re: allaboutseaching Thursday, May 13, 2004 at 3:23 pm Windows XP Annoyances Discussion Forum Posted by Falcon (13489 messages posted) Some good news, the christmas.exe virus is gone, and so is Incredifind! Still stuff that got reinstalled, though. If you are lucky, this nasty WinTools won't kill your Internet connection. If you are not, you'll need LSPFix. Make sure you download it ahead-of-time! Download IEFix.reg. First, boot to safe mode. All that junk came right back, so fix all the things I recommended under "Definitely remove" before and add these new items: O1 - Hosts: 207.36.196.189 ieautosearch O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - http://instillevents.webex.com/client/latest/event/ieatgpc.cab R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us.mcafee.com/root/landingpages/cd.asp?affid=122-01&lpname=vsotrial90&cid=7800&appurl=http://us.mcafee.com/apps/AppCommon/updreg.asp?app=http://us.mcafee.com/apps/vso/en-us/redir.asp?affid=122-01&installtype=force&lpname=vsotrial90&langid=1&systempopup=true (obfuscated) O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/eng/check/qdiagh.cab?315 Immediately delete as much as you are allowed from these files and folders (The whole thing if it'll let you. We'll deal with the error messages later.): C:\Program Files\Common files\WinTools\ C:\PROGRA~1\INSIDE~1\Long Grey.exe BackWeb-8876480.exe <-- Not sure where this really is. Do a search. Use the IEFix.reg file to restore default pages so you arn't reinfected immediately. Open c:\windows\win.ini. Add a ";" (semicolon) in front of any lines that begin with "run=". Post the content of those lines, if there are any, with your next post. Run Adaware and Spybot S&D now to get rid of anything we missed. Reboot and hope! Run an online virus scan immediately. (Housecall) Post another log and we'll see what that took out. Isn't getting rid of spyware fun? The Wereotter virusmagnet1@viruswatch.ath.cx Here intentionally to attract virii Written in response to: re: allaboutseaching (Cynthia: Thursday, May 13, 2004 at 3:17 pm) Responses to this message: re: allaboutseaching (Cynthia: Thursday, May 13, 2004 at 6:37 pm) All messages in this thread [show all] allaboutseaching (Cynthia: Thu, May 13, 2004, 8:27 am) re: allaboutseaching (Roland_Jenkins: Thu, May 13, 2004, 9:22 am) re: allaboutseaching (Cynthia: Thu, May 13, 2004, 10:40 am) re: allaboutseaching (Falcon: Thu, May 13, 2004, 11:12 am) re: allaboutseaching (Cynthia: Thu, May 13, 2004, 12:54 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 1:36 pm) re: allaboutseaching (Cynthia: Thu, May 13, 2004, 3:17 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 3:23 pm) re: allaboutseaching (Cynthia: Thu, May 13, 2004, 6:37 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 6:45 pm) re: allaboutseaching (Ms. Eagle: Thu, May 13, 2004, 7:36 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 8:09 pm) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 12:58 pm) re: allaboutseaching (Ms. Eagle: Thu, May 13, 2004, 7:18 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 7:34 pm) re: allaboutseaching (Ms. Eagle: Thu, May 13, 2004, 7:40 pm) re: allaboutseaching (Falcon: Thu, May 13, 2004, 8:08 pm) re: allaboutseaching (Ms. Eagle: Thu, May 13, 2004, 8:03 pm) re: allaboutseaching (Ms. Eagle: Thu, May 13, 2004, 9:04 pm) re: allaboutseaching (Falcon: Fri, May 14, 2004, 4:50 am) Zesty Find adware (Ms. Eagle: Sat, May 15, 2004, 1:06 pm) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 1:08 pm) re: allaboutseaching (Falcon: Sat, May 15, 2004, 1:40 pm) re: allaboutseaching (Ms. Eagle: Sat, May 15, 2004, 1:52 pm) re: allaboutseaching (Falcon: Sat, May 15, 2004, 1:58 pm) re: allaboutseaching (Falcon: Sat, May 15, 2004, 2:04 pm) re: allaboutseaching (Ms. Eagle: Sat, May 15, 2004, 3:08 pm) re: allaboutseaching (Falcon: Sat, May 15, 2004, 3:58 pm) re: allaboutseaching (Ms. Eagle: Sat, May 15, 2004, 4:14 pm) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 2:15 pm) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 1:01 pm) Zesty Find adware (Ms. Eagle: Sat, May 15, 2004, 1:15 pm) re: Zesty Find adware (Cynthia: Sat, May 15, 2004, 2:13 pm) re: Zesty Find adware (Falcon: Sat, May 15, 2004, 2:18 pm) re: Zesty Find adware (Cynthia: Sat, May 15, 2004, 3:20 pm) azjmp.com (Cynthia: Sun, May 16, 2004, 4:06 pm) re: azjmp.com (Falcon: Mon, May 17, 2004, 1:02 pm) re: azjmp.com (Cynthia: Mon, May 17, 2004, 2:12 pm) re: Zesty Find adware (Ms. Eagle: Sat, May 15, 2004, 2:51 pm) re: Zesty Find adware (Cynthia: Sat, May 15, 2004, 3:17 pm) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 1:05 pm) re: allaboutseaching (Jason Furmage: Thu, May 13, 2004, 9:34 am) re: allaboutseaching (Cynthia: Sat, May 15, 2004, 1:04 pm) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum