Re: Removal tool not working on ms site?

From: PA Bear (PABear_at_mvps.org)
Date: 08/12/04 

Date: Wed, 11 Aug 2004 22:53:02 -0400

A. Preliminaries to take care of

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

B. Dealing with the Trojan

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.

3. Check in at Windows Update.

C. Check your system for other Trojans and "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
     http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957 

-- 
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
Are You Ready for WinXP SP2?
http://support.microsoft.com/default.aspx?pr=windowsxpsp2
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
murphy wrote:
> Hi PA Bear,
>
> I did post back at the original thread but you didn't
> reply me. Initially when I did a window update, it was
> window update who say that I need to install this update
> (saying that those user who see the prompt during update,
> meaning they have caught either of the worm) which I did
> and the download went successfully, only thing is I
> couldn't locate the removal tool. Even went into
> add/remove, it wasn't even there. And you are the one who
> ask me to try the other link which I did, it also
> wouldn't run. (both also wouldn't run). I'm using avg
> antivirus and zonealarm and I update frequently. So could
> you please help me!!!
>
> > -----Original Message-----
> > Always post back to your original thread.
> >
> > Did the tool fail to run or did it show a "No Infection" notice?
> >
> > Are you up to date at Windows Update?
> >
> > Are you running a reliable anti-virus application?  Is it configured to
> > seek updates daily and then to run a full system scan a few minutes
> > later, also daily?
> > --
> > murphy wrote:
> > > Could some one from MVP please advise! I've download ms
> > > removal tool kb836528 and the downloading went smoothly,
> > > it even says downloading success. But the removal tool
> > > was no where to be found. I posted a topic on this and
> > > someone from mvp responded asking me to run the tool from
> > >
> here>http://www.microsoft.com/security/incident/mydoom.msp
> > > x Which I did and it failed too... could someone advise!
> >
> > .

Relevant Pages

  • Re: Code 8000FFFF
    ... Remember that I said there's a chance that the problem's being caused by hijackware, not that it IS being caused by hijackware. ... Windows Update Control Panel item on a Windows Vista-based computer ... (Provide the Administrator password or confirmation if prompted to do so.) ... I did, however, download, install and run MRST you listed below and it said ...
    (microsoft.public.windowsupdate)
  • Re: Removal tool not working on ms site?
    ... Check in at Windows Update. ... > Help with Hijackware ... CWShredder (fix all found) ... > [Alternate download pages for many of the above tools may be found at ...
    (microsoft.public.windowsxp.general)
  • Re: No Control Panel, cant open anything
    ... As long as this Trojan is on your pc it will wreck ... I was told by my WinXP Group to download & run something called ... The Trojan is gone but my Control Panel is still not showing up in My ... he did say it was a Windows Update that caused the problem! ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: How do I download IE6?
    ... including OE (but none you didn't originally download) and overinstall. ... Windows Update for additional updates and patches you may need. ... Help with Hijackware ... > Internet Explorer folder there's no trace of IE6 and in fact there's ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Windows update problems
    ... Art ... When I go to the windows update page..scan for ... > Is this due to one of those trojan or mass mailing virus things? ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)