Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).
Step #1
Download
Cwshredder.exe and save it to a folder of its own. Start the program and click on the
Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).
Download
CCleaner and install it but do not run it yet.
- Please open My Computer
- Double-click on Local Disk (C
- Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.
- Unzip to or copy and paste HijackThis.exe to the new folder (do not run HijackThis directly out of the sfx or compressed file).
Step #2
Restart in Safe Mode- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
- Use the arrow keys to select the Safe Mode menu item.
- Press the Enter key.
Step #3- Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\czlue.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\czlue.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\czlue.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\czlue.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\czlue.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\czlue.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A63C74F8-0DBF-3CFE-27F1-83B90588A4CF} - C:\WINDOWS\appbo32.dll
O2 - BHO: Class - {EBB58D88-B4D1-648E-CB8F-D10EF01B83E5} - C:\WINDOWS\system32\addku.dll
O2 - BHO: Class - {F3DEB5FA-0E08-9347-26D3-A5F3D9AB08A4} - C:\WINDOWS\system32\netqx32.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/106e81e...ip/RdxIE601.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlvz.exe
Now
close ALL open windows except HijackThis and click the
Fix Checked button to finish the repair.
Step #4
We need to make sure all hidden files are showing so please:- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide file extensions for known types option.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINDOWS\system32\mfcoy.exe
C:\WINDOWS\czlue.dll
C:\WINDOWS\appbo32.dll
C:\WINDOWS\system32\addku.dll
C:\WINDOWS\system32\netqx32.dll
C:\WINDOWS\atlvz.exe
Step #5
Start CCleaner and click on the
Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.
Step #6
Run CWShredder- Double-click on CWShredder.exe.
- Click "Fix ->" and click "OK" at the prompt.
- CWShredder will scan and clean your system of CWS files.
- Click "Next->" and then "Exit".
Step #7
Reboot normally and run
at least 2 of the following on-line virus scans:
Make sure that you choose "fix" or "clean" or "autoclean".
Step #8
AdAware SE v1.06
Download, install, update, configure and run a scan with Ad-aware SE:- Download and Install AdAware SE Personal v1.06, keeping the default options. However, some of the settings will need to be changed before your first scan.
- Close ALL windows except Ad-Aware SE.
- Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
- Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
- In the ‘General’ window make sure the following are selected in green:
- Under Safety:
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
- Under Definitions:
- Prompt to update outdated definitions - set the number of days
- Click on the ‘Scanning’ button on the left and select in green:
- Under Driver, Folders & Files:
- Under Select drives & folders to scan:
- Under Memory & Registry: all green
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URL’s
- Scan my Hosts file
- Click on the ‘Advanced’ button on the left and select in green:
- Under Shell Integration:
- Move deleted files to recycle bin
- Under Logfile Detail Level: all green
- include addtional object information
- DESELECT - include negligible objects information
- include environment information
- Under Alternate Data Streams:
- Don't log streams smaller than 0 bytes
- Don't log ADS with the following names: CA_INOCULATEIT
- Click the ‘Tweak’ button and select in green:
- Under ‘Scanning Engine’:
- Unload recognized processes during scanning
- Scan registry for all users instead of current user only
- Under ‘Cleaning Engine’:
- Let Windows remove files in use at next reboot
- Under Log Files:
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Please do not check: Include Module list in logfile
- Click on ‘Proceed’ to save the settings.
- Click ‘Start’
- Choose 'Perform Full System Scan'
- DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
- Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
- If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
- Right-click on the list and choose Select All
- Click the Next button to finish removing the items that were found
- When finished, REBOOT to complete the removal of what Ad-Aware SE found
Step #9
OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the
Add Reply button to post your new Hijackthis log , and klet me know how it went and how your computer is running
Lobos
06-18-2005, 06:14 PM
Linear Mode
