JRAUN

Discussion in 'adware, spyware & hijack cleaning' started by myles5, Mar 29, 2004.

Thread Status:
Not open for further replies.
  1. myles5

    myles5 Registered Member

    Joined:
    Dec 17, 2003
    Posts:
    4
    How do I get rid of this stupid thingo_Oo_O
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    But there is some more to do.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O4 - HKLM\..\Run: [version] C:\WINNT\system32\version.exe

    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [emsw.exe] C:\WINNT\emsw.exe
    O4 - HKLM\..\Run: [WinEssential] C:\WINNT\system32\Keyhost.exe
    O4 - HKLM\..\Run: [bowsdumb] C:\PROGRA~1\FOURBL~1\driveremote.exe

    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\mbowma\HXIUL.EXE
    O4 - HKCU\..\Run: [emsw.exe] C:\WINNT\emsw.exe
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\mbowma\Client\HelpExp.exe

    O4 - Startup: PowerReg Scheduler V3.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.82.221.103/271a4d971cd6a903f406/netzip/RdxIE.cab
    O16 - DPF: {37775067-8350-11D4-A7DA-00C04F14FB69} (PVCS Tracker I-Net Client for MSIE) - http://pvcssql/trackdoc/trkpm660ie.cab

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/23cc0bc195d4b81bc819/netzip/RdxIE601.cab

    Then reboot and delete:
    C:\Program Files\AutoUpdate <= entire folder
    C:\WINNT\emsw.exe
    C:\Program Files\Alset\HelpExpress <= entire folder

    Then follow the instructions in the previous post from here:
    Regards,

    Pieter
     
  3. myles5

    myles5 Registered Member

    Joined:
    Dec 17, 2003
    Posts:
    4
    Looks like that did the trick.
    Thanks Guys !!!!!!!

    BTW is there any settings I can change to keep this from happening again?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.