Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fatal Error IE Trojan-Spy.HTML.Smitfraud.c [RESOLVED]


  • This topic is locked This topic is locked

#1
rsx

rsx

    New Member

  • Member
  • Pip
  • 7 posts
Hello GUYS! ive tried everything on this pagehttp://www.geekstogo.com/forum/Fatal_Error_IE_Trojan_SpyHTMLSmitfraudc-t40875.html and still for some reason i cannot get rid of this- please help

Logfile of HijackThis v1.99.1
Scan saved at 6:46:29 PM, on 7/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Windows Media Player\wmp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\o\Local Settings\Temporary Internet Files\Content.IE5\WXYB01ER\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 144.233.232:77
O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS1\xmllib.dll (file missing)
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O4 - HKLM\..\Run: [GroksterSupport] C:\Program Files\GroksterSupport\GroksterSupportrun.exe /cp:p "C:\Program Files\GroksterSupport\System\Code" Main lp: "C:\Program Files\GroksterSupport"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Grokster Support - file://C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: wmp - Unknown owner - C:\Program Files\Windows Media Player\wmp.exe" "C:\Program Files\Windows Media Player\wmp.cfg (file missing)

Edited by rsx, 24 July 2005 - 04:50 PM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Do not follow instructions for another user because your's most likely will be a little different. In this case, it's a lot different because you two don't have the similar infection at all.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Grokster - unless this is the paid version, it has spyware in it

Download FixO.exe to your desktop.
  • Double-click FixO.exe to install the program.
  • After it's installed, open the FixO folder and double-click FixO.bat.
  • When it's done running a notepad will appear with a log, please copy the contents of the notepad and paste it into your next reply along with a new HijackThis log.

  • 0

#3
rsx

rsx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello greyknight! i am accessing everything through windows task manager (clrt alt delete), i cant seem to uninstall grokster, because i have no active desktop or start button or anything, but i did do everything else here it is, i hope you can help - thanks man.

running from ---
C:\Documents and Settings\o\Desktop\fix\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
existing bad files:
-----------------------------------------------------
XMLLIBUI.exe present
winadvt.dll present


existing important bad keys:
-----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger"="C:\\WINDOWS1\\explorer32dbg.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"Debugger"="C:\\WINDOWS1\\iexplore_dbg.exe"



Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 2:18:57 AM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Windows Media Player\wmp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 57.113.284.239:80
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [GroksterSupport] C:\Program Files\GroksterSupport\GroksterSupportrun.exe /cp:p "C:\Program Files\GroksterSupport\System\Code" Main lp: "C:\Program Files\GroksterSupport"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Grokster Support - file://C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: wmp - Unknown owner - C:\Program Files\Windows Media Player\wmp.exe" "C:\Program Files\Windows Media Player\wmp.cfg (file missing)
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CLASSES_ROOT\CLSID\{60371670-81B9-4d06-9C42-4DEC1AABE62B}]

[-HKEY_CLASSES_ROOT\TypeLib\{4947DDCC-D549-4D0B-9685-AA58B20E9642}]

[-HKEY_CLASSES_ROOT\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ATLASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SEHLPstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP]

[-HKEY_CLASSES_ROOT\BHOASS.BHDP.1]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Doubleclick the file and confirm you want to merge it with the registry. Make sure you do this step first before going any further.

*Click Here to download Killbox by Option^Explicit.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\SMSSU.EXE
C:\WINDOWS\System32\Tmntsrv32.EXE
C:\Windows\explorer32dbg.exe
C:\Windows\iexplore_dbg.exe
C:\WINDOWS\System32\XMLLIBUI.exe
C:\WINDOWS\System32\winadvt.dll
C:\WINDOWS\XMLLIBUI.exe
C:\WINDOWS\winadvt.dll
C:\Program Files\Windows Media Player\wmp.exe
C:\Program Files\Windows Media Player\wmp.cfg


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot, check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O23 - Service: wmp - Unknown owner - C:\Program Files\Windows Media Player\wmp.exe" "C:\Program Files\Windows Media Player\wmp.cfg (file missing)

Reboot once more and post a new log. Run FixO again and post that log as well.
  • 0

