Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hkey_users Infected


  • Please log in to reply
1 reply to this topic

#1 breakxeggs

breakxeggs

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 February 2006 - 04:12 PM

On the 16th of this month my computer contracted somewere between 5 to 10 trojan horses all at once. I have fixed/healed or deleted all the files infected but two files remain and popups are still popping up.

the two files that show up in Spybot - Search & Destroy are as follows::
Settings
HKEY_USERS\S-1-5-18\Software\XBTB07618

Settings
HKEY_USERS\.DEFAULT\Software\XBTB07618


(both files have been written exactly as Spybot - Search & Destroy listed them with the word Settings printed above both files)

I believe these to be in my Bootup files because I could not heal/delete them even in Safemode.

I also don't have the boot-up disks for Windows XP Media Center Edition and can't reformate my computer.

The spyware/malware/greywar/adware/whatever it is thats infecting these files is called Max Search
Thank you for all your help

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:33 AM

Posted 18 February 2006 - 08:02 AM

I've heard that Ewido does a pretty good job of deleting MaxSearch:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
  • Install background guard
  • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
    ewido manual updates
Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

Once the you are in safe mode do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot to normal mode and post the ewido log at the end! :thumbsup:
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users