Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smitfield Victim again[RESOLVED]

Started by roamer , Apr 23 2005 07:10 AM

  • This topic is locked This topic is locked

#31
Metallica
Posted 24 April 2005 - 06:37 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Good detective work. :tazz:

The Sysai folder is from Apropos spyware and can be deleted completely.

param32.dll will be a bit more difficult.

Copy the part in bold below into notepad and save it as param.reg

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D56A1203-1452-EBA1-7294-EE3377770000}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command]
@="\"%1\" %*"

Then have HijackThis fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/

Then reboot and you should be able to delete the file.

Let me know.

Regards,

Pieter
  • 0

Advertisements

#32
roamer
Posted 24 April 2005 - 06:49 AM

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Save param.reg in which directory?

HJT can't seem to fix that entry... after i fix, when i run HJT again, it remains there.
  • 0

#33
roamer
Posted 24 April 2005 - 06:55 AM

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have created param.reg in the same directory as param32.dll. Now it doesnt appear as hidden. So I should delete param32.dll now?
  • 0

#34
Metallica
Posted 24 April 2005 - 07:20 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts

I have created param.reg in the same directory as param32.dll. Now it doesnt appear as hidden. So I should delete param32.dll now?

View Post



Yes please. Then fix the entry in HijackThis and reboot.

param32.dll is the one sustaining that I think.

Regards,

Pieter
  • 0

#35
roamer
Posted 24 April 2005 - 07:30 AM

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
IT IS RESOLVED!

param32.dll is really the culprit. Thanks so much for your time and patience! *tears of joy* :tazz: ;)
  • 0

#36
Metallica
Posted 24 April 2005 - 09:53 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Glad I was able to help.
I do hope your memory banks hold out for a while longer, but you really should look at your options regarding those. Better prepared then sorry. :tazz:

Alos have a look at my site for some tips on protecting your system.

Regards,

Pieter
  • 0

#37
Metallica
Posted 24 April 2005 - 09:54 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP