Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfield Victim again[RESOLVED]


  • This topic is locked This topic is locked

#31
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Good detective work. :tazz:

The Sysai folder is from Apropos spyware and can be deleted completely.

param32.dll will be a bit more difficult.

Copy the part in bold below into notepad and save it as param.reg

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{D56A1203-1452-EBA1-7294-EE3377770000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D56A1203-1452-EBA1-7294-EE3377770000}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\open\command]
@="\"%1\" %*"


Then have HijackThis fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0278/

Then reboot and you should be able to delete the file.

Let me know.

Regards,

Pieter
  • 0

Advertisements


#32
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Save param.reg in which directory?

HJT can't seem to fix that entry... after i fix, when i run HJT again, it remains there.
  • 0

#33
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I have created param.reg in the same directory as param32.dll. Now it doesnt appear as hidden. So I should delete param32.dll now?
  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts

I have created param.reg in the same directory as param32.dll. Now it doesnt appear as hidden. So I should delete param32.dll now?

View Post



Yes please. Then fix the entry in HijackThis and reboot.

param32.dll is the one sustaining that I think.

Regards,

Pieter
  • 0

#35
roamer

roamer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
IT IS RESOLVED!

param32.dll is really the culprit. Thanks so much for your time and patience! *tears of joy* :tazz: ;)
  • 0

#36
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Glad I was able to help.
I do hope your memory banks hold out for a while longer, but you really should look at your options regarding those. Better prepared then sorry. :tazz:

Alos have a look at my site for some tips on protecting your system.

Regards,

Pieter
  • 0

#37
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP