RE: Need more help to remove nasty REQ.DAT from my WinXp Pro
- From: Johnnyboy <Johnnyboy@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 30 Apr 2005 11:57:08 -0700
1 Download the following four items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt265.zip
Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using
the three
utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
"M. B." wrote:
> Well folks, thanks everyone for your help and suggestions but I have yet
> still to successfully remove this damn "Spyware". But I do have some
> more information!
>
>
>
> I have for sure indentified the "offending" file as:
>
> \WINDOWS\SYSTEM32\REQ.DAT
>
>
>
> And the REGISTRY entry is:
>
>
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
>
>
>
> If I try to MANUALLY delete the file, I get "Access Denied" and when I
> delete the registry key, it just pops right back after exiting REGEDIT.
>
>
>
> Please remember, I have tried running the below suggested utilities with
> System Restore On & Off, and also in Normal and in Safe Mode.
> Unfortunately, no luck!
>
>
>
> -----------------------------------------------------------------
>
> CWShredder - it finds this as "VX2.Look2Me", tells me it has been removed
> but when I reboot, it's still there.
>
>
>
> AdAware SE Pro - doesn't find it.
>
>
>
> Spybot Search and Destroy - doesn't find it.
>
>
>
> Microsoft's Antispyware beta - doesn't find it.
>
>
>
> Norton Antivirus 2005 - it find's it. Tells me to run it again in Safe Mode
> to remove it. When I re-run Norton in Safe Mode, it doens't even flag or
> find it.
>
>
>
> HiJack This - it finds it, and when I choose to Fix It, it supposedly does
> but when I re-run Scan, it's again back there.
>
>
>
> BHODemo - it finds it and thankfully I have been able to DISABLE it with
> this program. Here is the data that it reports on it:
>
>
>
> BHODemon 2.0.0.22 Report File:
> Desc: * Investigating *
> ReportsCount: 6
> Clsid: {1C044AAD-7955-4cbd-8175-501A165C4E5D}
> DLL Path: C:\WINDOWS\System32\req.dat
> Last Load Time: 4/30/2005 6:02:51 PM
> Blocked Load Attempts: 1,003
> Modified Date: Monday, April 11, 2005 20:11:53
> Created Date: Monday, April 11, 2005 20:11:53
> Load Attempts: 1,166
> Enabled?: No
> Size (bytes): 22,016
> EnabledCount: 4
> MD5 Checksum: d7bcebc6ca7dca7326eebb92818d410d
> Status: Investigating
>
> ------------------------------------------------------------
>
>
>
> So, if anyone has any other suggestions or ideas how to completely remove
> it, PLEASE let me know. In my 20+ years around computers, I have never
> seen such a nasty and vicious worm.
>
>
>
.
- References:
- Prev by Date: RE: Windows components
- Next by Date: Re: message alert on user icon
- Previous by thread: Need more help to remove nasty REQ.DAT from my WinXp Pro
- Next by thread: Re: Need more help to remove nasty REQ.DAT from my WinXp Pro
- Index(es):
Relevant Pages
|
