Re: Getting rid of residual adware/spyware elements
From: Mike Burgess (winhelp2002_at_spamthis.com)
Date: 02/10/04
- Next message: half_pint: "Answers fur CLaudia and Sarah on Antivirus"
- Previous message: Daeron: "latest Microsoft Windows Security Flaws"
- In reply to: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Next in thread: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Reply: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 10 Feb 2004 17:21:44 -0500
Jeff,
These things can be stubborn ... huh?
http://forums.spywareinfo.com/index.php?showtopic=31596&hl
Looks like you're in good hands at SWI .......
--
Yes I would delete the existing files re: "Troj_Iefeats.A"
I'm surprised that SpyBot didn't clean things up a bit better?
Is SpyBot's definitions up to date?
--
If you're still having trouble with: (see attached)
{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
Add the following Registry entry to prevent that CLSID from registering
again:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}]
"Compatibility Flags"=dword:00000400
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-07-04]
Please post replies to this Newsgroup, email address is invalid
--
"Jeff Conrad" <jeffc@ernstbrothers.com> wrote in message
news:e%23MlEYA8DHA.488@TK2MSFTNGP12.phx.gbl...
> Hi Mike,
>
> Making progress now I think.
> Thanks for the links and looking at the log file.
> I have some time to work on their machine today.
>
> I did as you and the other person in the spyware forum requested.
> The NewtonKnows thing now seems to have gone away.
> The ONLY thing Spybot detects is the Class ID for Look2Me:
>
> HKEY_Classes_Root\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
>
> This key also remains, but is not detected by Spybot:
>
>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellExtensions
> {same number}
>
> If I delete them they still come back.
>
> I printed out the link on Troj_Iefeats.A you provided.
> I verified that the following elements are still present:
>
> Dict.Dat
> Keywords.Dat
> Msiesh.dll (2 of these)
> Submit2.exe
>
> Uninstall.exe
> Uninstall.ini
>
> These files are located in the directories specified in the article.
> There is no Submithook.dll
>
> I did not check all the registry entries.
> What should I do at this point?
> Do I manually go delete all the registry entries listed in the article?
> Do I run the uninstall.exe in that folder?
> Will they return after a reboot?
>
> I also replaced their Hosts file with mine so that's taken care of.
>
> There is one other thing I'm wondering about.
> There is a file called:
> Update_Hosts.dll in the Windows\System directory
> Is this something good or bad?
> I do not have this file on my 98 machine.
> It is 49K with a date of 11/12/2003 8:49 AM.
> Going to the version tab says:
> File Version 5,0,0,2
> Company Name: iGetNet, LLC.
>
> Seems rather odd to me.
>
> I will post an updated HijackLog in the forum if you would like to take a
> look.
>
> Thanks again for your help, you're most generous.
> Jeff
<snip>
begin 666 KillLook2Me.reg
M4D5'141)5#0-"@T*6TA+15E?3$]#04Q?34%#2$E.15Q33T945T%215Q-:6-R
M;W-O9G1<26YT97)N970@17AP;&]R97)<06-T:79E6"!#;VUP871I8FEL:71Y
M7'M$1$9&03<U02U%.#%$+30T-30M.#E&0RU".49$,#8S,44W,C9]70T*(D-O
E;7!A=&EB:6QI='D@1FQA9W,B/61W;W)D.C P,# P-# P#0H-"@``
`
end
- Next message: half_pint: "Answers fur CLaudia and Sarah on Antivirus"
- Previous message: Daeron: "latest Microsoft Windows Security Flaws"
- In reply to: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Next in thread: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Reply: Jeff Conrad: "Re: Getting rid of residual adware/spyware elements"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
