DEXTER'S BLOG'S
PROJECT 1 :
This is a spyware, that is present in the computer. You can remove it, using this steps:
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.
[Remember to reverse this and re-hide these files & folders when your computer is fixed]
--------------------------
Download CleanUp! here….. http://www.cleanup.stevengould.org/ .......
*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.
--------------------------
Reboot your system in Safe Mode by repeatedly tapping the F8 key until the menu appears (or the F5 key if F8 doesn't get to the safe menu).
--------------------------
Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (You must kill them one at a time):
C:\dfndrdd_6.exe
C:\nwnmdd_6.exe
C:\kybrddd_6.exe
C:\WINNT\msdds.exe
--------------------------
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs
IF FOUND:
Support.com
[NB >> Comcast (the cable folks who are replacing @home in some parts of the USA) have struck a deal with Tioga to provide an "enhanced" support and self-repairing tool. This is "beta" at present and was made available to download by mistake at present. Remove.]
--------------------------
Open HijackThis and click on Scan. Check the following entries IF present (make sure you do not miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [defender] C:\\dfndrdd_6.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmdd_6.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrddd_6.exe
O9 - Extra button: Help - {45543056-5B65-47B5-AC8B-26513ACCAE8A} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {BB024CF6-667D-49E8-899C-EAD756B24A2A} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {F19458E2-29DA-4356-9903-125538C6C21D} - http://www.comcastsupport.com (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.ne
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - ms-its:mhtml:file://C:\ss.MHT!http://toolbar.isearch.com/install/00003/chm.chm::/files/initial.ca
Please remember to close all other windows, including browsers, before clicking “Fix checked”.
--------------------------
Delete the following Files and Folders indicated in bold IF they still exist:
C:\Program Files\Support.com
C:\\dfndrdd_6.exe
C:\\nwnmdd_6.exe
C:\\kybrddd_6.exe
If you get an error when deleting a file right click on the file and click once on properties.
Then check to see if the Read Only attribute is checked/ticked. If it is uncheck/untick it and try deleting the file again.
--------------------------
Reboot to normal mode.
--------------------------
Go here .....
www.bullguard.com/forum/12/Before-posting-a-log_24992.html
To remove spyware and to get latest updates on them:
http://www.remove-spyware.com/solutions.htm
Work through all the steps carefully repeating previous scans etc. if necessary.
This will fix this issue.
Ganesh.KB
No comments:
Post a Comment