ClientMan (Browser Plug-In)

M

mAdMaCCa

Beta 1 has been fantastic at picking up various dodgy
installs etc, but I currently have a major issue with
ClientMan (Browser Plug-In).

MSAS warns me about it's attempted installation, and
then 'successfully' removes the threat, however, almost
immediately after a the suggested reboot it warns me once
again that I am reinfected. MSAS obviously isn't finding
the source of the threat, just the immediate symptoms.

Is there a way of perhaps running this in safe mode so
that ALL files can be checked and cleaned (...oops, there
we go, reinfected yet again) so as to remove the nasty
little germ at source???
 
M

mAdMaCCa

By 'Safe Mode' I mean 'DOS with Command Prompt' type
thingy to maximise it's effect!
 
A

AndyManchesta

Here's some options:

Download Ccleaner:

http://www.ccleaner.com/ccdownload.asp


Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/download/

Install ewido.

During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

Launch ewido

On the left side of the main screen click update
Click on Start and let it update.

Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)

Run Ewido by clicking Scanner then Complete system scan.

Run MS Antispy on a full scan and remove anything found

Run Ccleaner and press "Run Cleaner" to remova all temp
and unused files from your system

Reboot back to normal mode

Let us know if you have any problems

Andy :)
 
A

Alan

A few very important things:

1. If you are not removing this from the administrator
account that installed the app (referred to hereafter as
MSAS) then the removal will fail.
2. Delete the contents of c:\windows\prefetch (XP only).
3. If you have removed it from the administrator account
that installed the app and are logging into a limited-
user account you will see this type of behvior even
though the infection is no longer present.
4. There's a chance that this infection isn't actually
being removed because of registered components. In this
case, searching the Internet for manual removal
instructions is generally the best way to deal with these
threats. The same applies to Ad-Aware and Spybot as well.

Alan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Browser Plug-in Warns Of Surfing Risks Before Clicking 10
Sun Java RTE v1.4.2 IE plug-in crash-and-burn Windows XP Pro SP-1 13
BearWare Comprehensive Security Plan 32
Windows Vista No Longer in Free Fall 14
FWT Newsletter - Weekly - December 29, 2003 3
BearWare Comprehensive Security Plan 0
OpenOffice.Org Newsletter - Vol. 01 Issue 9 3
XP Media Center, runs slow, has glitches 4

Top