Re: 4w9o31p05b.exe

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/30/05

Next message: Dido: "Re: http://61.131.54.618.cc/search.php?.....what's that?"

Previous message: DP: "Re: Removing Spyware: Update #2"
In reply to: Gavin: "4w9o31p05b.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 30 Jan 2005 11:20:33 -0500

It most definitely malware !

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt381.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
        Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
"Gavin" <gavin_masonNOSPAM@hotmail.com> wrote in message
news:%232qkeqtBFHA.2608@TK2MSFTNGP10.phx.gbl...
| I have this process 4w9o31p05b.exe running on a win 98 machine.  The process
| is listed as 1nhuhpts0w7 in msconfig.
|
| Any ideas as to what it is?  I have entered both these details into google
| and webferet to no avail.
|
| Regards.
| Gavin
|
|

Next message: Dido: "Re: http://61.131.54.618.cc/search.php?.....what's that?"

Previous message: DP: "Re: Removing Spyware: Update #2"
In reply to: Gavin: "4w9o31p05b.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: heretofind problem
... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.scripting.virus.discussion)
Re: Need help IE uncrontrollable website access
... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
(microsoft.public.security.virus)
Re: What does WINDOWS/SYSTEM/NETPE32.DLL do?
... Definitely malware! ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... I have Norton anti virus and also Internet ...
(microsoft.public.windowsxp.general)
Re: unable to open taskmanager and regedit
... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... | Regedit works OK in safe-mode - taskmanager dosn't. ...
(microsoft.public.windowsxp.security_admin)
Re: DSL Fast but messed up my XP settings- Adware?Spyware?
... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ... Reboot your PC into Safe Mode ...
(microsoft.public.windowsxp.security_admin)