Dealing with Trojans & Hijackware (Do parts A and B):
A. Removing Trojans and Trojanware with Sysclean
Create a new folder named Sysclean (e.g., C:\Program files\Sysclean or just
a desktop folder). Download 'Sysclean.com' from
http://www.trendmicro.com/download/dcs.asp to this folder. Download the
latest 'Trend Pattern File' zip (e.g., lpt123.zip) from
http://www.trendmicro.com/download/pattern.asp and extract its contents to
the same folder; see the Readme text file for instructions.
Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of TEMP folders and Recycle Bin.
Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.
If the scan shows any infections in System Restore files:
(1) create a new Restore Point (Start>Programs>Accessories>System
Tools>System Restore), then
(2) delete all but the most recent Restore Point
(Start>Programs>Accessories>System Tools>Disk Cleanup>More options [tab]).
Afterwards, update your own anti-virus application and perform another full
system scan.
B. Hijackware
Help with Hijackware (all are MS MVP sites)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
Run the following tools in this order with nothing else running in
background:
1. CWShredder v2.13 (choose Fix, not Scan)
2. Ad-Aware SE (Reconfigure per
http://aumha.net/viewtopic.php?t=5877; Fix
all found)
3. OPTIONAL: Spybot (RTFM; Immunize first and then scan; Generally, fix
everything in red)
Important: You must seek updates for Ad-Aware and Spybot before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7.
When all else fails, HijackThis
(
http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your files to
http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (Shell, IE/OE) & Security
This issue is the complete opposite of most issues of not being able to
open secure (https).
I can open secure sites just fine. I can't open unsecure (http) site.
I have looked all over the place for information on this, but have found
very litte and nothing has worked.
Frustrated,
Goldhorn
