Hi,
I'm also running XP and managed to delete InstaFinder with no problems from the Control Panel. Having said that I just did another search and found another instance of it.
I've just found this thread on www.thetechguide.com forum that looks like it could be of help.
There are some other useful links on the thread.
http://www.thetechgu...showtopic=14342Hope it helps!
Womble
---------------------
Open your add/Remove Programs and remove if found
InstaFinderK
Restart your computer if removed
Download and save to desktop this Removal tool developed by Symantec
also
Download and save to desktop The STANDALONE version of CWShredder.exe
Don't run this yet
Please print this out or save to a Notepad file on your desktop for easy access
START>>RUN>>type in notepad
hit OK
Disconnect from the Internet (Close down all browser windows) and all unnecessary programs running in the background
Open Hijackthis>>Open Misc tools>>Open Delete File on Reboot
Copy and paste the bold line below into the File Name box
C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll
Then click OPEN, when prompted to Restart
Please Restart into Safe mode, you can do this by tapping the F8 key as the system is booting up
In safe mode
Find and delete these files or folders if they exist
C:\Program Files\INSTAFINK <--folder
C:\WINNT\System32\P2P Networking <--folder
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {243BF4B7-817F-4ABD-8ECC-75461427ACD7} - C:\WINNT\System32\ajdn.dll (file missing)
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAFINK\instafink.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [runner.exe] C:\WINNT\System32\runner.exe
O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} -
http://akamai.downlo...ice_3_ES_XP.cabAfter you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Do a Disk CleanUp, Ensure that temp and temporary Internet files are checked
START>>RUN>>Type in cleanmgr
Hit OK
Again, in safe mode
Double-click the FxAgentB removal tool by Symantec to run it.
The program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later.
RESTART your computer when Done
Back in Windows
Open just CWShredder and click ONLY the FIX button, let it fix all problems
Restart your computer
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
Post back a fresh Hijackthis log
Could you also post the Whole>>> FxAgentB.log
Would you also
Access this Online Malware Scan
Give this site time to load
Jotti's Online Malware scan
Use the browse button and navigate to this file on your hard drive
C:\WINNT\System32\runner.exe<--this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please, just the scanner results, I believe it's a trojan I had scanned awhile back, but I want to make sure
Also run another scan with DLLCompare
If this entry is still hanging around
C:\WINNT\SYSTEM32\kbd.dll Fri Jun 25 2004 11:06:36a A...R 57,344 56.00 K
Could you additionally, if that entry is still found in DLLCompare
Download and install Registrar Lite.
http://www.resplendence.com/regliteInstall it and then run it
Copy and paste this line to reglite's address bar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
and hit the "Go" tab.
Find: "Appinit_Dlls" value on the right side panel
DoubleClick on it
Copy and post here the information in the 'Value' field.
--------------------
HijackThis 1.99.1
Not required, but if you would like to Contribute
Click here