Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this log, registry editor pop up - please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby ihatemalware » September 21st, 2005, 5:33 pm

also, about limewire. i checked out the link you posted, it says that the later versions of limewire are clean. i have the latest version.
ihatemalware
Regular Member
 
Posts: 21
Joined: September 2nd, 2005, 3:55 pm
Advertisement
Register to Remove

Unread postby askey127 » September 21st, 2005, 6:19 pm

Limewire: As I said, that's up to you.
OIN entry needs to be removed. Do not use Add/Remove in Control Panel. There have been some bad results from re-infections, and I think it may already be gone.
----------------------------------------
Run CCleaner, click on tools, click Uninstall, highlight OIN, and click Delete entry.

In Windows Explorer, find C:\Program Files\OIN\ and delete the \OIN\ folder, if it still exists. You may have to remove underlying files before the folder removal is permitted.
If you have a problem deleting it, Reboot into safe mode and try deleting it from there.
Let me know if it has been successful.
----------------------------------------
Please check also and see that the legitimate file netdde.exe DOES exist in its proper folder which is C:\Windows\System32\
It belongs there.

If you tell me the OK, we will proceed to final cleanup.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby ihatemalware » September 21st, 2005, 8:38 pm

OIN folder didnt still exist and netdde does reside in windows32 as well as an identical file in C:\WINDOWS\ServicePackFiles\i386
Also, similar file: NETDDE.EXE - 20198841.pf C:\WINDOWS\Prefetch
ihatemalware
Regular Member
 
Posts: 21
Joined: September 2nd, 2005, 3:55 pm

Unread postby askey127 » September 21st, 2005, 11:23 pm

ihatemalware,
Good job. The system looks good. If it also looks good to you, we will do some cleanup, then some added protections.

Delete all the files in these folders:
C:\Windows\Prefetch\
C:\Documents and Settings\Username\Local Settings\Temp\
<===do for each user, substitute each for Username
Don't delete the folders themselves, just the files in them.
-----------------------------------------------------------
Run CCleaner. Make sure the Cleaner block on the left is selected. Choose the Windows tab. Check everything EXCEPT cookies, and Autocomplete Form History and the Advanced part of the Menu. Choose Run Cleaner. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
-----------------------------------------------------------
Disable WinXP System Restore
Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files. You will also lose all previous restore points which are likely to be infected.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The disable/re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.

Now some Added Protections:
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, clickEnable All Protection.
-----------------------------------------------------------
Install IE-SPYAD Find it here: https://netfiles.uiuc.edu/ehowes/www/resource.htm
IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents any downloads, cookies, or scripts from the sites listed, although you will still be able to connect to them.
A tutorial can be found here : http://www.bleepingcomputer.com/forums/Using_IE_Spyad_to_enhance_your_privacy_and_security-tut53.html
-----------------------------------------------------------
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
This website also contains useful tips, and links to other resources and utilities.
-----------------------------------------------------------
Secure your Internet Explorer
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to - Prompt
- Change the Navigate sub-frames across different domains to - Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Press the Apply button and then the OK to exit the Internet Properties page

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby NonSuch » October 1st, 2005, 3:16 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware