Re: cOOL
From: paintpearl (paintpearl_at_discussions.microsoft.com)
Date: 12/05/04
- Previous message: Road Runner: "Re: ope5b.exe"
- In reply to: David H. Lipman: "Re: cOOL"
- Next in thread: David H. Lipman: "Re: cOOL"
- Reply: David H. Lipman: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 5 Dec 2004 14:23:01 -0800
Thanks for all your help David.I got 2 questions for you.The first is how do
i create a directory in drice C? I am a dummy when it comes to computer
lingo.The 2nd question is when I try to download the latest Trend Pattern
file it don't do nothing.The file that my sysclean is asking for is the
"LPT.$VPN.*".What to do here?
"David H. Lipman" wrote:
> Please try the following to remove "Trojan IRC", and "SDBot" anmd "Spybot" worms.
> The DSO Exploit that SpyBot S&D detected is a False Positive declaration.
>
>
> 1) Download the following four items...
>
> McAfee Stinger
> http://vil.nai.com/vil/stinger/
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download Sysclean.com and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt281.zip
>
> Extract the contents of the ZIP file and place the contents in the same directory as
> sysclean.com.
>
> 2) Update Adaware with the latest definitions.
> 3) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode
> 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using the three
> utilities; Trend Sysclean, Stinger and Adaware
> 7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) If you are using WinME or WinXP, create a new Restore point
>
>
>
> * * * Please report your results ! * * *
>
> Dave
>
>
>
>
>
>
>
> "paintpearl" <paintpearl@discussions.microsoft.com> wrote in message
> news:05C3CBC7-82F2-4A56-B2C3-712FF31323F7@microsoft.com...
> | Ok guys.I have done the safe mode thing.I ran my Spybot Search and Destroy.It
> | found 3 entries which were DSO Exploit.I did the repair thing on these and it
> | said it repaired the 3 items.Then I ran my CWShredder.It said that the
> | CoolWeb was not found on my system,yet it is there in my programs list in the
> | control panel under add/remove programs.The only thing I did not understand
> | was how to make sure I am showing "all hidden files and extensions" in the
> | folder options.What folder options,and how do I get there.Any more help from
> | you guys?I am really aggravated with this.How do I get rid of the Trojan IRC
> | virus?You guys have been so friendly.Thanks for your patience and help.
> |
> | "Malke" wrote:
> |
> | > paintpearl wrote:
> | >
> | > > Does anyone know how to get rid of this program?It will pop up and my
> | > > Norton 2005 anti-virus will tell me about some viruses.Any help?
> | >
> | > You haven't given us a lot of information to work with, so do these
> | > malware troubleshooting steps. All scans should be done in Safe Mode.
> | > Links follow the steps.
> | >
> | > 1) Scan in Safe Mode with current version (not earlier than 2003)
> | > antivirus using updated definitions.
> | >
> | > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> | > programs are free, so use them both since they complement each other.
> | > There is a new version of CWShredder from Intermute. I would not
> | > install the other Intermute programs, however. Alternately, there are
> | > CoolWebSearch malware removal steps at SilentRunners.
> | >
> | > Be sure to update these programs before running, and it is a good idea
> | > to do virus/spyware scans in Safe Mode. Make sure you are able to see
> | > all hidden files and extensions (View tab in Folder Options).
> | >
> | > HijackThis is an excellent tool to discover and disable hijackers, but
> | > it requires expert skill. See below for HijackThis links. A combination
> | > of HijackThis and About:Buster works well in removing the About:Blank
> | > homepage hijacker. Again, this is an expert tool and novices should get
> | > help with it.
> | >
> | > 3) If you are running Windows ME or XP, you should disable/enable System
> | > Restore because malware will be in the Restore Points. With ME, you
> | > must disable System Restore completely. With XP, you can delete all but
> | > the most recent (presumably clean) System Restore point from the More
> | > Options section of Disk Cleanup (Run>cleanmgr).
> | >
> | > 4) Make sure you've visited Windows Update and applied all security
> | > patches. Do not install driver updates from Windows Update.
> | >
> | > 5) Run a firewall.
> | >
> | > Links to help with malware:
> | >
> | > Software/Methods:
> | > http://www.safer-networking.org - Spybot Search & Destroy
> | > http://www.lavasoftusa.com - Ad-aware
> | > http://www.majorgeeks.com - good download site
> | > http://www.intermute.com/spysubtract/cwshredder_download.html
> | > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> | >
> | > HijackThis:
> | > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> | > Eshelman
> | > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> | > forum
> | > http://www.wilderssecurity.com/
> | > http://forums.tomcoyote.org/
> | > http://www.spywareinfo.com/forums/
> | >
> | > General:
> | > http://forum.aumha.org/ - look under "Security" for various forums
> | > http://rgharper.mvps.org/cleanit.htm
> | > http://mvps.org/winhelp2002/unwanted.htm
> | > http://www.aumha.org/a/parasite.htm - The Parasite Fight
> | > http://www.spywarewarrior.com/rogue_anti-spyware.htm
> | >
> | > Malke
> | > --
> | > MS MVP - Windows Shell/User
> | > Elephant Boy Computers
> | > www.elephantboycomputers.com
> | > "Don't Panic!"
> | >
>
>
>
- Previous message: Road Runner: "Re: ope5b.exe"
- In reply to: David H. Lipman: "Re: cOOL"
- Next in thread: David H. Lipman: "Re: cOOL"
- Reply: David H. Lipman: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
