Problem...

Discussion in 'malware problems & news' started by delta08, Jan 22, 2005.

Thread Status:
Not open for further replies.
  1. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    How can I delete this?

    file://c:\DocumentsandSettings\AllUsers\StartMenu\Programs\Startup\msoffice.hta
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi delta08. :)

    Welcome to Wilders.

    U could try deleting it in safe mode.

    Curiously, what infection is being detected?


    snowbound
     
  3. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    THX for the response....i get this message everytime i logon...

    TG!¶’ò?²Ï#ª_þX!Ò*cöëÏ°ãª?ÿÿÿÿ@¾"µÈó\Î*åªDw=†IÁ<Ž¶ëmÐöª_þXc€#meaning less **** i had to put hereÿÿÿhÿÿÿ# crap="

    I had done a hijackthis log originally and deleted files that were changing my ie homepage....that is fine now but this is still showing up....where do i find this file?
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  5. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    tried that no luck.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Just to be sure I'm understanding....you did not find that file in the below location ?

    C:\WINDOWS\Fonts\msoffice.hta

    Also....was your Homepage changed to searchdot.net ?

    You may have to use a Command prompt....since the Fonts folder is a special folder for Windows and it's setup to hide all files in it that are not font files.
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    It might be time to use Hijackthis. Unfortunately, Wilders no longer provides hijack cleaning sevices. For more info and help go here,

    https://www.wilderssecurity.com/showthread.php?t=42148

    post back and let us know the results.

    Sorry i couldnt have been of more help.....



    snowbound
     
  8. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    tried that search,no luck ....it was not switched to that ie....i am sorry i forgot the address it switched to...if this helps these were the files i removed after i ran highjackthis...

    02-BHO:Dompclass-{4c1b116f-2860-46db-8e6c-b4bfc4d6833-D:\windaows\jetblass.dll
    RO-HKCU\software\microsoft\internetexplorer\main,startpage=http://default.home
    RO-HKLM\software\microsoft\internetexplorer\main,startpage=http://default.home

    ~removed hijackthis log - Bubba~
     
    Last edited by a moderator: Jan 23, 2005
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm sorry Delta....but it appears you missed Snowbounds post or mis-read it concerning Hijack this.

    Code:
    [B]said by Snowbound:[/B]
    "[I]It might be time to use Hijackthis. 
    Unfortunately, [U]Wilders no longer provides hijack cleaning sevices[/U].
    For more info and help go here,
    
    [url]http://www.wilderssecurity.com/showthread.php?t=42148[/url][/I]"
    In System Configuration Utilities uncheck the MS-Office.hta Startup
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.