Re: Need more help to remove nasty REQ.DAT from my WinXp Pro

Johhny,

Thanks for the suggestion. I tried everything you said (took me 2 hours)
but same situation.

The *** is still sitting on my PC.

- Michael

"Johnnyboy" <Johnnyboy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49328B3D-F83B-4B76-9634-B2EFC72074E9@xxxxxxxxxxxxxxxx
>1 Download the following four items...
> McAfee Stinger
> http://vil.nai.com/vil/stinger/
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> Download SYSCLEAN.COM and place it in that directory.
> Dowload the Trend Pattern File by obtaining the ZIP file.
> For example; lpt265.zip
> Extract the contents of the ZIP file and place the contents in the same
> directory as
> SYSCLEAN.COM
> 2) Update Adaware with the latest definitions.
> 3) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 4) Reboot your PC into Safe Mode
> 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using
> the three
> utilities; Trend Sysclean, Stinger and Adaware
> 7) If you are using WinME or WinXP, Re-enable System Restore and re-apply
> any
> System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) If you are using WinME or WinXP, create a new Restore point
>
>
>
> "M. B." wrote:
>
>> Well folks, thanks everyone for your help and suggestions but I have yet
>> still to successfully remove this damn "Spyware". But I do have some
>> more information!
>>
>>
>>
>> I have for sure indentified the "offending" file as:
>>
>> \WINDOWS\SYSTEM32\REQ.DAT
>>
>>
>>
>> And the REGISTRY entry is:
>>
>>
>>
>> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
>> Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
>>
>>
>>
>> If I try to MANUALLY delete the file, I get "Access Denied" and when I
>> delete the registry key, it just pops right back after exiting REGEDIT.
>>
>>
>>
>> Please remember, I have tried running the below suggested utilities with
>> System Restore On & Off, and also in Normal and in Safe Mode.
>> Unfortunately, no luck!
>>
>>
>>
>> -----------------------------------------------------------------
>>
>> CWShredder - it finds this as "VX2.Look2Me", tells me it has been removed
>> but when I reboot, it's still there.
>>
>>
>>
>> AdAware SE Pro - doesn't find it.
>>
>>
>>
>> Spybot Search and Destroy - doesn't find it.
>>
>>
>>
>> Microsoft's Antispyware beta - doesn't find it.
>>
>>
>>
>> Norton Antivirus 2005 - it find's it. Tells me to run it again in Safe
>> Mode
>> to remove it. When I re-run Norton in Safe Mode, it doens't even flag
>> or
>> find it.
>>
>>
>>
>> HiJack This - it finds it, and when I choose to Fix It, it supposedly
>> does
>> but when I re-run Scan, it's again back there.
>>
>>
>>
>> BHODemo - it finds it and thankfully I have been able to DISABLE it with
>> this program. Here is the data that it reports on it:
>>
>>
>>
>> BHODemon 2.0.0.22 Report File:
>> Desc: * Investigating *
>> ReportsCount: 6
>> Clsid: {1C044AAD-7955-4cbd-8175-501A165C4E5D}
>> DLL Path: C:\WINDOWS\System32\req.dat
>> Last Load Time: 4/30/2005 6:02:51 PM
>> Blocked Load Attempts: 1,003
>> Modified Date: Monday, April 11, 2005 20:11:53
>> Created Date: Monday, April 11, 2005 20:11:53
>> Load Attempts: 1,166
>> Enabled?: No
>> Size (bytes): 22,016
>> EnabledCount: 4
>> MD5 Checksum: d7bcebc6ca7dca7326eebb92818d410d
>> Status: Investigating
>>
>> ------------------------------------------------------------
>>
>>
>>
>> So, if anyone has any other suggestions or ideas how to completely remove
>> it, PLEASE let me know. In my 20+ years around computers, I have never
>> seen such a nasty and vicious worm.
>>
>>
>>


.