Annoyances.org
Home » Windows 98 Discussion Forum » Message 1094881772 Search | Help | Home
  
Tip: Run a free scan for common Windows errors ad

re: spyware
Friday, September 10, 2004 at 10:49 pm
Windows 98 Annoyances Discussion Forum
Posted by Ms. Eagle (33640 messages posted) 





Melissa, it wasn't that long, before you got back to us. It takes time to do those 
things, too. Just wanted to be sure you were still with us. 

The log shows up properly formatted in the reply window. I must need to redo my instructions, 
because a lot of people miss this: Before posting your message, choose this posting 
Option below, so your message will be properly formatted: Check this box to preserve 
your spacing, etc.... You need to tick where it says that before you post. You'll 
see that below the posting window. 

The log sure looks better than it did. There are still hijacking entries to clear, 
a strange executable, and that TV Media program. It may take another step to get 
rid of that one. Go into in Add/Remove programs, scroll down and highlight TV 
Media - choose remove. Look for a Backweb entry and remove any/all that 
are listed. It's considered spyware and is installed with a lot of applications. 
Uninstall "Windows Update Critical Update Notification" in Add/Remove. Check for 
updates manually every few months or so, for IE security updates mainly.

You need to create a special folder for HJT, because it creates backups of everything 
fix. They auto save in the same folder. Ex: C\HJT\HIJACKTHIS.EXE. Close all open 
windows. Run HJT and select these entries. Fix checked. Reboot into Safe Mode to 
delete the files and folders, indicated below.

C:\WINDOWS\SYSTEM\GIP49XK.EXE
C:\WINDOWS\SYSTEM\TEQXGRB.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\TV MEDIA\TVMBHO.DLL
O2 - BHO: (no name) - {58359010-BF36-11D3-99A2-0050DA2EE1BE} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [49J#8D#2G2MPRR] C:\WINDOWS\SYSTEM\Xzm0J.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop 
Messenger\8876480\Program\LDMConf.exe
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\SYSTEM\MSSARU.DLL

(In Safe mode) Make sure "show hidden files" is selected in Folder Options. If unsure, 
check: 
How to Show System Files 

Delete TV Media folder in: C:\TV MEDIA\ 

Note: Careful in the system folder and delete only these two files, if found:

C:\WINDOWS\SYSTEM\Xzm0J.exe<<-delete .exe file
C:\WINDOWS\SYSTEM\MSSARU.DLL<<- delete .DLL file

Before rebooting, clear out all those temp folders again. Then reboot into normal 
mode, run HJT again and post the New log. Any questions or problems with any of the 
instructions, let me know.



Written in response to:
re: spyware (melissa: Friday, September 10, 2004 at 5:32 pm)

There are presently no replies to this message.

All messages in this thread [show all]
-spyware (melissa: Mon, Sep 6, 2004, 6:37 am)
*re: spyware (Helen~: Mon, Sep 6, 2004, 7:25 am)
-re: spyware (James: Mon, Sep 6, 2004, 8:17 am)
-re: spyware (melissa: Mon, Sep 6, 2004, 9:14 am)
*re: spyware (Ms. Eagle: Mon, Sep 6, 2004, 12:33 pm)
*Addendum (Ms. Eagle: Mon, Sep 6, 2004, 1:24 pm)
-re: spyware (Ms. Eagle: Wed, Sep 8, 2004, 12:38 pm)
-re: spyware (melissa: Fri, Sep 10, 2004, 5:32 pm)
*re: spyware (Ms. Eagle: Fri, Sep 10, 2004, 10:49 pm)
-re: spyware (Ms. Eagle: Mon, Sep 6, 2004, 12:26 pm)
-re: spyware (James: Mon, Sep 6, 2004, 3:54 pm)
-re: spyware (Ms. Eagle: Mon, Sep 6, 2004, 5:05 pm)
-re: spyware (James: Mon, Sep 6, 2004, 5:42 pm)
*re: spyware (Ms. Eagle: Mon, Sep 6, 2004, 6:37 pm)
*re: spyware (Cyber Cowboy 009: Tue, Sep 7, 2004, 8:27 am)
*re: spyware (James: Tue, Sep 7, 2004, 8:58 am)
Return to the Windows 98 Discussion Forum


All content at Annoyances.org is Copyright ©1995-2012 Creative Elementtm All rights reserved.
Please do not plagiarize; redistributing these pages without permission is strictly prohibited.