Problem...

Discussion in 'malware problems & news' started by delta08, Jan 22, 2005.

Thread Status:
Not open for further replies.
  1. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    How can I delete this?

    file://c:\DocumentsandSettings\AllUsers\StartMenu\Programs\Startup\msoffice.hta
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi delta08. :)

    Welcome to Wilders.

    U could try deleting it in safe mode.

    Curiously, what infection is being detected?


    snowbound
     
  3. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    THX for the response....i get this message everytime i logon...

    TG!¶’ò?²Ï#ª_þX!Ò*cöëÏ°ãª?ÿÿÿÿ@¾"µÈó\Î*åªDw=†IÁ<Ž¶ëmÐöª_þXc€#meaning less **** i had to put hereÿÿÿhÿÿÿ# crap="

    I had done a hijackthis log originally and deleted files that were changing my ie homepage....that is fine now but this is still showing up....where do i find this file?
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  5. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    tried that no luck.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Just to be sure I'm understanding....you did not find that file in the below location ?

    C:\WINDOWS\Fonts\msoffice.hta

    Also....was your Homepage changed to searchdot.net ?

    You may have to use a Command prompt....since the Fonts folder is a special folder for Windows and it's setup to hide all files in it that are not font files.
     
  7. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    It might be time to use Hijackthis. Unfortunately, Wilders no longer provides hijack cleaning sevices. For more info and help go here,

    https://www.wilderssecurity.com/showthread.php?t=42148

    post back and let us know the results.

    Sorry i couldnt have been of more help.....



    snowbound
     
  8. delta08

    delta08 Registered Member

    Joined:
    Jan 22, 2005
    Posts:
    4
    tried that search,no luck ....it was not switched to that ie....i am sorry i forgot the address it switched to...if this helps these were the files i removed after i ran highjackthis...

    02-BHO:Dompclass-{4c1b116f-2860-46db-8e6c-b4bfc4d6833-D:\windaows\jetblass.dll
    RO-HKCU\software\microsoft\internetexplorer\main,startpage=http://default.home
    RO-HKLM\software\microsoft\internetexplorer\main,startpage=http://default.home

    ~removed hijackthis log - Bubba~
     
    Last edited by a moderator: Jan 23, 2005
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm sorry Delta....but it appears you missed Snowbounds post or mis-read it concerning Hijack this.

    Code:
    [B]said by Snowbound:[/B]
    "[I]It might be time to use Hijackthis. 
    Unfortunately, [U]Wilders no longer provides hijack cleaning sevices[/U].
    For more info and help go here,
    
    [url]http://www.wilderssecurity.com/showthread.php?t=42148[/url][/I]"
    In System Configuration Utilities uncheck the MS-Office.hta Startup
     
Loading...
Thread Status:
Not open for further replies.