Rogue Program

D

DC4tea

I have a rogue program on my desktop which I clear including the keys in
regedit but it keeps coming back. I have contacted the originator who swears
that I have signed up for 'Get Films Now' (Platte international). No one has
from this PC. They say they want paying but no one has ordered anyting - nor
will we. How do I get rid of this invasion permanently? I have Windows
LiveOne Care and all the usual antispyware stuff but it does not pick it up
or remove it.
Any guidance will be appreciated
 
D

David H. Lipman

From: "DC4tea" <[email protected]>

| I have a rogue program on my desktop which I clear including the keys in
| regedit but it keeps coming back. I have contacted the originator who swears
| that I have signed up for 'Get Films Now' (Platte international). No one has
| from this PC. They say they want paying but no one has ordered anyting - nor
| will we. How do I get rid of this invasion permanently? I have Windows
| LiveOne Care and all the usual antispyware stuff but it does not pick it up
| or remove it.
| Any guidance will be appreciated



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 
N

nass

DC4tea said:
I have a rogue program on my desktop which I clear including the keys in
regedit but it keeps coming back. I have contacted the originator who swears
that I have signed up for 'Get Films Now' (Platte international). No one has
from this PC. They say they want paying but no one has ordered anyting - nor
will we. How do I get rid of this invasion permanently? I have Windows
LiveOne Care and all the usual antispyware stuff but it does not pick it up
or remove it.
Any guidance will be appreciated
Click to expand...

Unexplained computer behaviour may be caused by deceptive software
http://support.microsoft.com/kb/827315

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
And remove the entries.
Or download this tool:
http://www.ccleaner.com and run to clean the left over entires and files.
HTH.
nass
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Rogue program 3
Warning! ... another rouge security program 3
HP 2210 Software Installation Error 1
Can send but not receive e-mails 1
Auto generated email 2
"Search Miracle" Still Evading Antispyware 1
Windows XP Reply Windows needs to know what program created it 1
Spyware program, DSO exploits, and Hijack This 2

Top