please, do you know answer?
>>>|
>>>| Best regards.
>>>|
>>>| Joseph
>>>
>>>Here is the web page: http://www.safer-networking.org/en/index.html
>>>
>>>Did you update SpyBot S&D ?
>>>
>>>The DSO Exploit was patched "long ago" by Microsoft and like I said it is
>>
>>a "False Postive"
>>
>>>declaration. Rwead the web site, get all thye updates and don't fudge
>>
>>with the Registry.
>>
>>>
>>>--
>>>Dave
>>>http://www.claymania.com/removal-trojan-adware.html
>>>http://www.ik-cs.com/got-a-virus.htm
>>>
>>>
>>
>>Report:
>>
>>I can not remove next entries.
>>
>>Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)
>>
>>AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
>>
>>Thank you.
>>
>>Joseph
>>
>
> Try using BHODemon to check for & remove Browser Helper Objects (BHO).
> www.definitivesolutions.com
> Try using Process Explorer www.sysinternals.com to find out which
> processes are running that use items you cannot remove.
> See if they run in safe mode.
> Chase down dll that contain hostiles & delete - you may have to kill
> some processes to do this. Experiment.
> Sometimes the best way to delete the files is from a MS-DOS window.
> Open the window & navigate to where the file exists - use process
> explorer to kill any process holding the target file open - delete the
> target file in the DOS window - restart the killed process from
> Process Explorer - see if the file comes back - if it does, there is a
> dropper file somewhere that needs to be removed first.
A Better Internet is a serious issue. There is a full blown Trojan on
your system.
Removal procedure is here:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992
Atlpz is a Trojan downloader removal instructions here or second link
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083588
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088156
Hotsearchbar can be removed with spybot S&D
Open spybot, update then in advanced mode and under tools open BHOs and
remove hotbar bho, Imunize, then complete scan.
URLSearch Hook is part of abetterInternet. I am not sure what rotue is
but I suspect that may be the dialer. To remove this package (spybot or
Ad-aware won't) Use
http://www.microsoft.com/athome/security/spyware/software/default.mspx
I believe that package will remove the dialer. I suspect you may also
want to run the current version of cwshredder I believe a copy can be
found at www.majorgeeks.com under spyware tools.
That will get what you know about, but I still recommend re-building the
system, that said most folks think I am paranoid.
Winged
Oh one more thing, quit using IE as your default browser. A
betterinternet uses an open exploit in IE that should have been fixed
months ago. This would not have infected firefox.
- Next message: Dave Baker: "Re: Unknown progran "XXX YYY ZZZ""
- Previous message: Michael Pelletier: "Europe going open source?"
- In reply to: Ken Ward: "Re: Results-report for David"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
