|
Help Me (pg. 2)
|
View this Thread in Original format
| AirPole |
Don't you just hate like that? It really pisses me off.
Ok try this:
Go to Start Menu, 'Run' and type 'msconfig'.
Now go to the last tab called something like 'boot up' (at least that's what I'm guessing it's called, because I have a Dutch XP version) and see if the name of that program is in the list. If you find it, uncheck it and then run 'Spybot Search & Destroy' (free download) and that should help you alot.
Cheers |
|
|
| all-nite-freak |
| that will teach you not to rub your pecker on the hard drive |
|
|
| MLB |
1. Please download SmitfraudFix (by S!Ri).
Extract the content (a folder named SmitfraudFix) to your desktop.
Please do NOT run a scan yet!
NOTE : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulti...processutil.htm
2. Please download: CCleaner (freeware) from here:
http://www.ccleaner.com/download/
Run the CCleaner installer.
During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
Please do NOT run a scan with CCleaner yet!
3. Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30-day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
Once the setup is complete you will need to run ewido and update the definition files.
On the main screen select the "Shield" icon, then under the "Resident shield is" section change the "Active" status of ewido’s resident shield to "Inactive".
On the main screen select the "Update" icon, then under the "Manual update" section select the "Start update" button.
The update will start and a progress bar will show the updates being installed.
Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the "Settings" screen click on "Recommended actions" and then select "Quarantine".
Under "Reports:"
Select "Automatically generate report after every scan".
Un-Select "Only if threats were found".
Close ewido anti-spyware. Please do NOT run a scan yet!
4. Please reboot your computer into Safe Mode by doing the following:
Reboot your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Instead of Windows loading as normal, a menu should appear.
Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
5. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select Option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process (if a reboot is required, please boot BACK into Safe Mode). A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
WARNING : Running Option #2 on a non-infected computer will remove your desktop background.
6. AFTER SmitfraudFix finishes (and after a reboot if required), please run CCleaner. (If a reboot is required, please boot BACK into Safe Mode)
Click the Windows tab.
Select the following:
Select everything under the Internet Explorer section.
Select everything under the Windows Explorer section.
Select everything under the System section.
Select ONLY Old Prefetch data under the Advanced section.
Next, click the Options icon, then click the Advanced button:
UNCHECK : "Only delete files in Windows Temp folders older than 48 hours", click OK.
Next: click the Cleaner icon, then click the Run Cleaner button (bottom right), then Exit.
NOTE : Please do NOT use the Applications tab or the Issues icon. Keep to the Cleaner icon and the Windows tab.
7. Then please open ewido anti-spyware. (If a reboot is required, please boot BACK into Safe Mode)
IMPORTANT : Do NOT open any other windows or programs while ewido is scanning, it may interfere with the scanning process.
Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select the "Apply all actions" button, ewido will then display "All actions have been applied" on the right hand side.
Next select the "Save Report" button at the bottom.
Then select the "Save report as" button in the lower left hand of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
Close ewido.
Then please REBOOT normally into Windows. |
|
|
| Omega_M |
| there should be a file with "win" in its name on C: Delete that. A windows system file is never left open and unattended on C: That file contains teh trojan. And yes, you got it because you visited a pr0n website :o |
|
|
| Purple |
Yes I downloaded each and every Spyware available and scanned but it didnt solved my problem:
Have tried MSconfig too..
I am too tired now, will try what you said tomorrow..
if that too dosent work, I guess I have to format it..:(
I even downloaded and installed the program they asked me to... but that too dosent stop this popup.. |
|
|
| Purple |
| quote: | Originally posted by Omega_M
there should be a file with "win" in its name on C: Delete that. A windows system file is never left open and unattended on C: That file contains teh trojan. And yes, you got it because you visited a pr0n website :o |
This is my work laptop, I never ever visit any pron site from this, for that I have another desktop comp...I dont install any other programs in this too other than business related softwares.. exception Foobar. |
|
|
| Omega_M |
| You don't have that file i mention ? |
|
|
| basd |
| quote: | Originally posted by Purple
This is my work laptop, I never ever visit any pron site from this, for that I have another desktop comp...I dont install any other programs in this too other than business related softwares.. exception Foobar. |
You do business with LimeWire? |
|
|
| THE_Chris |
Adaware
Spybot
AVG Free |
|
|
| MLB |
| quote: | Originally posted by Purple
Yes I downloaded each and every Spyware available and scanned but it didnt solved my problem:
Have tried MSconfig too..
I am too tired now, will try what you said tomorrow..
if that too dosent work, I guess I have to format it..:(
I even downloaded and installed the program they asked me to... but that too dosent stop this popup.. |
dont need to format, run smitfraud and ewido malware removal tool as mentioned in the steps and run in safe mode etc etc.. just ignore the CC cleaner step, until you want to try it out.
if all fails use system restore feature and restore from last week. |
|
|
| jdat |
| quote: | Originally posted by MLB
4. Please reboot your computer into Safe Mode by doing the following:
|
Right on.
Purple whatever you do with the spyware removers people are suggesting I highly recommend you run them in Safe Mode.
If you don't go into safe mode the removing software may or may not be able to be able to take care of some of the spyware as they are already launched processes.
So Safe Mode it must be! |
|
|
|
|
