www.free-virusscan.com

Donbabalu

unread,

Jun 27, 2008, 8:54:06 PM6/27/08

to

I believe I got infected with a trojan virus that is re-directing my Internet
Explorer browser to www.free-virusscan.com.
(www.free-virusscan.com/id/492933/4/1/). I also get a message indicating
that my Microsoft programs may have been corrupted and wont let me access any
program folders. I am, however, allowed to access my Microsoft Word files.
I have conducted the Live One Care scans twice. However, I receive a message
indicating that there are no viruses or spyware on my computer.

Any help?

David H. Lipman

unread,

Jun 27, 2008, 11:08:34 PM6/27/08

to

From: "Donbabalu" <Donb...@discussions.microsoft.com>

| Any help?

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...

{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Majestick

unread,

Jun 30, 2008, 1:58:58 PM6/30/08

to

On Jun 27, 7:08 pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Donbabalu" <Donbab...@discussions.microsoft.com>

>
> | I believe I got infected with a trojan virus that is re-directing my Internet
> | Explorer browser towww.free-virusscan.com.
> | (www.free-virusscan.com/id/492933/4/1/). I also get a message indicating
> | that my Microsoft programs may have been corrupted and wont let me access any
> | program folders. I am, however, allowed to access my Microsoft Word files.
> | I have conducted the Live One Care scans twice. However, I receive a message
> | indicating that there are no viruses or spyware on my computer.
>
> | Any help?
>

> 1. Download and execute HiJack This! (HJT)http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

>
> 2. Disable Notepad's word wrap:
> In Notepad.exe; Format --> uncheck; "Word wrap"
>
> 3. Download/run Deckard's System Scanner:http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
> expert forums...
>
> { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }
>
> Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
> Logs.
>
> NOTE: Registration is REQUIRED in any of the below before posting a log
>
> Suggested primary:http://www.thespykiller.co.uk/index.php?board=3.0
>
> Suggested secondary:http://www.bleepingcomputer.com/forums/forum22.htmlhttp://castlecops.com/forum67.htmlhttp://www.malwarebytes.org/forums/index.php?showforum=7
>

this makes no sense. why would posting a scan results on a forum
remove malware from my systems HD and registry? It seems kinda bogus
to me.

Kayman

unread,

Jun 30, 2008, 2:11:06 PM6/30/08

to

Than Google and educate yourself.

> why would posting a scan results on a forum remove malware
> from my systems HD and registry?

The friendly and knowledgable person(s) of the fora will after, careful
examination of the scan result, advice an appropriate course of action.

> It seems kinda bogus to me.

Google is your friend.

David H. Lipman

unread,

Jun 30, 2008, 8:50:39 PM6/30/08

to

From: "Majestick" <xuld...@gmail.com>

< snip >

| this makes no sense. why would posting a scan results on a forum
| remove malware from my systems HD and registry? It seems kinda bogus
| to me.

HJT and Deckard's utility create log files of startup loactions where malware use to load
themselves.

The forums I posted have personnel who are trained at a malware university of sorts. They
are trained on how to interpret the logs and how suggest a set of tools that can be used
by the infected poster where the tools can remove the malware.

Additionally, they may have the infected user post the malware files to the forums where
the forum administrator(s) can then provide the malware files to the various anti malware
companies such that they can be identified and the files can then be used to generate anti
amlware signatures.

This system is far from bogus and all the expert forums I suggested are trusted and
vetted.

Wooter

unread,

Jul 5, 2008, 7:59:01 AM7/5/08

to

I had this problem merely but minutes ago, but it was fixed really easiely.
All you have to do is run a file called "FixIEDef".
you can find more info here;
http://blog.codesignstudios.com/how-to-fix-the-attention-some-dangerous-trojan-horses-detected-virus

Hand@discussions.microsoft.com Helping Hand

unread,

Jul 17, 2008, 5:25:00 AM7/17/08

to

Do the following steps, will help u.

delete these files
C:\Documents and Settings\Pune.Admin\Application
Data\Sun\Java\Deployment\cache\javapi\*.*
C:\WINDOWS\system32\intefltr.dll
C:\WINDOWS\system32\systems.txt

& remove these entries
HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind "comment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.Bho
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BhoNew.Bho.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AD3A71E-8ED4-40F5-9A81-69245BDCBB75}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4937D5D1-2039-409A-BD83-FEC9B39B2356}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAF9D798-C659-4B9B-8E19-EE27C3D04EE7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AD3A71E-8ED4-40F5-9A81-69245BDCBB75}

Martín Schonaker

unread,

Aug 5, 2008, 8:21:25 PM8/5/08

to

On 5 jul, 04:59, Wooter <Woo...@discussions.microsoft.com> wrote:
> I had this problem merely but minutes ago, but it was fixed really easiely.
> All you have to do is run a file called "FixIEDef".

> you can find more info here;http://blog.codesignstudios.com/how-to-fix-the-attention-some-dangero...

This worked for me after trying almost every free antispyware tool.
Thanks, Wooter!

Martin.