Spyware infection BHO

[Guest]

I have plenty spyware guards my machine, but I have one rogue bit which has
got through and I cant seem to shake off....

BHO 11BE3648-38DF-4A8F-AF543F3C21DF is stored in C:\windows\syslp32.dll and
keeps trying to change my settings.

spyware is stopping it from doing so, but keeps popping up Browser
Protection Alerts every few minutes.

Can someone help me to delete the route cause?

thanks

 

[Jan Il]

Hi

Try the following and see if it helps:

BHODemon - Free-
http://www.definitivesolutions.com/bhodemon.htm

Information here -
http://isc.incidents.org/diary.php?date=2004-06-29

also...

How to download and install HiJackThis:
http://www.bleepingcomputer.com/forums/topict309.html

Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for you.:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Guest]

thanks,

i have BHO demon and Hijack this, but neither seems able to permanently
delete the error log. i will follow your link to the experts' forum.

thanks



AlJay

 

[Jan Il]

Hi AlJay

It appears that the hijacker variant you have can replicate itself
repeatedly if not properly removed, therefore, in addition to the tools I
have already provided do the following:

Clear all TIF files, including the 'off line' files

Safely Delete the Temporary Internet Files
http://www.mvps.org/winhelp2002/delcache.htm

Empty the Recycle bin.

Downlaod and run these programs in Safe Mode to make sure that the files can
be detected and and removed, and cannot hide in an Windows 'in' use' files.

CWShredder: Free
http://www.majorgeeks.com/download4086.html

Go to one of these sites and download

About:Buster - Free
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
http://www.karlsforums.com/forums/viewthread.php?tid=23033

Please post the link to where you post your HiJackThis log here so that we
can track the progress there as well.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Dan]

Why does the author have to name it demon?

: Hi
:
: Try the following and see if it helps:
:
: BHODemon - Free-
: http://www.definitivesolutions.com/bhodemon.htm
:
: Information here -
: http://isc.incidents.org/diary.php?date=2004-06-29
:
: also...
:
: How to download and install HiJackThis:
: http://www.bleepingcomputer.com/forums/topict309.html
:
: Please DO NOT post your log to this newsgroup. It is important that you go
: to one of the HiJackThis Support Forums below and allow the experts there
: to analyze it for you.:
: http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
: AumHa HiJackThis Forum
: http://forum.aumha.org/viewforum.php?f=30
: or Bleeping Computer Forum
: http://www.bleepingcomputer.com/forums/forum22.html
: to allow the experts there to evaluate your log and advise you of any
: necessary steps to clean your system.
: (Note: You will have to Register before posting on these Forums. Please
: follow all posting instructions carefully to avoid having your log deleted
: or ignored.
:
: Hope this helps
:
: Jan
: Smiles are meant to be shared,
: that's why they're so contagious.
:
: Replies are posted only to the newsgroup for the benefit or other readers.
: How to make a good newsgroup post:
: http://www.dts-l.org/goodpost.htm
:
:
: >I have plenty spyware guards my machine, but I have one rogue bit which
has
: > got through and I cant seem to shake off....
: >
: > BHO 11BE3648-38DF-4A8F-AF543F3C21DF is stored in C:\windows\syslp32.dll
: > and
: > keeps trying to change my settings.
: >
: > spyware is stopping it from doing so, but keeps popping up Browser
: > Protection Alerts every few minutes.
: >
: > Can someone help me to delete the route cause?
: >
: > thanks
: >
:
:

 

[Dan]

Spyware Blaster, Mozilla Firefox, Spybot Search and Destroy, Adaware SE and
Spysweeper (costs about $30) but really worth it and download it from
Majorgeeks -- just google the information aka Adaware SE by Majorgeeks and it
will work for you. I hope your system is free of baddies as soon as
possible.

: I have plenty spyware guards my machine, but I have one rogue bit which has
: got through and I cant seem to shake off....
:
: BHO 11BE3648-38DF-4A8F-AF543F3C21DF is stored in C:\windows\syslp32.dll and
: keeps trying to change my settings.
:
: spyware is stopping it from doing so, but keeps popping up Browser
: Protection Alerts every few minutes.
:
: Can someone help me to delete the route cause?
:
: thanks
:

 

[Modem Ani]

The correct term is "daemon." The term comes from Greek mythology, where
daemons were guardian spirits. It can be pronounced dee-mon or day-mon.

Modem Ani

 

[Dan]

Thank you so much for the correction. I appreciate it. Have a wonderful
day!

: The correct term is "daemon." The term comes from Greek mythology, where
: daemons were guardian spirits. It can be pronounced dee-mon or day-mon.
:
: Modem Ani
:
: : > Why does the author have to name it demon?
: >
: > : > : Hi
: > :
: > : Try the following and see if it helps:
: > :
: > : BHODemon - Free-
: > : http://www.definitivesolutions.com/bhodemon.htm
: > :
: > : Information here -
: > : http://isc.incidents.org/diary.php?date=2004-06-29
: > :
: > : also...
: > :
: > : How to download and install HiJackThis:
: > : http://www.bleepingcomputer.com/forums/topict309.html
: > :
: > : Please DO NOT post your log to this newsgroup. It is important that
you
: go
: > : to one of the HiJackThis Support Forums below and allow the experts
: there
: > : to analyze it for you.:
: > : http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
: > : AumHa HiJackThis Forum
: > : http://forum.aumha.org/viewforum.php?f=30
: > : or Bleeping Computer Forum
: > : http://www.bleepingcomputer.com/forums/forum22.html
: > : to allow the experts there to evaluate your log and advise you of any
: > : necessary steps to clean your system.
: > : (Note: You will have to Register before posting on these Forums.
Please
: > : follow all posting instructions carefully to avoid having your log
: deleted
: > : or ignored.
: > :
: > : Hope this helps
: > :
: > : Jan
: > : Smiles are meant to be shared,
: > : that's why they're so contagious.
: > :
: > : Replies are posted only to the newsgroup for the benefit or other
: readers.
: > : How to make a good newsgroup post:
: > : http://www.dts-l.org/goodpost.htm
: > :
: > :
: > : >I have plenty spyware guards my machine, but I have one rogue bit
which
: > has
: > : > got through and I cant seem to shake off....
: > : >
: > : > BHO 11BE3648-38DF-4A8F-AF543F3C21DF is stored in
: C:\windows\syslp32.dll
: > : > and
: > : > keeps trying to change my settings.
: > : >
: > : > spyware is stopping it from doing so, but keeps popping up Browser
: > : > Protection Alerts every few minutes.
: > : >
: > : > Can someone help me to delete the route cause?
: > : >
: > : > thanks
: > : >
: > :
: > :
: >
: >
:
: