You're welcome..I'm glad it helped.
| Ricky!
|
| THANK YOU! It worked like a charm!
|
| I have now re-booted a few times (even with System Restore on), and
its
| really completely gone. I even ran HiJackThis and CWShredder and
they say
| that my system is now clean!
|
| THANK YOU again!
|
| - Michael
|
| | > Here's a post I found that may help..
| >
| > Download pocket killbox from
| >
http://www.thespykiller.co.uk/files/killbox.exe & put it on the
| > desktop where you can find it easily
| > Now run killbox and paste this lines into the box, select delete
on
| > reboot then press the red X button, say yes to the prompt and let
it
| > reboot
| >
| > C:\WINDOWS\system32\req.dat
| >
| > then when it reboots run HJT & make sure these entries have gone
| >
| > O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} -
| > C:\WINDOWS\system32\req.dat
| > O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat"
| >
| >
| >
| > | > | Mark,
| > |
| > | You are right, I am seeing this "req.dat" under Manage Add-ons
under
| > the
| > | Disabled list. But there is no option to DELETE it, is there?
| > |
| > | Thanks again!
| > | Michael
| > |
message
| > | | > | > With SP2, IE has a Tools menu item for "Manage Add-Ons" that
| > should allow
| > | > disabling it.
| > | >
| > | > --
| > | >
| > | > Mark L. Ferguson
| > | > FAQ for MS Antispyware version 1.0.509
| > | >
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
| > | > marfers notes for windows xp
| > | >
http://www.geocities.com/marfer_mvp/chatNotes.htm
| > | > .
| > | > | > | >> Well folks, thanks everyone for your help and suggestions but
I
| > have yet
| > | >> still to successfully remove this damn "Spyware". But I
do
| > have some
| > | >> more information!
| > | >>
| > | >>
| > | >>
| > | >> I have for sure indentified the "offending" file as:
| > | >>
| > | >> \WINDOWS\SYSTEM32\REQ.DAT
| > | >>
| > | >>
| > | >>
| > | >> And the REGISTRY entry is:
| > | >>
| > | >>
| > | >>
| > | >>
| >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
| > | >> Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
| > | >>
| > | >>
| > | >>
| > | >> If I try to MANUALLY delete the file, I get "Access Denied"
and
| > when I
| > | >> delete the registry key, it just pops right back after
exiting
| > REGEDIT.
| > | >>
| > | >>
| > | >>
| > | >> Please remember, I have tried running the below suggested
| > utilities with
| > | >> System Restore On & Off, and also in Normal and in Safe Mode.
| > | >> Unfortunately, no luck!
| > | >>
| > | >>
| > | >>
| > || > | >>
| > | >> CWShredder - it finds this as "VX2.Look2Me", tells me it has
been
| > removed
| > | >> but when I reboot, it's still there.
| > | >>
| > | >>
| > | >>
| > | >> AdAware SE Pro - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Spybot Search and Destroy - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Microsoft's Antispyware beta - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Norton Antivirus 2005 - it find's it. Tells me to run it
again
| > in Safe
| > | >> Mode to remove it. When I re-run Norton in Safe Mode, it
| > doens't even
| > | >> flag or find it.
| > | >>
| > | >>
| > | >>
| > | >> HiJack This - it finds it, and when I choose to Fix It, it
| > supposedly
| > | >> does but when I re-run Scan, it's again back there.
| > | >>
| > | >>
| > | >>
| > | >> BHODemo - it finds it and thankfully I have been able to
DISABLE
| > it with
| > | >> this program. Here is the data that it reports on it:
| > | >>
| > | >>
| > | >>
| > | >> BHODemon 2.0.0.22 Report File:
| > | >> Desc: * Investigating *
| > | >> ReportsCount: 6
| > | >> Clsid: {1C044AAD-7955-4cbd-8175-501A165C4E5D}
| > | >> DLL Path: C:\WINDOWS\System32\req.dat
| > | >> Last Load Time: 4/30/2005 6:02:51 PM
| > | >> Blocked Load Attempts: 1,003
| > | >> Modified Date: Monday, April 11, 2005 20:11:53
| > | >> Created Date: Monday, April 11, 2005 20:11:53
| > | >> Load Attempts: 1,166
| > | >> Enabled?: No
| > | >> Size (bytes): 22,016
| > | >> EnabledCount: 4
| > | >> MD5 Checksum: d7bcebc6ca7dca7326eebb92818d410d
| > | >> Status: Investigating
| > | >>
| > | >> ------------------------------------------------------------
| > | >>
| > | >>
| > | >>
| > | >> So, if anyone has any other suggestions or ideas how to
| > completely remove
| > | >> it, PLEASE let me know. In my 20+ years around computers,
I
| > have never
| > | >> seen such a nasty and vicious worm.
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|