Hijack Log Full page pop up ads
#61
Posted 29 January 2006 - 11:16 AM
Register to Remove
#62
Posted 30 January 2006 - 08:08 AM
I should be able to turn around replies in approximately one day going forward. Thanswk again for your patience.
We made progress this last run...eliminating one of the troublesome files, and deleting the infected email (which was probably the source of the 'look2me' infection).
We'll whack at the remainders again with Killbox, but use slightly different options.
Save these instructions to a text file (Notepad) on your desktop so you can find them in safe mode.
First...reboot into safe mode and...
Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these four boxes and then press ok to remove: Downloaded Program Files, Temporary Files, Temporary Internet Files, Recycle Bin.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and when the scan is finished, choose Edit > select all -> File > delete.
Please let me know about any problems with the temp file deletes.
Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Rinse, lather, repeat until folder is empty
Then...while still in safe mode...
1) Please run Killbox.
2) Select "Delete on Reboot" and "Replace on Reboot" and check the "Use Dummy box".
3) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
c:\WINDOWS\SYSTEM\UpdInstall.exe.tcf
c:\WINDOWS\Desktop\gettbar.exe
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE/WISE0077.BIN
c:\WINDOWS\Downloaded Program Files\CONFLICT.1\Toolbar_cobrand.EXE
c:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf
c:\WINDOWS\Downloaded Program Files\UWFX5_0001_N53L1025NetInstaller.exe
4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..
Let the system reboot
And finally ... rerun the Kaspersky scan and send the results.
Thanks
daveai
#63
Posted 30 January 2006 - 05:28 PM
#64
Posted 10 February 2006 - 09:01 AM
#65
Posted 12 February 2006 - 02:48 PM
We recieved a suggestion from another member today (Erik-Dardan Ymeraga), that suggests you may be infected by the Klez virus, which is indicated by the presence of WINK.EXE on your system.
There is a removal tool for this pest, and instructions for downloading and running it at:
http://securityrespo...moval.tool.html
After trying this tool, please report back wthyour results.
Thanks
daveai
#66
Posted 26 February 2006 - 03:31 AM
#67
Posted 27 February 2006 - 12:11 AM
Edited by Flute, 27 February 2006 - 12:15 AM.
#68
Posted 27 February 2006 - 01:20 AM
#69
Posted 27 February 2006 - 01:42 AM
3 user(s) are reading this topic
0 members, 3 guests, 0 anonymous users