Re: Adware
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/13/05
- Previous message: neophyte: "Adware"
- In reply to: neophyte: "Adware"
- Next in thread: neophyte: "Re: Adware"
- Reply: neophyte: "Re: Adware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Apr 2005 23:27:17 -0400
From: "neophyte" <neophyte@discussions.microsoft.com>
| I recently went to cable internet from dial up (AOL). I picked up
| Rootsearch.biz, which is hijacking adware. I have used Spy Sweeper and Norton
| Anti virus and it still comes back. How can I get of this Thing. Following is
| where Spy Sweeper says it resides, however it has reset the default home page
| on explorer to Rootsearch.biz, so I know there must be more to this.
|
| Registry: HKEY_CURRENT_USER\software\microsoft\internet
| explorer\main||search bar
| 09:43 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\internet
| explorer\main||search bar
| 09:43 PM: Registry: HKEY_CURRENT_USER\software\microsoft\internet
| explorer\search||searchassistant
| 09:43 PM: Registry: HKEY_CURRENT_USER\software\microsoft\internet
| explorer\search||customizesearch
Dump the contents of the IE Temporary Internet Folder cache (TIF)
start --> settings --> control panel --> internet options --> delete files
1) Download the following three items...
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")
Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt560.zip
Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.
Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL, SYSCLEAN_FE
automates the download and execution process of the Trend Sysclean Package.
http://www.ik-cs.com/got-a-virus.htm
2) Update Ad-aware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
After this, reset your homepage and see if it sticks.
* * * Please report back your results * * *
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Previous message: neophyte: "Adware"
- In reply to: neophyte: "Adware"
- Next in thread: neophyte: "Re: Adware"
- Reply: neophyte: "Re: Adware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
