partizan said:
my system is infected with something called "adware.baidu" which is still on
my system after scanning and disinfecting.any suggestions on how to remove
this? thanks.
1 = First of all try to Kill the Runing Processor for the Adware by Pressing
ALT +CTRL+DEL and stop this alsmt.exe.
Then type in the Run Command this :
Start >> Run >> msconfig click [OK]
Click on the StartUp Tab and Disable it from Start up you will find it with
in line titled [BIE].
Clcik Start >> Control Panel >> Double click Networking and Internet
Connections>> Double click Internet Options >> Click on Advanced tab scroll
down under the Browsing Option Uncheck this box:
[&] Browsing
[ ] Enable Third Party Browser Extensions
Click [OK] to confirm your changes and close the IE properties.
2 = Open the Windows Explorer by double clicking on it or from the Start >>
All programs >> Accessories >> Windows Explorer and locate the
Entries/Files/Folder for the Adware and delete it.
C:\Windows\Download Program Files\BDEX.dll
C:\Windows\Download Program Files\BDHelper.dll
C:\Windows\Download Program Files\BDPlugin.dll
C:\Windows\Download Program Files\BDSearch.inf
C:\Windows\Download Program Files\BailBudar.dll
C:\Windows\Download Program Files\BDSrHook.dll
C:\Windows\System32\stdup.dll
C:\Windows\System32\alsmt.exe
C:\Program Files\MMsAssist\updmms\mmssner.dll
C:\Program Files\MMsAssist\updmms\mmass~1.dll
C:\Program Files\MMSAssis\UpDMMS\albus.dll
3= Open a Run command and type:
Regedit.exe click [OK]
Locate the Entries for the Adware in these Keys and Delete, Please delete
the Entires not the [HKEY] (i.e. the one between *Delete this*
[-] HKEY_Classes_Root\*BDHlprObj.BDHlprObj*
[-] HKEY_Classes_Root\*BDHlprObj.BDHlprObj.1 *
[-] HKEY_Classes_Root\*BDHook.BDSrchHook*
[-] HKEY_Classes_Root\*BDHook.BDSrchHook.1 *
[-] HKEY_Classes_Root\*BDHook.URLBDHook *
[-] HKEY_Classes_Root\*BDHook.URLBDHook.1 *
[-] HKEY_Classes_Root\*BDPlugins.Interceptor*
[-] HKEY_Classes_Root\*BDPlugins.Interceptor.1 *
[-] HKEY_Classes_Root\CLSID\*{2C5AA40E-8814-4EB6-876E-7EFB8B3F9662}*
[-] HKEY_Classes_Root\CLSID\*{9BBC1154-218D-453C-97F6-A06582224D81} *
[-] HKEY_Classes_Root\CLSID\*{B580CF65-E151-49C3-B73F-70B13FCA8E86}*
[-] HKEY_Classes_Root\CLSID\*{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} *
[-] HKEY_Classes_Root\CLSID\*{CA92B524-BC8A-4610-BD2C-6BD3E28155D0}*
[-] HKEY_Classes_Root\CLSID\*{E85A87F7-4AB3-4A9F-8187-9AFDD89489AA} *
[-] HKEY_Classes_Root\TypeLib\*{3034F39C-A0B3-4068-9C0C-FC566B0263A3}*
[-] HKEY_Classes_Root\TypeLib\*{CE7C3CE2-4B15-11D1-ABED-709549C10000} *
[-] HKEY_CURRENT_USER\SOFTWARE\*BAIDU*
[-] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
*{2C5AA40E-8814-4EB6-876E-7EFB8B3F9662}*
[-]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current
Version\Uninstall\*BDHelper*
[-]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\*{B580CF65-E151-49C3-B73F-70B13FCA8E86} *
[-]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\*{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} *
[-] HKEY_LOCAL_MACHINE\software\microsoft\internet
explorer\advancedoptions\*!iesearch *
[-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Explorer\Run = check the in the Right Pane/Window for Entries for it and
delete it
\Runonce= check the in the Right Pane/Window for Entries for it
and delete it.
You will not have Stars in the Entry of the Registry as here but I put it
for Point out what to delete.
Then Download Spybot and do a scan to download it go here:
http://www.safer-networking.org Spybot S&D
HTH.
Please let us know.
Regards,
nass
