I'm desperate -- PLEASE HELP

Here is how I would approach this problem. Some of these steps might be done already and you can ignore them, but order of removal matters. Deleting registry keys while a process is still running is pointless.

1. Backup registry / create restore point.

2. Download a registry tool such as Regseeker. Don't use it yet. Just get it and install it. (http://www.snapfiles.com/get/regseeker.html)

3. Use a Firewall, preferably with application control. If you don't use one download the free ZoneAlarm version. Pests like this love to phone home when you try to uninstall them so they can reload. When you are done, a firewall such as ZA will alert you if you haven't cleaned everything because it will tell you if any of those listed processes are trying to communicate.

4. Once you have downloaded the necessary tools, disconnect from the Internet. Don't attempt removal with a live connection.

5. Go to Control Panel, Internet Options, Security, Custom (in XP, could be different if other windows) and make sure that any software installation requires -- at minimum -- for you to be prompted. Disable any unsigned certificates. If you aren't sure, select prompt, you can relax these settings later. Always require a prompt for software installation if unsigned. The point here is to make it tight, but not annoying.

6. Reboot into safe mode [F8 generally] and search for and delete the .vxd file (virtual device driver), exe's, dll's, and then the other stuff on the list here: https://www.wilderssecurity.com/showpost.php?p=360792&postcount=13.

7. Now return to Regseeker. Check the box "backup before deletion." Don't use the "clean the registry" function that is not specific. Just type in or paste in the keywords and search. Delete matches on the list and repeat searches until until there are no entries found.

8. Still in Regseeker, check the "Startup Entries" and delete anything suspicious, refer to your list, or google if unsure.

9. Reboot, look for any suspicious running processes using task manager or equivalent.

10. Repeat your search for files, startup entries and registry keys.


That should do it. Keep us informed of how it works, we can learn from it.

 

Do you have a folder: "c:\program files\winupdates\"


I am seeing some sites that suggest that you have to opt-in in order to install this program, and that removal might be as simple as deleting that folder.

 

No Winupdates, only Program files\Windows update

 

I have to say Gab, your problem sure has brought out the thinking caps of wilders. We'll keep trying

 

Hi Gab, if you want you can post a hijackthis log here:

http://spyblocker-software.com/IPB/index.php?showforum=20

read the sticky, follow the steps and post your log, then I will clean it this evening.

Opt.

 

Thanks. I am getting to the point of a complete re-install of Windows. But I am so grateful for the help you're trying to give me. I installed Zone ALarm, and now the internal microphone is not working. Everything I do causes another problem. I know about firewalls and MSN, but this is the mike itself not working (not muted). When I plug in an external mike I get very poor sound, much, much worse than usual. One other thing:

I found in my Start menu a thing called Web Search which just appeared by itself. I clicked on it, since Zone Alarm is active. It tokk me to a list of casinos. I have deleted it.

Gab

 

I'll do that now. Thanks

Gab

 

I have posted the log as a new topic under Hijack This and Start Up Lists. Hope that's right.

Gab

 

If you need my email address, it's:

Removed email address to prevent harvesting ` Blackspear

 

yes, your question is answered


don't think it is a good Idea to post your email, remove it as soon as possible though just to avoid spammers and stuff.

cheers.

 

Sorry! I'm learning not to trust anything, but it's taking a while.

 

I have followed Infinity's detailed instructions after he or she cleaned my Registry. At the moment, IE6 is working, in the sense that I am no longer being redirected to porn and gambling sites. I'm too much of a pessimists to believe that it's all nice and fixed, and I can't give it a good test till tomorroiw since I have to be away fo rmost of today. In the meantime, can I repeat how grateful I am to you all? This sort of help proivided with no thought of persoanl reward restores one's faith in human nature.

Gab

 

Glad to hear these folks have restored some of your faith in human nature ;-) - we do have some good folks hanging about Wilders, if I do say so myself (and I do). Should any more problems arise be sure to update us on the condition. Even if things are clean, it might be wise to check out more preventative measures.

 

you are very welcome Gab, drop me a line when you think something is wrong sometimes malware changes names and paths so that is one of the reasons people get reinfected, they wait to long for cleaning it and stuff.

have a nice day

 

Well, it all seems to be working fine. A bit slower than usual but I think that's Zone Alarm which I didn't have before.

Is there anything I can do for you guys in return for your freely given time and expertise? I'd be only too glad. I can translate in and out of French (I used to be an interpreter at the British Central Office of Information (Foreign Office), and I know quite a lot about the video and computer games industry which is my main area of research these days.

Gab

 

Now that your system is clean, you may want to take a look HERE. As well there are discussions HERE and even more HERE.

Hope this helps...

Cheers