[ctmathtutor]

I'm having trouble getting rid of InstaFinderK. My computer runs on windows xp. I did a search last week for all files on my computer starting with "instafinder" or "instaf" as part of the file name, and found about 20 of them, so I deleted all of them.

However, when I go to the Add/Remove Programs utility I see that InstaFinderK is still among the programs listed! Clicking on the change/remove button fails to remove it.

I found a thread related to removing Instafinder that suggested downloading and running uninstall6_38.exe, so I tried that also. Didn't work.

Also: each time I start my computer, AVG anti-virus informs me that it has detected a virus with file name ei(1).exe and identified as a Trojan Horse Downloader.Small.26.AJ. AVG gives me the option of deleting this program, but there it is again the next time I boot up. I think this virus could be the InstaFinderK program.

I'd appreciate any useful suggestions at this point.

[Advertisements]

Hi,

I'm also running XP and managed to delete InstaFinder with no problems from the Control Panel. Having said that I just did another search and found another instance of it.

I've just found this thread on www.thetechguide.com forum that looks like it could be of help.

There are some other useful links on the thread.

http://www.thetechgu...showtopic=14342

Hope it helps!

Womble

---------------------


Open your add/Remove Programs and remove if found
InstaFinderK
Restart your computer if removed

Download and save to desktop this Removal tool developed by Symantec

also

Download and save to desktop The STANDALONE version of CWShredder.exe
Don't run this yet

Please print this out or save to a Notepad file on your desktop for easy access
START>>RUN>>type in notepad
hit OK

Disconnect from the Internet (Close down all browser windows) and all unnecessary programs running in the background

Open Hijackthis>>Open Misc tools>>Open Delete File on Reboot
Copy and paste the bold line below into the File Name box

C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll

Then click OPEN, when prompted to Restart

Please Restart into Safe mode, you can do this by tapping the F8 key as the system is booting up

In safe mode

Find and delete these files or folders if they exist
C:\Program Files\INSTAFINK <--folder
C:\WINNT\System32\P2P Networking <--folder

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {243BF4B7-817F-4ABD-8ECC-75461427ACD7} - C:\WINNT\System32\ajdn.dll (file missing)
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAFINK\instafink.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [runner.exe] C:\WINNT\System32\runner.exe

O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downlo...ice_3_ES_XP.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Do a Disk CleanUp, Ensure that temp and temporary Internet files are checked
START>>RUN>>Type in cleanmgr
Hit OK

Again, in safe mode
Double-click the FxAgentB removal tool by Symantec to run it.
The program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later.
RESTART your computer when Done

Back in Windows
Open just CWShredder and click ONLY the FIX button, let it fix all problems
Restart your computer

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh Hijackthis log
Could you also post the Whole>>> FxAgentB.log

Would you also
Access this Online Malware Scan
Give this site time to load
Jotti's Online Malware scan

Use the browse button and navigate to this file on your hard drive
C:\WINNT\System32\runner.exe<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results, I believe it's a trojan I had scanned awhile back, but I want to make sure


Also run another scan with DLLCompare
If this entry is still hanging around
C:\WINNT\SYSTEM32\kbd.dll Fri Jun 25 2004 11:06:36a A...R 57,344 56.00 K

Could you additionally, if that entry is still found in DLLCompare
Download and install Registrar Lite.
http://www.resplendence.com/reglite
Install it and then run it
Copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

and hit the "Go" tab.
Find: "Appinit_Dlls" value on the right side panel
DoubleClick on it
Copy and post here the information in the 'Value' field.


--------------------

HijackThis 1.99.1

Not required, but if you would like to Contribute
Click here

[womble]

Hi,

I'm also running XP and managed to delete InstaFinder with no problems from the Control Panel. Having said that I just did another search and found another instance of it.

I've just found this thread on www.thetechguide.com forum that looks like it could be of help.

There are some other useful links on the thread.

http://www.thetechgu...showtopic=14342

Hope it helps!

Womble

---------------------


Open your add/Remove Programs and remove if found
InstaFinderK
Restart your computer if removed

Download and save to desktop this Removal tool developed by Symantec

also

Download and save to desktop The STANDALONE version of CWShredder.exe
Don't run this yet

Please print this out or save to a Notepad file on your desktop for easy access
START>>RUN>>type in notepad
hit OK

Disconnect from the Internet (Close down all browser windows) and all unnecessary programs running in the background

Open Hijackthis>>Open Misc tools>>Open Delete File on Reboot
Copy and paste the bold line below into the File Name box

C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll

Then click OPEN, when prompted to Restart

Please Restart into Safe mode, you can do this by tapping the F8 key as the system is booting up

In safe mode

Find and delete these files or folders if they exist
C:\Program Files\INSTAFINK <--folder
C:\WINNT\System32\P2P Networking <--folder

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {243BF4B7-817F-4ABD-8ECC-75461427ACD7} - C:\WINNT\System32\ajdn.dll (file missing)
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAFINK\instafink.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [runner.exe] C:\WINNT\System32\runner.exe

O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downlo...ice_3_ES_XP.cab

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Do a Disk CleanUp, Ensure that temp and temporary Internet files are checked
START>>RUN>>Type in cleanmgr
Hit OK

Again, in safe mode
Double-click the FxAgentB removal tool by Symantec to run it.
The program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later.
RESTART your computer when Done

Back in Windows
Open just CWShredder and click ONLY the FIX button, let it fix all problems
Restart your computer

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh Hijackthis log
Could you also post the Whole>>> FxAgentB.log

Would you also
Access this Online Malware Scan
Give this site time to load
Jotti's Online Malware scan

Use the browse button and navigate to this file on your hard drive
C:\WINNT\System32\runner.exe<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results, I believe it's a trojan I had scanned awhile back, but I want to make sure


Also run another scan with DLLCompare
If this entry is still hanging around
C:\WINNT\SYSTEM32\kbd.dll Fri Jun 25 2004 11:06:36a A...R 57,344 56.00 K

Could you additionally, if that entry is still found in DLLCompare
Download and install Registrar Lite.
http://www.resplendence.com/reglite
Install it and then run it
Copy and paste this line to reglite's address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

and hit the "Go" tab.
Find: "Appinit_Dlls" value on the right side panel
DoubleClick on it
Copy and post here the information in the 'Value' field.


--------------------

HijackThis 1.99.1

Not required, but if you would like to Contribute
Click here

[womble]

Sorry, just realised some of the links don't work so you might have to go to the original message via

http://www.thetechgu...showtopic=14342