Re: [re] Browser HiJack-Help: Get them!
From: H Leboeuf (NoAddress_at_generation.invalid)
Date: 06/26/04
- Next message: H Leboeuf: "Re: Can not go to page from address bar"
- Previous message: H Leboeuf: "Re: Browser HiJack-Help"
- In reply to: nelson: "[re] Browser HiJack-Help: Get them!"
- Next in thread: H Leboeuf: "Re: Browser HiJack-Help"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 26 Jun 2004 09:31:13 -0400
Nelson this will apply only if you have the exact same CWS variant.
Post your log at the forum.
The normal procedure with CWShredder do not work on this new nasty variant.
Post your log at the forum. They are very busy with this new infection.
The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.
Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.
O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338-29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32\xxxxx.exe
You will be asked to:
Download About:Buster from either of the following locations.
http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip
Run AboutBuster.exe, click OK, then start, then OK. This will scan your
computer for the files responsible for hijacking your home and/or search
settings/page.
Reboot and post a new HijackThis log along with the report from
About:Buster.
With these instructions they will suggest the correct files to be remove.
Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.
-- Henri Leboeuf Web page: http://www.colba.net/~hlebo49/index.htm === "nelson" <anonymous@discussions.microsoft.com> wrote in message news:21d1a01c45af0$56ae2240$a001280a@phx.gbl... > I have been hit with the same Hijack. Spysubtract can't > remove it either. I am going to find a way to turn the > copmany that released this to the local DA. are you with > me if i presue them? I have been caused many hours of > trouble and also lost hours in billing. > > nmay1@carolina.rr.com
- Next message: H Leboeuf: "Re: Can not go to page from address bar"
- Previous message: H Leboeuf: "Re: Browser HiJack-Help"
- In reply to: nelson: "[re] Browser HiJack-Help: Get them!"
- Next in thread: H Leboeuf: "Re: Browser HiJack-Help"
- Messages sorted by: [ date ] [ thread ]
