Virus Removal in XP

[Newsgroup]

Using Adware, I keep ''catching' this virus/trojan whose details are given
below. It does not go away using Norton's AV/Adware/Spybot/CSW. This one
is persistent.

Any idea how to get rid of it|?
------

Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ANONYM~1\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\DOCUME~1\ANONYM~1\LOCALS~1\Temp\sp.html"

Possible browser hijack attempt : Software\Microsoft\Internet
Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\DOCUME~1\ANONYM~1\LOCALS~1\Temp\sp.html"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\DOCUME~1\ANONYM~1\LOCALS~1\Temp\sp.html"
-------

 

[Guest]

Same over here.
My reasoning is, that (at least for the first two, the about:blank) it is
harmless and not really a hijack attempt, but just AdAware's conclusion that
the reference is no longer the default www.msn.com or whatever it is by
default.
So just forget about them.
The other ones I don't really know. Did you have some sort of toolbar
installed (Yahoo, Google, or the like?)
Might be the source of this trigger.

 

[Newsgroup]

I did have a toolbar.. AltaVista; but I uninstalled it sometime back. Could
be the trigger..., then how ( and can) I clean the system of the remains of
AltaVista. I thought they would have been much more 'above board' with this
sort of spyware etc..

Same over here.
My reasoning is, that (at least for the first two, the about:blank) it is
harmless and not really a hijack attempt, but just AdAware's conclusion that
the reference is no longer the default www.msn.com or whatever it is by
default.
So just forget about them.
The other ones I don't really know. Did you have some sort of toolbar
installed (Yahoo, Google, or the like?)
Might be the source of this trigger.

 

[Guest]

Well, I have no experience with AltaVista toolbar, but what I would do in
such a case are various things
I'd use regedit and search for any possible reference to AltaVista (or
anything that you still know is associated with it), export the
corresponding keys from the registry (File, export) and then delete it from
the registry.
Another thing I would do is fire up something like Registry Cleaner
http://www.worldstart.com/weekly-download/archives/reg-cleaner4.3.htm (I
often use this one) just to *see* if there is anything still in the registry
that rings a bell and then possibly delete it from there.
In most of the cases this type of approach brings me back to where I wanted
to be and gives me several handles to clean up my system.
That's about all the possibilities I can suggest for the time being, without
actually looking *into* your machine.

hth

I did have a toolbar.. AltaVista; but I uninstalled it sometime back. Could
be the trigger..., then how ( and can) I clean the system of the remains of
AltaVista. I thought they would have been much more 'above board' with this
sort of spyware etc..

 

[Guest]

Try this link for Hijack this,

HijackThis http://www.majorgeeks.com/download.php?det=3155