Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help - aurora and more, tried everything![RESOLVED]


  • This topic is locked This topic is locked

#16
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
I copied and pasted the files into killbox one by one. How do I know if I'm rid of them?
  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Did you do them one by one and use the "Standard File Kill"

Or did you use "Delete on Reboot" and do that five times?

All these:
c:\systemvolumeinformation\_restore are in your Restore Points and will remain there as long as you don't use System Restore.

Can MSAS remove the others?

Regards,
  • 0

#18
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
I did them one by one with delete on reboot clicking the x with each new entry. I did not reboot 5 times....only once.
Did I do it wrong? How will I know if they're still lurking in my computer?
Thanks!
  • 0

#19
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry,
MSAS said it removed the three I mentioned.
  • 0

#20
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
I just ran a Spybot scan that turned up the following HotSearchBar stuff:

HotSearchBar: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\drelkge789AEF5

HotSearchBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\drelkge789AEF5

When I tried to fix them, Spybot told me it could not because files were in use and will do a scan upon reboot.

What do you think?
Thanks!
  • 0

#21
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
FYI, I rebooted and did another Spybot scan which could not remove the HotSearchBar stuff.
Bummer!
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Please don't go paranoid on me. :tazz:

Is anything actually bothering you?
Popup ads, hijacked or alarming traffic?

If Spybot can't get rid of them because they are in use, rerun the scan in safe mode.

Regards,
  • 0

#23
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
Sorry...there really are no more pop-ups, hijacks, etc.
Does that mean I'm ok even though these bad boys show up durng the scans?
Thanks, Doctor Metallica!
  • 0

#24
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
I just did a safe mode scan - it could not fix the HotSearchBar stuff.
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
One thing to remember is that different scanners have different ways of dealing with spyware and even if the malware has been disabled, other scanners will find remains of the infection that are harmless by themselves.
On the other hand they should be able to get rid of them.
  • Download the Registry Search Tool.
  • Unzip the contents of RegSrch.zip to a convenient location.
  • Double-click on RegSrch.vbs.
  • If you have an anti-virus installed it might prompt you about a running script. Please ignore this warning and allow the script to run.
  • In the "Enter search string (case insensitive) and click OK..." box paste this string:
    • drelkge789AEF5
  • Click "OK" to search the registry for that string.
  • Wait for a few minutes while it completes the search.
  • Click "OK" to open the results in WordPad.
  • Copy and paste the entire results into your next post.
Regards,
  • 0

Advertisements


#26
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
Again, thanks for the explanation - this stuff absolutely baffles me.
Here is the Registry search result you requested.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "drelkge789AEF5" 5/19/2005 8:09:15 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5]

[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5\eeennn]

[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5\kkws]

[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5\ppops]

[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5\reel]

[HKEY_USERS\.DEFAULT\Software\drelkge789AEF5\ssites]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5\eeennn]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5\kkws]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5\ppops]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5\reel]

[HKEY_USERS\S-1-5-18\Software\drelkge789AEF5\ssites]
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good. We should be able to get rid of those in safe mode.

Copy the part in bold below into notepad and save it as remdrelkge.reg

REGEDIT4

[-HKEY_USERS\.DEFAULT\Software\drelkge789AEF5]

[-HKEY_USERS\S-1-5-18\Software\drelkge789AEF5]


Reboot into safe mode and doubleclick that file. Confirm you want to merge it with the registry.

NOTE: you probably have to have Administrator rights to make this work.

Regards,
  • 0

#28
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Metallica,
Registry project completed as instructed.
What did I just do?
Anything else I should do?
Thanks!
  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you repeat the regsearch.vbs to see if we actually succeeded in removing those two subkeys?

Regards,
  • 0

#30
mondoboffo

mondoboffo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Dr. Metallica,
Great news (I think)!
"No instances of drelkge789AEF5 found"
Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP