 |  |  |  |  |  |  |  |
New Poly Win32
 |
I have followed Swatkat's instructions. Attached is the HijackThis log file from tonight's run.
Thanks,
Jim
Thanks,
Jim
Hi,
Download CWShredder.
Download SpSeHjFix.zip. Save it to the Desktop, and then right-click in a blank area of Desktop, select "New Folder", and name it spfix, unzip the file into that folder.
Download CleanUp and install it.
Run SpSeHjfix, click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
Note:- If it doesn't find any of the SE files or any hidden reinstallers, it will say System clean and not go on to next stage.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options.
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run CWShredder and click "Fix->".
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B7AB7AD2-46BB-CA24-9B31-457CF005AB51} - C:\WINNT\system32\apihb.dll
O4 - HKLM\..\Run: [FE.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKLM\..\Run: [FE.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKCU\..\Run: [Unbc] C:\Program Files\rewu\hcup.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTick...cab?refid=4897
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Exit from HijackThis. Delete this file:-
C:\winstall.exe
and delete this folder:-
C:\Program Files\rewu
Run CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.
Reboot to Normal Mode. Perform an online virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Panda ActiveScan log.
Download CWShredder.
Download SpSeHjFix.zip. Save it to the Desktop, and then right-click in a blank area of Desktop, select "New Folder", and name it spfix, unzip the file into that folder.
Download CleanUp and install it.
Run SpSeHjfix, click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
Note:- If it doesn't find any of the SE files or any hidden reinstallers, it will say System clean and not go on to next stage.
Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options.
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Run CWShredder and click "Fix->".
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\afoxa.dll/sp.html#93256
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B7AB7AD2-46BB-CA24-9B31-457CF005AB51} - C:\WINNT\system32\apihb.dll
O4 - HKLM\..\Run: [FE.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKLM\..\Run: [FE.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FE.tmp.exe
O4 - HKCU\..\Run: [Unbc] C:\Program Files\rewu\hcup.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTick...cab?refid=4897
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Exit from HijackThis. Delete this file:-
C:\winstall.exe
and delete this folder:-
C:\Program Files\rewu
Run CleanUp! and click "Options.." button. Here move the "Quick Setup" slider to "Thorough Cleanup" position. Uncheck the option "Delete Favorites Palces/Bookmarks", if you have any bookmarks. Click "OK" to return to main window, and click "CleanUp!" to start cleaning. After it completes, click "Close" and click "No" to avoid logging off.
Reboot to Normal Mode. Perform an online virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Panda ActiveScan log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
Hi,
Thanks for the reply and the directions. It appears to have worked.
Attached are the log files as requested.
I appreciate your help!
Jim
Thanks for the reply and the directions. It appears to have worked.
Attached are the log files as requested.
I appreciate your help!
Jim
Hi,
Log looks clean
But, there are two files to delete. You have to enable the option to show hidden files and folders to delete these files.
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Then, delete these files:-
C:\WINNT\DOWNLOADED PROGRAM FILES\MediaTicketsInstaller.ocx
C:\WINNT\system32\afoxa.dll
Do you get any warnings/alert about "New Poly win32" ?
Log looks clean
But, there are two files to delete. You have to enable the option to show hidden files and folders to delete these files. Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.
Then, delete these files:-
C:\WINNT\DOWNLOADED PROGRAM FILES\MediaTicketsInstaller.ocx
C:\WINNT\system32\afoxa.dll
Do you get any warnings/alert about "New Poly win32" ?
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
|
Similar Threads
- I have the New poly win32 virus, please help! (Viruses, Spyware and other Nasties)
- New Poly Win32 (Viruses, Spyware and other Nasties)
- New Poly Win32? HJT Logfile posted (Viruses, Spyware and other Nasties)
- New Poly Win32 from McAfee (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Unable To Reinstall Norton Internet Security
- Next Thread: webcam malfunction...is this foul play?`
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween herss.exe hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel patch phishing police policeprovirusmba-mblockedinternetaccess privacy pro problem redirect redirecting reliability report research risk samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
