Trojan Spy HTML Smitfraud
Posted 08 May 2005 - 09:50 AM
Posted 08 May 2005 - 10:27 AM
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Print these instructions
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Exit Add/Remove Programs.
*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES http://www.xtra.co.n...1916458,00.html
Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the following processes:
Exit Task Manager.
*Click Here http://www.geekstogo...n=download&id=4 to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure! I would just copy each file path and paste it in the field) MAKE SURE TO ENTER ALL FILE PATHS!:
Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered press the YES button at both prompts so that your computer restarts. If you recieve an error message "PendingRenameOperation...." and your computer doesn't restart, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
Reboot into normal mode.
*Download and install Registrar Lite version 2.00 http://www.resplendence.com/download
*Double click the purple Registrar Lite icon on your desktop.
*Copy the line below and paste it into the "Address" field (located at the top) of the program:
*Click the "Go" button.
*It will take you into the "Policies" folder.
*Locate the "System" folder (in the right panel)
*If found, right-click on the System folder and go to Delete
*Be very careful that you only delete the System folder that is inside the Policies folder.
Reboot your computer again.
1.) Download the Hoster from HERE <http://www.funkytoad...oad/hoster.zip> Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp! http://www.greyknigh...spy/Cleanup.exe
4.) Run this online virus scan: ActiveScan http://www.pandasoft...com/activescan/ - Save the results from the scan!
Run at least two of these anti-spyware programs
Make sure all defintion files are up to date for all programs
Microsoft WIndows Anti-spyware
For Ad-ware se run a Full System Scan and ADS scan
Run at least two of the online AV scans:
http://www.trojanhunter.com/ Trojan hunter
http://www.pandasoft...n_principal.htm Panda Active Scan
http://housecall.trendmicro.com/ House Call (Trend Micro)
http://www.bitdefend...can/licence.php BitDefender Free OnlineVirus Scan
http://support.f-sec.../home/ols.shtml F-Secure Free OnlineVirus Scan
http://security.syma...IHKERRDTIPOKYJL Symantec Security Scan & Virus Detection
http://www.ravantivirus.com/scan/ RAV AntiVirus Online VirusScan
http://us.mcafee.com....asp?catid=free McAfee Antivirus scan
http://www.virus112....an_registration Danish Antivirus scan
http://support.f-sec.../home/ols.shtml F-SecureAntivirus scan
Post a HiJackThis log.
Edited by nommork, 08 May 2005 - 10:27 AM.
Posted 08 May 2005 - 11:39 AM
Posted 10 May 2005 - 12:58 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users