Wednesday, December 13, 2006

Latest SPYWARE : Project1



This is a spyware, that is present in the computer. You can remove it, using this steps:

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

[Remember to reverse this and re-hide these files & folders when your computer is fixed]


Download CleanUp! here….. .......

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.


Reboot your system in Safe Mode by repeatedly tapping the F8 key until the menu appears (or the F5 key if F8 doesn't get to the safe menu).


Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time):






Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs

[NB >> Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove.]


Open HijackThis and click on Scan. Check the following entries IF present (make sure you do not miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [defender] C:\\dfndrdd_6.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmdd_6.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrddd_6.exe
O9 - Extra button: Help - {45543056-5B65-47B5-AC8B-26513ACCAE8A} - (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {BB024CF6-667D-49E8-899C-EAD756B24A2A} - (file missing) (HKCU)
O9 - Extra button: Support - {F19458E2-29DA-4356-9903-125538C6C21D} - (file missing) (HKCU)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!

Please remember to close all other windows, including browsers, before clicking “Fix checked”.


Delete the following Files and Folders indicated in bold IF they still exist:

C:\Program Files\

If you get an error when deleting a file right click on the file and click once on properties.

Then check to see if the Read Only attribute is checked/ticked. If it is uncheck/untick it and try deleting the file again.


Reboot to normal mode.


Go here .....

To remove spyware and to get latest updates on them:

Work through all the steps carefully repeating previous scans etc. if necessary.
This will fix this issue.


No comments: