JRAUN

Discussion in 'adware, spyware & hijack cleaning' started by myles5, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. myles5

    myles5 Registered Member

    Joined:
    Dec 17, 2003
    Posts:
    4
    How do I get rid of this stupid thingo_Oo_O
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    But there is some more to do.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [version] C:\WINNT\system32\version.exe

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [emsw.exe] C:\WINNT\emsw.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINNT\system32\Keyhost.exe
    O4 - HKLM\..\Run: [bowsdumb] C:\PROGRA~1\FOURBL~1\driveremote.exe

    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\mbowma\HXIUL.EXE
    O4 - HKCU\..\Run: [emsw.exe] C:\WINNT\emsw.exe
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\mbowma\Client\HelpExp.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/271a4d971cd6a903f406/netzip/RdxIE.cab
    O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://pvcssql/trackdoc/trkpm660ie.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23cc0bc195d4b81bc819/netzip/RdxIE601.cab

    Then reboot and delete:
    C:\Program Files\AutoUpdate <= entire folder
    C:\WINNT\emsw.exe
    C:\Program Files\Alset\HelpExpress <= entire folder

    Then follow the instructions in the previous post from here:
    Regards,

    Pieter
     
  3. myles5

    myles5 Registered Member

    Joined:
    Dec 17, 2003
    Posts:
    4
    Looks like that did the trick.
    Thanks Guys !!!!!!!

    BTW is there any settings I can change to keep this from happening again?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
Thread Status:
Not open for further replies.