Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Found Bloodhound.w32.EP, failed to remove [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. You may find something usefull HERE

2. Open HJT, Go to Config>>Miscellaneous Tools>>Open Uninstall Manager

3. Check to see if those 2 programs can be found in among those programs.


Trevuren
  • 0

Advertisements


#17
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Trevuren,

Thank you for the link, I will try something including reinstall IE.

Yes, both Offer Optimizer and Shopping Wizard are in HJT>>Config>>Miscellaneous Tools>>Open Uninstall Manager
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Open HJT, Go to Config>>Miscellaneous Tools>>Open Uninstall Manager

2. Select "Shopping Wizard" from the list

3. Click on the "Delete this entry" button

4. Then do the same with "Offer Optimizer"

5. REBOOT your machine

6. Tell me if the programs are gone From your Add/Remove Programs List.


Trevuren
  • 0

#19
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Trevuren,

Yes, both Shopping Wizard and Offer Optimizer dissapear from 'Add or Remove Programs' window.

I then tried to install kaspersky and remove IE and all failed....you know what happend....now I cannot open WindowsXP in either normal or safe mode! It said
The procedure entry point AssocIsDangerous could not be located in the dynamic link library SHLWAPI.dll.
  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Long Shot:

Boot into the Recovery Console by following these steps:
  • Insert the Windows CD and restart your computer. Follow your computer's prompts to boot from the CD. (You might need to adjust settings in the computer's BIOS to enable the option to boot from a CD.)
  • Follow the setup prompts to load the basic Windows startup files. At the Welcome To Setup screen press R to start the Recovery Console.
  • Enter the number of the Windows installation you want to access from the Recovery Console.
  • When prompted, type the Administrator password. If you're using the Recovery Console on a system running Windows XP Home Edition, this password is blank by default, so just press Enter.


Trevuren
  • 0

#21
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Trevuren,

I went to BIOS, found
1st Boot Device [ATAPI CDROM]
Then, Exc to start window, I can hear the CD running and can see the 'Windows XP' (now the window yet) then the same error message.
  • 0

#22
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Trevuren,

Sorry too many mistakes in the last post.

I went to BIOS, found
1st Boot Device [ATAPI CDROM]
Then, Esc to start window, I can hear the CD running and can see the 'Windows XP' (not the window yet) then the same error message.
  • 0

#23
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. It appears that the problem occurred through an incomplete or faulty attempt to remove IE or upgrade. The Microsoft article can be found HERE

2. There is a published fix for which I cannot vouch, published HERE

3. But to even attempt this, you must be able to enter through the Recovery Console.

4. This is really a technical problem which is way beyong my level of knowledge in this field as it does not have anything to do with malware.

5. As mentioned, I cannot vouch for the fix above.

I will keep on looking



Trevuren
  • 0

#24
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Trevuren,

I found Windows XP Boot disks and managed to open the window.
As for the malware problem, I guess it has been solved by your help, thanks a lot!!

BTW, I also answered a few questions in VB and Excel in this website but no response for my answers until now.....strange.....
  • 0

#25
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please send a fresh HJT lof for review before we do the cleanup procedures.

Trevuren
  • 0

Advertisements


#26
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:11:15 AM, on 8/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Lin\Tool\Avast4\aswUpdSv.exe
C:\Lin\Tool\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Lin\Tool\Avast4\ashMaiSv.exe
C:\Lin\Tool\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Lin\Tool\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Lin\Tool\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Lin\Tool\PDF\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [avast!] C:\Lin\Tool\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...509/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Lin\Tool\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Lin\Tool\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Lin\Tool\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Lin\Tool\Avast4\ashWebSv.exe" /service (file missing)
  • 0

#27
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
1. Right-click "My Computer", and then left click "Properties".
2. Left click on "System Restore Tab"
3. Check box beside "Turn Off System Restore"
4. Left click on "Apply"

TO ENABLE SYSTEM RESTORE
1.Remove check mark from "Turn Off System Restore"
2.Click on "Apply"

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


3. Finally, Re-hide your System Files and Folders to prevent any future accidents.


Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#28
paper

paper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Trevuren,

Thank you again, I will do those things now.
  • 0

#29
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP