Re: HELP!!! ***res://<random>.dll/<random>.html#<random>*** HELP!!!

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: pcbutts1 (pcbutts1_at_yawhoo.com)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 04:25:54 GMT

I told you how but just in case you didn't get it here it is again.

1) Open My Computer and choose "Tools" in in the menu option, then choose
"Folder Options".
2) Click the "View" tab and under Advanced Settings set it to show "Hidden
files and folders"
3) Next press "Alt Ctrl Del" and choose the "Processes tab" to bring up a
list of running processes.
4) Click the "Image Name" button to get the processes in alphabetical order.
Scroll through the list of processes and end task on any processes that you
are unaware of or do not have anything on google (get an expert to help)
5) Next, go to Start --> Run and type "Services.msc" (without quotes) then
hit OK.
6) Scroll down in the right pane of the screen and find the service called
"Network Security Service". Double click it.
7) In the next window that opens, click the Stop button, then change the
Startup Type to Disabled. Now hit Apply and then OK and close any open
windows.
8) Run HijackThis.exe again do a scan and place a check check in the
following boxes and click on "Fix Checked":
- R1 Entries
- BHO entries
- 04 entries with random exes.
You may want an expert to assist you there.
9) Reboot into safe mode. Once in Safe Mode, delete the following files:
- R1 Entries
- BHO entries
- 04 entries with random exes.
You may want an expert to assist you there.
10) Go to Start, --> Run and type in "regedit" (without quotes) and press
"Enter".
11) In the registry, navigate to the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ In the left pane if
you see something called "__NS_Service_3" right click on it and choose
delete.
12) Next navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
In the left pane if you see something called "LEGACY___NS_Service_3" right
click on it and choose delete.
13) Exit regedit and reboot in Normal Mode.
14) Run Hijackthis again, if its clean, you're good to go.

Please note: The fixes above only apply to those who are being hijacked to
webpages such as res://ewfom.dll#2342 and nothing else. 

-- 
The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com
"The Stull Demon" <kansas_666@hotmail.com> wrote in message
news:c3d7271b.0406282005.23e10dd0@posting.google.com...
> °Mike° <qp_mike_qp@yahoo.com> wrote in message
news:<40e27f47.668578@localhost>...
>
> >
> > Why have you posted an *incomplete* HijackThis log,
> > when you have screamed not to suggest anything
> > that's not brand new?
> >
> >
>
> THE LOG IS (was) COMPLETE. I cut and pasted *EVERYTHING* that was in
> the Log File into the post. I SCREAM BECAUSE *NOBODY* HAS FOUND A WAY
> TO CLEAN THIS NEWEST CWS VARIANT YET! That's why. That's why I scream.
>
> If you don't have the answers, that's OK. But please - SHUT UP (!!!)
> and let someone who does have the answers answer this post. You're not
> helping. The guy who wrote the CWS Shredder has *GIVEN UP*. I REPEAT:
> He has quit. When the going got REALLY tough, he quit. When my Dad got
> infected with the NEWEST variant of the CWS Malware, he quit. Can
> someone please pick up the pieces? And can someone set up a
> military-style tribunal to TRY AND CONVICT the monsters responsible
> for this?
>
> Here's what appear to be the FINAL WORDS from MERIJN THE QUITTER:
>
> June 28, 2004:
> Alright, this will be my last update for a while. I have a lot of
> things going on that are not spyware-related in the next few months
> and frankly I find these more important than the spyware-related
> issues. I'm sorry if that offends you, but I simply don't have the
> time to do both at the same time. I hope you'll understand.
>
> NOPE. SORRY. I DON'T!!!!!!!!!!!!!!!
>
> July 1 2004, I will be graduating from the University of Utrecht and
> receive my Masters Degree in Science (chemistry, specifically).
> September 1 2004, I will start a second study at the same university.
> I'm not sure what the English name for this study is (in Dutch it's
> Informatiekunde) but it's in the Computer Sciences field.
>
> WHO CARES???????????!!!!!!!!!!!!!!
>
> Right now, my email inbox is overflowing with over 2700 emails which I
> can't possibly answer all. These 2700 are two-thirds of about 4000,
> the remaining one-third being spam and email viruses which I've
> already deleted. (For god's sake people, get some decent antivirus
> protection, that's nearly 1300 emails from Windows systems infected
> with email spewing trojans.)
>
> YOU WONDER WHY?????????????!!!!!!!!!!!!! YOU HAVE LET US DOWN!!!
>
> I will not be able to respond to your email anytime soon! Here are my
> answers to the majority of emails I've gotten so far:
>
> Q. Can you look at my HijackThis/StartupList/CWShredder log?
> A. No, pick a link from the list of forums that can help you interpret
> your log and ask for help there.
>
> Q. CWShredder isn't fixing my problem!
> A. While it's been easy and even fun keeping CWShredder up to date,
> the recent variants are a living hell. The people who wrote the latest
> variants of the trojan surpass the older variants by far.
> - Resident DLLs from the about:blank, res://xxxx.dll or invisible
> variants cannot be removed by CWShredder or HijackThis.
> - Variants like f0r0r that are protected by Hacker Defender cannot be
> removed by CWShredder or HijackThis.
>
> Q. When will CWShredder be updated again?
> A. It won't be again, probably. I have a few bugs to fix, but after
> that there's not much left to do - I simply do not have the tools to
> remove the latest variants, they are too agressive or complicated to
> allow automated removal by CWShredder.
>
>
> ARRRRRRRRRRRGGGGGHHHH!!!
>
> QUITTER!!!
>
> OK... let me catch my breath... ok... better now... can someone please
> take over where the QUITTER left off and help get us get rid of this
> latest variant of CWS? Please?
Quantcast