Hi Tay
There are some variants of malware that can replicate themselves repeatedly,
and even mutate anew, if they are not removed properly. Although you may
have already run one or more of the programs, please do so again according
to the instructions below. Some variants of malware can replicate
themselves over and over if not removed properly. Please follow all
instructions carefully to be sure your system is thoroughly cleaned:
Step one:
Run Ad-Aware:
Download the latest version of AdAware at
http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, you NEED to FIRST
update the reference file following these instructions.
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Download:
1.)
http://members.shaw.ca/techcd/VB_Projects/Killmsg118.exe
2.) -L2M.zip from-
http://www10.brinkster.com/expl0iter/fr...2M/L2M.htm
Restart your computer, remain offline and run "Killmsg118.exe".
Your computer should restart.
Unzip "L2M.zip" , Double click on the "L2M.reg" file, and hit->yes to the
registry merge prompt.
That will remove all the related registry entries including the 'hijacked'
user agent key!
When done, search your hard drive and delete these files from any location:
(if exist)
-msg118.dll
-msguard.dll
-msg118.txt
-oe.bat
-----
Download and then extract Hijackthis.exe to a new folder. Do not run it
from the zip the desktop or a temp folder.
http://www.majorgeeks.com/downloadget.p...e6434cfc13
Do not remove anything using HijackThis. It lists many types of entries.
Some are good, and others need to be removed. Post the hijackthis log to
the one of the following forums to be analyized by the experts there to tell
you what corrective action to take, if necessary .
AumHa Forums: HijackThis
http://forum.aumha.org/viewforum.php?f=30
Computer Cops
http://computercops.biz/forum67.html
You will have to register to post your log, but, it is ok....there are no
spammers there. just experts to read and help you. Follow their
instructions:
You should also download, update and run the following programs as well, to
make sure your system is totally free of scumware:
Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp
along with the latest pattern file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
(You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these:
http://home.epix.net/~artnpeg/).
About:Buster
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
SpyBot Search & Destroy
http://www.majorgeeks.com/download2471.html
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm