HPE Community
Operating System - Microsoft
1751840 Members
5232 Online
108782 Solutions
New Discussion юеВ

Re: spybot warning

 
SOLVED
Go to solution
Joe van Raamt
Super Advisor

тАО05-27-2005 02:14 PM

тАО05-27-2005 02:14 PM

Re: spybot warning

did the st./Se./all files and the three options. It found the file and i did delete it from there.
Then I started in safe mode and did the HJT scan (could find no reference to the trojan).
Then I run Norton again and the trojan was still there. For some reason Norton can not delete the virus, It says could not repair, computer is still infected.
See pic of add ons, i could not find it in Netscape.
Should I download the program you mentioned below?
http://www.superadblocker.com/I/IPREG32.DLL-2157.html
c'est la guerre
0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 02:15 PM

тАО05-27-2005 02:15 PM

Re: spybot warning

Latest HJT log file
c'est la guerre
0 Kudos
Reply
Joe van Raamt
Super Advisor

тАО05-27-2005 02:37 PM

тАО05-27-2005 02:37 PM

Re: spybot warning

BTW, Micro's virus scanner did not detect a virus.
c'est la guerre
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 03:53 PM

тАО05-27-2005 03:53 PM

Re: spybot warning

I don't know anything about the Super Ad Blocker program. It's a free trial and may be of help, but "Not responsible....." since I have no knowledge pro or con regarding ad blocker.

I'm just now looking at the Hijack File, so that may take a few moments and it's almost 11:00p.m. I may not get back to you until tomorrow.

Ron Kinner's the "Old Pro" at reading Hijack files.

Pat
0 Kudos
Reply
Pat
Honored Contributor

тАО05-27-2005 04:24 PM

тАО05-27-2005 04:24 PM

Re: spybot warning

The hijack log looked good. This one has been recommended removed on other forums

http://www.daniweb.com/techtalkforums/thread5425.html

but I understand it comes with RealPlayer and downloads patches/updates. It's been described as Malware.

DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/31c65bb9aec318606800/netzip/RdxIE601.cab


Did you look for the Registry Values to Delete the Trojan?

Click Start > Run.
Type regedit
Click OK.


Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"loader32 " = "%AppData%\SysDown\sys[5 random numbers].exe"


Navigate to and delete the following registry subkeys:

HKEY_CLASS_ROOT\CLSID\{031B6D43-CBC4-46A5-8E46-CF8B407C1A33}
HKEY_CLASS_ROOT\TypeLib\{4A31E565-08CB-4272-8817-7BF729B6A96F}
HKEY_CLASS_ROOT\Interface\{CC1725CD-1EFA-4D88-8987-5EBF66347856}
HKEY_CLASS_ROOT\DownCom.CDownCom.1
HKEY_CLASS_ROOT\DownCom.CDownCom


Exit the Registry Editor.


When Norton continued to Scan a virus on my unit, I located the file in Quarantine and deleted. Once I'd dont that, it did not show up in scans. Other scanners had not detected it at all. You might start a search for the Norton Files and see if you can locate and delete it there.

Pat



Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.