re: Trojan is hiding there somewhere
Sunday, July 17, 2005 at 6:13 pm
Windows XP Annoyances Discussion Forum
Posted by Falcon
(13489 messages posted)
The portions in bold are/may be random, and may have changed.
- Uninstall Viewpoint from Add/Remove Programs.
- Download and update About:Buster.
- Reboot to Safe Mode
- Run About:Buster.
- Check these entries in HijackThis and press Fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOL Messenger Optimized] AOLOpt.exe
O4 - HKLM\..\Run: [zyhatwb] C:\WINDOWS\zyhatwb.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [AOL Messenger Optimized] AOLOpt.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
- Delete these files and folders:
- C:\WINDOWS\zyhatwb.exe
- C:\Documents and Settings\Administrator\Local Settings\Temp\ <-- Everything
in folder
- AOLOpt.exe
- C:\Program Files\Viewpoint\
- Reboot normally.
- Run About:Buster again.
- Post a fresh HijackThis log.
My Malware Removal Instructions
Perform the following:
-
Disable
System
Restore
*
- Perform an online
virus scan
*
*
*
*
.
- Download, update, and run these tools:
Repeat as necessary until clean.
- If you still experience problems after doing these steps, download
HijackThis
*
and post a log to this forum.
- To protect against reinfection, download and use these:
If at all possible, I recommend that you use alternative software, particularly
web browsers
and email clients:
If this is not a viable option, or for additional protection, use these:
- Optionally Reenable
System Restore
*
. Better
alternatives
to System Restore.
If you encounter any broken links, please inform
me of them. Also note that these links direct through my web server to
allow me to keep them
up-to-date or post additional info. If you are unable to use the links above,
click the stars
instead, which are a direct link to the page in question.
|
All messages in this thread [show all]
 | | |  | re: Trojan is hiding there somewhere (Falcon: Sun, Jul 17, 2005, 6:13 pm) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
