Re: Results-report for David

From: Winged (Winged_at_nofollow.com)
Date: 05/27/05


Date: Thu, 26 May 2005 19:49:16 -0500

Ken Ward wrote:
> On Thu, 26 May 2005 00:47:35 +0200, "Joseph Ladovic"
> <zladovic@globalnet.hr> wrote:
>
>
>>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
>>news:Qv%ke.237$Pm3.195@trnddc08...
>>
>>>From: "Joseph Ladovic" <zladovic@globalnet.hr>
>>>
>>>| Hello Dave,
>>>|
>>>| Thank you very much for your advice.
>>>|
>>>| It did not work.
>>>|
>>>| It repeats itself again and again.
>>>|
>>>| As I stated earlier: (title) Please your advice.....
>>>| Some dialers I cleaned all.
>>>| Some dialers stayed in.
>>>|
>>>| I tried to remove some registry entries (my experiment)
>>>| but WindowsXP program stops me.
>>>| (At REGEDIT I found these entries.)
>>>|
>>>| I see: it is connected directly with WindowsXP program.
>>>| How to seperate it? The rest of dialers from WindowsXP program?
>>>| Please, do you know answer?
>>>|
>>>| Best regards.
>>>|
>>>| Joseph
>>>
>>>Here is the web page: http://www.safer-networking.org/en/index.html
>>>
>>>Did you update SpyBot S&D ?
>>>
>>>The DSO Exploit was patched "long ago" by Microsoft and like I said it is
>>
>>a "False Postive"
>>
>>>declaration. Rwead the web site, get all thye updates and don't fudge
>>
>>with the Registry.
>>
>>>
>>>--
>>>Dave
>>>http://www.claymania.com/removal-trojan-adware.html
>>>http://www.ik-cs.com/got-a-virus.htm
>>>
>>>
>>
>>Report:
>>
>>I can not remove next entries.
>>
>>Cookie,Log,MSDirect Draw,MS Media Player,Windows Explorer (green entries)
>>
>>AbetterInternet,HotSearchBar,Rotue,URLSearch Hook. Atlpz (red entries)
>>
>>Thank you.
>>
>>Joseph
>>
>
> Try using BHODemon to check for & remove Browser Helper Objects (BHO).
> www.definitivesolutions.com
> Try using Process Explorer www.sysinternals.com to find out which
> processes are running that use items you cannot remove.
> See if they run in safe mode.
> Chase down dll that contain hostiles & delete - you may have to kill
> some processes to do this. Experiment.
> Sometimes the best way to delete the files is from a MS-DOS window.
> Open the window & navigate to where the file exists - use process
> explorer to kill any process holding the target file open - delete the
> target file in the DOS window - restart the killed process from
> Process Explorer - see if the file comes back - if it does, there is a
> dropper file somewhere that needs to be removed first.

A Better Internet is a serious issue. There is a full blown Trojan on
your system.

Removal procedure is here:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992

Atlpz is a Trojan downloader removal instructions here or second link
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453083588

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088156

Hotsearchbar can be removed with spybot S&D
Open spybot, update then in advanced mode and under tools open BHOs and
remove hotbar bho, Imunize, then complete scan.

URLSearch Hook is part of abetterInternet. I am not sure what rotue is
but I suspect that may be the dialer. To remove this package (spybot or
  Ad-aware won't) Use
http://www.microsoft.com/athome/security/spyware/software/default.mspx

I believe that package will remove the dialer. I suspect you may also
want to run the current version of cwshredder I believe a copy can be
found at www.majorgeeks.com under spyware tools.

That will get what you know about, but I still recommend re-building the
system, that said most folks think I am paranoid.

Winged

Oh one more thing, quit using IE as your default browser. A
betterinternet uses an open exploit in IE that should have been fixed
months ago. This would not have infected firefox.



Relevant Pages

  • Re: Explorer restaring IE6 --> virus?? bug??
    ... entries are empty, so anything else that can find something buried ... specific Explorer and Internet Explorer BHO's, ... the processes listed in Task Manager mapped back to legitimate Windows ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Cant Remove Explorer File Table Entry
    ... When I examine the event viewer log... ... new entries as a result of the delete/rename process. ... >> I have full system administrator privileges and can delete other files ... I think the file does not exist, but explorer is confused. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Explorer Not Responding and F-Secure Logs to Event Viewer
    ... but I just picked these two entries at random. ... I was just illustrating the fact that the symbols vanished when Explorer ... locating what cause the CPU usage spike). ... I've got to the point now where I am fairly satisfied that F-Secure is ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: sorting the Sendto contents
    ... Entries in right-click menu are not sorted according the explorer view ( ... sendto entry. ... > Open up the SEND TO folder and arrange them by name from there using the ...
    (microsoft.public.windowsxp.general)