#5
rsx

rsx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello. did extactly what you told me to do. here it is :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 2:43:41 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\csrss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\System32\wdfmgr.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 52.178.154.231:80
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [GroksterSupport] C:\Program Files\GroksterSupport\GroksterSupportrun.exe /cp:p "C:\Program Files\GroksterSupport\System\Code" Main lp: "C:\Program Files\GroksterSupport"
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Grokster Support - file://C:\Program Files\GroksterSupport\System\Temp\grokstershop_script0.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe


running from ---
C:\Documents and Settings\o\Desktop\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
existing bad files:
-----------------------------------------------------


existing important bad keys:
-----------------------------------------------------


Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------

Edited by rsx, 29 July 2005 - 12:46 AM.

  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I assume all is well?

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
rsx

rsx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
im not sure but i feel as if im still infected with viruses, and dont feel safe, shoping online or checking my email, i downloaded every program from thiis link http://www.geekstogo...ources-t38.html, and found a bunch of viruses and trojans and such, so im not sure if i feel safe??
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Don't get more than one antivirus program installed since they may conflict with each other.

OK, try running both of these online scans:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.
  • 0

#9
rsx

rsx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Incident Status Location

Adware:adware/ncase No disinfected C:\WINDOWS1\DOWNLOADED PROGRAM FILES\ClientAX.dll
Adware:adware/favoriteman No disinfected C:\WINDOWS1\SYSTEM32\im64.dll
Adware:adware/sahagent No disinfected C:\WINDOWS1\SYSTEM32\ritsacnk.dat
Adware:adware/keenvalue No disinfected C:\WINDOWS1\SYSTEM32\setup_incred_6.exe
Spyware:spyware/virtumonde No disinfected C:\WINDOWS1\dpusys.ini
Adware:adware/twain-tech No disinfected C:\WINDOWS1\smdat32m.sys
Adware:adware/bookedspace No disinfected C:\WINDOWS1\bs3.dll
Adware:adware/adroar No disinfected C:\WINDOWS1\artmmp.ini
Spyware:spyware/new.net No disinfected C:\WINDOWS1\NDNuninstall4_85.exe
Adware:adware/ipinsight No disinfected C:\WINDOWS1\alchem.ini
Spyware:spyware/betterinet No disinfected C:\WINDOWS1\INF\biini.inf
Adware:adware/wupd No disinfected C:\PROGRAM FILES\Media Access
Spyware:spyware/shopnav No disinfected C:\PROGRAM FILES\Srng
Adware:adware/myway No disinfected C:\PROGRAM FILES\MySearch
Spyware:spyware/searchcentrix No disinfected HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Spyware:spyware/altnet No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ADM.EXE
Adware:adware/sbsoft No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Adware:adware/mediatickets No disinfected HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
Possible Virus. No disinfected C:\Documents and Settings\o\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-f4853ca-38b339c7.zip[javautil.zip]
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Boot into Safe Mode.

Uninstall Media Access and MySearch from the Add/Remove panel if they are listed.

Delete these if found:

C:\WINDOWS1\DOWNLOADED PROGRAM FILES\ClientAX.dll
C:\WINDOWS1\SYSTEM32\im64.dll
C:\WINDOWS1\SYSTEM32\ritsacnk.dat
C:\WINDOWS1\SYSTEM32\setup_incred_6.exe
C:\WINDOWS1\dpusys.ini
C:\WINDOWS1\smdat32m.sys
C:\WINDOWS1\bs3.dll
C:\WINDOWS1\artmmp.ini
C:\WINDOWS1\NDNuninstall4_85.exe
C:\WINDOWS1\alchem.ini
C:\WINDOWS1\INF\biini.inf
C:\PROGRAM FILES\Media Access
C:\PROGRAM FILES\Srng
C:\PROGRAM FILES\MySearch


Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CURRENT_USER\SOFTWARE\DYNAMIC TOOLBAR]
[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET]
[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ADM.EXE]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
[-HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}]
[-HKEY_CLASSES_ROOT\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}]


Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.


Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

Restart and run your virus scans again. Anything detected now?
  • 0

#11
rsx

rsx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
IM FREE!!! thanks man helped alot.
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP