REPLY TO 2 PROGRAMS WO'T...

  • Thread starter Thread starter WINGNUT
  • Start date Start date
W

WINGNUT

WENT TO SYMANTEC AND RAN THE FXHUNTBAR PROGRAM TWICE.
THE FXHUNTBAR SAYS THAT HUNTBAR WAS NOT FOUND ON MY
COMPUTER. HOWEVER, THE SPYWARE SOFTWARE SAYS IT IS STILL
THERE.
IS IT POSSIBLE THAT THERE IS SOME SORT OF FRAGMENT LEFT
THAT IS BEING IDENTIFIED AS THE WHOLE PROGRAM?
THANKS AGAIN FOR ALL YOUR HELP.
 
Please do not type in all capitals. It is very hard to read and is
considered to be SHOUTING!!!

Yes, there is most likely some fragment left, and MAS should tell you
exactly what it is. Please rescan and advise exactly what MAS is detecting
(registry keys, files etc).
 
this is what MAS says it is finding:
huntbar browser hijacker
c:\program files\search toolbars
c:\program files\search toolbars\cursors

cydoor adware
c:\program files\search toolbars
c:\program files\search toolbars\cursors
c:\program files\search toolbars\temp

i click continue, mas goes through it's process and tells
me it has successfully removed the files.
i run the test immediatly after that and it finds them
again.
 
..\cursors and ..\temp are directories. It is what is *in* those
directories that is important.

In any event, the cleanup is incomplete.

Before trying to remove spyware:

Back up all essential data.

Download the recommended software listed below.

After all software has been downloaded, installed and updated disconnect the
computer from the internet and/or any network to which it may be attached.

The software you should download and have ready to use is:

Lspfix and Winsockfix, available at http://www.cexx.org/lspfix.htm and
http://www.spychecker.com/program/winsockxpfix.html

A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor (non XP SP2 users
only)
http://www.pcmag.com/article2/0,4149,270,00.asp
http://www.definitivesolutions.com/bhodemon.htm
http://www.webattack.com/get/bho.shtml

AdAware (note that Lavasoft have now released Ad-Aware SE Personal Edition,
available from http://www.lavasoftusa.com/support/download/ AdAware 6 users
should update to SE as soon as possible. All previous versions are NO LONGER
SUPPORTED)

Spybot Search and Destroy - http://spybot.eon.net.au

HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.html

HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
Extract the BAT file to your desktop.

After obtaining the required software above, make sure you check for updates
and run the programmes in safe mode.

Malware removal (beginner's guide):

Go to Control Panel, Folder Options, View Tab. Turn on the option to show
hidden files. Turn off the option to hide protected system files.
***WARNING!! Files are hidden by Windows for a very good reason. It is not
wise to 'experiment' with these files. Unfortunately, to successfully remove
modern malware we must turn this protection off. There is a risk to doing
this. Please turn the protection back on when you have finished cleaning
your system.***

Run HackerDefender Disabler. A DOS window will flash onto your screen and
then disappear. This is normal.

If you are using Windows XP SP2 download and install Update KB888240 to
solve a known problem where add-ins will sometimes hide themselves from the
Add-On Manager. The hotfix is available from:
http://www.microsoft.com/downloads/...9e-b116-4d38-b00c-ff1d529106c8&displaylang=en

Go to Control Panel, add/remove programs. Check for malware entries and use
the uninstall programs, then reboot. Check all 'startup' folders at
...\Documents and Settings\All Users\Start Menu\Programs\Startup or
...\Documents and Settings\<username>\Start Menu\Startup

Go to start/run and type MSCONFIG. Go to the startup tab. Disable everything
that you do not recognise as legitimate (do not disable any power profile
options).

Now go to the Services tab. Turn on the option to 'hide all Microsoft
Services'. Disable everything that remains. If you don't have this option,
don't worry about it.

Reboot your computer and hold down the F8 key until the boot menu options
appear. Choose Safe Mode as your startup choice. You will find information
about what safe mode is, and what it does, at this link
[http://inetexplorer.mvps.org/data/safe_mode.htm]

If you are using Windows XP, go to Tools, Manage Add-Ons and disable
anything you don't want or recognise. If you are not running XP SP2 use one
of the BHO disablers mentioned earlier.

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and Settings\<name>\Local Settings\Temp (the
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Program Files. Check for unrecognised
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

Start CWSHREDDER and fix anything it finds. Reboot back into safe mode.

Start AdAware.

Remember to update using the 'check for updates now' button. Update, then
select 'start' option.

Make sure that 'search for negligible risk entries' is turned on. Select
'use custom scanning options' then select 'customise'. Make sure the
following options are enabled: 'scan within archives', 'scan active
processes', 'scan registry', 'deep scan registry', 'scan my IE favorites for
banned URLs', 'scan my Hosts file'.

Select the 'tweak' option. Under 'scanning engine', make sure 'unload
recognized processes and modules during scan' is enabled. Enable 'scan
registry for all users instead of current users'.

Under 'cleaning engine' turn on 'always try to unload modules..', 'during
removal unload explorer and IE if necessary', 'let windows remove files in
use at next reboot', 'delete quarantined items after restoring'.

Use the 'select drives and folders to scan' option to ensure that your
ENTIRE hard drive is scanned (if you have more than one hard drive, scan all
of them (of course, do not include floppy and CD/DVD).

Once finished, reboot again into safe mode. Run Spybot S&D. "Fix" anything
marked red.

If you are unable to get on to the internet after cleaning up your computer,
run LSPfix. If that doesn't work, run Winsockfix.

If you are using XP SP2 and are unable to access the internet after removing
malware, the following commandline may help - it will reset the winsock
catalogue:

netsh winsock reset

If the malware problem comes back further specialised assistance is
available via the Hijackthis forum at http://forum.aumha.org - make sure you
read the top announcements about pre-post steps you should take before
generating a hijackthis log.


--
Hyperlinks are used to ensure advice remains current
Visit the Internet Explorer Online Community:
http://www.microsoft.com/windows/ie/community/default.mspx
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/
 
sandi,
i'm afraid i missed part of your last post. it started
with, ..\cursors. is that it? or was there something
before that?

thank-you for the detailed information, however some of
that stuff is a little over my head.

when you say 'xp sp2' i'm guessing that is different
from 'xp 5.1.'

i'm ok with alot of stuff when it comes to computers, but
this makes me nervous. if it's not too much trouble
could you send me the procedure needed for xp 5.1 only.

one other question please: should i create a restore
point before srarting this process in order to back up
essential data. or is simply saving my latest version of
my work all that is needed? i have my cd's floppys and
recovery disc in case things go terribly wrong. or is
there another way to back up my essential data? just
wondering...if all else fails a system recovery would get
rid of everything would'nt it?

sorry for being so computer illiterate but as long as
i've had a pc this is the first time something this
drastic has happened.

thank you again

-----Original Message-----
..\cursors and ..\temp are directories. It is what is *in* those
directories that is important.

In any event, the cleanup is incomplete.

Before trying to remove spyware:

Back up all essential data.

Download the recommended software listed below.

After all software has been downloaded, installed and updated disconnect the
computer from the internet and/or any network to which it may be attached.

The software you should download and have ready to use is:

Lspfix and Winsockfix, available at
http://www.cexx.org/lspfix.htm and
http://www.spychecker.com/program/winsockxpfix.html

A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor (non XP SP2 users
only)
http://www.pcmag.com/article2/0,4149,270,00.asp
http://www.definitivesolutions.com/bhodemon.htm
http://www.webattack.com/get/bho.shtml

AdAware (note that Lavasoft have now released Ad-Aware SE Personal Edition,
available from
http://www.lavasoftusa.com/support/download/ AdAware 6
users
should update to SE as soon as possible. All previous versions are NO LONGER
SUPPORTED)

Spybot Search and Destroy - http://spybot.eon.net.au

HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.h
tml

HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
Extract the BAT file to your desktop.

After obtaining the required software above, make sure you check for updates
and run the programmes in safe mode.

Malware removal (beginner's guide):

Go to Control Panel, Folder Options, View Tab. Turn on the option to show
hidden files. Turn off the option to hide protected system files.
***WARNING!! Files are hidden by Windows for a very good reason. It is not
wise to 'experiment' with these files. Unfortunately, to successfully remove
modern malware we must turn this protection off. There is a risk to doing
this. Please turn the protection back on when you have finished cleaning
your system.***

Run HackerDefender Disabler. A DOS window will flash onto your screen and
then disappear. This is normal.

If you are using Windows XP SP2 download and install Update KB888240 to
solve a known problem where add-ins will sometimes hide themselves from the
Add-On Manager. The hotfix is available from:
http://www.microsoft.com/downloads/details.aspx? familyid=d788c59e-b116-4d38-b00c-
ff1d529106c8&displaylang=en

Go to Control Panel, add/remove programs. Check for malware entries and use
the uninstall programs, then reboot. Check all 'startup' folders at
...\Documents and Settings\All Users\Start Menu\Programs\Startup or
...\Documents and Settings\<username>\Start Menu\Startup

Go to start/run and type MSCONFIG. Go to the startup tab. Disable everything
that you do not recognise as legitimate (do not disable any power profile
options).

Now go to the Services tab. Turn on the option to 'hide all Microsoft
Services'. Disable everything that remains. If you don't have this option,
don't worry about it.

Reboot your computer and hold down the F8 key until the boot menu options
appear. Choose Safe Mode as your startup choice. You will find information
about what safe mode is, and what it does, at this link
[http://inetexplorer.mvps.org/data/safe_mode.htm]

If you are using Windows XP, go to Tools, Manage Add-Ons and disable
anything you don't want or recognise. If you are not running XP SP2 use one
of the BHO disablers mentioned earlier.

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and
Settings\ said:
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Program Files. Check for unrecognised
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

Start CWSHREDDER and fix anything it finds. Reboot back into safe mode.

Start AdAware.

Remember to update using the 'check for updates now' button. Update, then
select 'start' option.

Make sure that 'search for negligible risk entries' is turned on. Select
'use custom scanning options' then select 'customise'. Make sure the
following options are enabled: 'scan within archives', 'scan active
processes', 'scan registry', 'deep scan registry', 'scan my IE favorites for
banned URLs', 'scan my Hosts file'.

Select the 'tweak' option. Under 'scanning engine', make sure 'unload
recognized processes and modules during scan' is enabled. Enable 'scan
registry for all users instead of current users'.

Under 'cleaning engine' turn on 'always try to unload modules..', 'during
removal unload explorer and IE if necessary', 'let windows remove files in
use at next reboot', 'delete quarantined items after restoring'.

Use the 'select drives and folders to scan' option to ensure that your
ENTIRE hard drive is scanned (if you have more than one hard drive, scan all
of them (of course, do not include floppy and CD/DVD).

Once finished, reboot again into safe mode. Run Spybot S&D. "Fix" anything
marked red.

If you are unable to get on to the internet after cleaning up your computer,
run LSPfix. If that doesn't work, run Winsockfix.

If you are using XP SP2 and are unable to access the internet after removing
malware, the following commandline may help - it will reset the winsock
catalogue:

netsh winsock reset

If the malware problem comes back further specialised assistance is
available via the Hijackthis forum at
http://forum.aumha.org - make sure you
 
Hi there,

There was nothing before ..\cursors. That was simply me being lazy with my
typing.

I'd recommend that you obtain external assistance for this rather than
struggling with being thrown in the deep end :o(

--
_______________________________________
Hyperlinks used to ensure advice is current
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org

sandi,
i'm afraid i missed part of your last post. it started
with, ..\cursors. is that it? or was there something
before that?

thank-you for the detailed information, however some of
that stuff is a little over my head.

when you say 'xp sp2' i'm guessing that is different
from 'xp 5.1.'

i'm ok with alot of stuff when it comes to computers, but
this makes me nervous. if it's not too much trouble
could you send me the procedure needed for xp 5.1 only.

one other question please: should i create a restore
point before srarting this process in order to back up
essential data. or is simply saving my latest version of
my work all that is needed? i have my cd's floppys and
recovery disc in case things go terribly wrong. or is
there another way to back up my essential data? just
wondering...if all else fails a system recovery would get
rid of everything would'nt it?

sorry for being so computer illiterate but as long as
i've had a pc this is the first time something this
drastic has happened.

thank you again

-----Original Message-----
..\cursors and ..\temp are directories. It is what is *in* those
directories that is important.

In any event, the cleanup is incomplete.

Before trying to remove spyware:

Back up all essential data.

Download the recommended software listed below.

After all software has been downloaded, installed and updated disconnect the
computer from the internet and/or any network to which it may be attached.

The software you should download and have ready to use is:

Lspfix and Winsockfix, available at
http://www.cexx.org/lspfix.htm and
http://www.spychecker.com/program/winsockxpfix.html

A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor (non XP SP2 users
only)
http://www.pcmag.com/article2/0,4149,270,00.asp
http://www.definitivesolutions.com/bhodemon.htm
http://www.webattack.com/get/bho.shtml

AdAware (note that Lavasoft have now released Ad-Aware SE Personal Edition,
available from
http://www.lavasoftusa.com/support/download/ AdAware 6
users
should update to SE as soon as possible. All previous versions are NO LONGER
SUPPORTED)

Spybot Search and Destroy - http://spybot.eon.net.au

HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.h
tml

HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
Extract the BAT file to your desktop.

After obtaining the required software above, make sure you check for updates
and run the programmes in safe mode.

Malware removal (beginner's guide):

Go to Control Panel, Folder Options, View Tab. Turn on the option to show
hidden files. Turn off the option to hide protected system files.
***WARNING!! Files are hidden by Windows for a very good reason. It is not
wise to 'experiment' with these files. Unfortunately, to successfully remove
modern malware we must turn this protection off. There is a risk to doing
this. Please turn the protection back on when you have finished cleaning
your system.***

Run HackerDefender Disabler. A DOS window will flash onto your screen and
then disappear. This is normal.

If you are using Windows XP SP2 download and install Update KB888240 to
solve a known problem where add-ins will sometimes hide themselves from the
Add-On Manager. The hotfix is available from:
http://www.microsoft.com/downloads/details.aspx? familyid=d788c59e-b116-4d38-b00c-
ff1d529106c8&displaylang=en

Go to Control Panel, add/remove programs. Check for malware entries and use
the uninstall programs, then reboot. Check all 'startup' folders at
...\Documents and Settings\All Users\Start Menu\Programs\Startup or
...\Documents and Settings\<username>\Start Menu\Startup

Go to start/run and type MSCONFIG. Go to the startup tab. Disable everything
that you do not recognise as legitimate (do not disable any power profile
options).

Now go to the Services tab. Turn on the option to 'hide all Microsoft
Services'. Disable everything that remains. If you don't have this option,
don't worry about it.

Reboot your computer and hold down the F8 key until the boot menu options
appear. Choose Safe Mode as your startup choice. You will find information
about what safe mode is, and what it does, at this link
[http://inetexplorer.mvps.org/data/safe_mode.htm]

If you are using Windows XP, go to Tools, Manage Add-Ons and disable
anything you don't want or recognise. If you are not running XP SP2 use one
of the BHO disablers mentioned earlier.

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and
Settings\ said:
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Program Files. Check for unrecognised
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

Start CWSHREDDER and fix anything it finds. Reboot back into safe mode.

Start AdAware.

Remember to update using the 'check for updates now' button. Update, then
select 'start' option.

Make sure that 'search for negligible risk entries' is turned on. Select
'use custom scanning options' then select 'customise'. Make sure the
following options are enabled: 'scan within archives', 'scan active
processes', 'scan registry', 'deep scan registry', 'scan my IE favorites for
banned URLs', 'scan my Hosts file'.

Select the 'tweak' option. Under 'scanning engine', make sure 'unload
recognized processes and modules during scan' is enabled. Enable 'scan
registry for all users instead of current users'.

Under 'cleaning engine' turn on 'always try to unload modules..', 'during
removal unload explorer and IE if necessary', 'let windows remove files in
use at next reboot', 'delete quarantined items after restoring'.

Use the 'select drives and folders to scan' option to ensure that your
ENTIRE hard drive is scanned (if you have more than one hard drive, scan all
of them (of course, do not include floppy and CD/DVD).

Once finished, reboot again into safe mode. Run Spybot S&D. "Fix" anything
marked red.

If you are unable to get on to the internet after cleaning up your computer,
run LSPfix. If that doesn't work, run Winsockfix.

If you are using XP SP2 and are unable to access the internet after removing
malware, the following commandline may help - it will reset the winsock
catalogue:

netsh winsock reset

If the malware problem comes back further specialised assistance is
available via the Hijackthis forum at
http://forum.aumha.org - make sure you
read the top announcements about pre-post steps you should take before
generating a hijackthis log.


--
Hyperlinks are used to ensure advice remains current
Visit the Internet Explorer Online Community:
http://www.microsoft.com/windows/ie/community/default.msp x
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/




.
 
Back
Top