Re: Deleting Troublesome Adware

From: Chuck (none_at_example.net)
Date: 11/28/04

• Next message: News Reader: "Re: Can't get ThinkPad T42 to connect to Netgear MR314 w/ 128 bit WEP"
• Previous message: Al Dykes: "Re: Hard Drive Destruct System?"
• In reply to: Robert McClenon: "Re: Deleting Troublesome Adware"
• Next in thread: Robert McClenon: "Re: Deleting Troublesome Adware"
• Reply: Robert McClenon: "Re: Deleting Troublesome Adware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 27 Nov 2004 17:59:15 -0600

On Sat, 27 Nov 2004 18:18:05 GMT, Robert McClenon <*email_address_deleted*>
wrote:

>On Sat, 27 Nov 2004 00:30:54 +0200, Lassi Hippeläinen
><lahippel@IEEE.ORGasm-research.invalid> wrote:
>
>>Robert McClenon wrote:
>><...>
>>> Does anyone have any further advice on deleting
>>> 2_0_1browserhelper2.dll?
>>>
>>> - - Bob McClenon
>>
>>http://www.spywareguide.com/product_show.php?id=724
>>
>>First Google hit for "2_0_1browserhelper2.dll"...
>>
>>-- Lassi
>
>Thank you. I tried it, but I didn't find any of the registry entries.
>
> - - Bob McClenon

Bob,

For spyware, running the Windows Uninstaller, and manually deleting registry
entries, is a waste of time. HijackThis, and expert advice, is essential.

Start by downloading each of the following free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
TrendMicro Engine <http://www.trendmicro.com/download/dcs.asp>
TrendMicro Signatures <http://www.trendmicro.com/download/pattern.asp>
TrendMicro Instructions <http://www.trendmicro.com/ftp/products/tsc/readme.txt>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the two TrendMicro files,
such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.

Next, disable System Restore.
<http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
computer, and re enable System Restore.

Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<http://forums.spywareinfo.com/index.php?showtopic=11150>), then
scan. When scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://forums.spywareinfo.com/index.php?showtopic=11150>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

-- 
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

---

• Next message: News Reader: "Re: Can't get ThinkPad T42 to connect to Netgear MR314 w/ 128 bit WEP"
• Previous message: Al Dykes: "Re: Hard Drive Destruct System?"
• In reply to: Robert McClenon: "Re: Deleting Troublesome Adware"
• Next in thread: Robert McClenon: "Re: Deleting Troublesome Adware"
• Reply: Robert McClenon: "Re: Deleting Troublesome Adware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Machine ceases responding ... TrendMicro Signatures ... downloaded file there. ... AdAware, CWShredder, and Spybot S&D have install routines - run them. ... Spyware Warrior: ... (microsoft.public.windowsxp.network_web) Re: ICS setup problem ... crapware, spyware. ... TrendMicro Signatures ... AdAware, CWShredder, and Spybot S&D have install routines - run them. ... First update it, ... (microsoft.public.windowsxp.network_web) Re: eblaster intrusion ... >normal user, but he is suspicious that a business rival may have ... AdAware and Spybot S&D have install routines - run them. ... First update it, ... Spyware Warrior: ... (alt.computer.security) Re: Web pages not loading on XP - a virus ? ... Create a separate folder for HijackThis, such as C:\HijackThis - copy the ... Spybot S&D has an install routine - run it. ... First update it, ... Spyware Warrior: ... (microsoft.public.windowsxp.network_web) Re: Anybody know what iisvss.exe is? ... >and every so often I get popup windows for viagra and hot ... Spybot S&D has an install routine - run it. ... First update it, ... Spyware Warrior: ... (microsoft.public.security.virus)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)