TechSpot

Another problem: fake security icon?

By sajth
Jul 8, 2007
Topic Status:
Not open for further replies.
  1. Once again i've encountered another problem with this computer. There used to be a fake security shield icon on my bottom right tray before i followed the removal steps. There were also random pop ups to download software. I've attached the required logs. Also, there is this toolbar on IE thats labelled Security Toolbar 7.1, which i cant seem to remove. Your help is greatly appreciated, once again.
  2. momok

    momok TS Rookie Posts: 2,272

    Hi,

    You are running an outdated version of HijackThis.
    You can obtain the latest version from the link in my signature.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Go to start > run and type msconfig. Press the enter key.
      Search for the following services and disable them by unchecking the box beside their names.

      user32.dll
      rare


      Press OK but do not restart your system yet.

    2. Go to start > Control Panel > Add and Remove Programs.
      Remove anything related to the following:

      Video ActiveX Access

    3. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
      O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
      O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
      O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
      O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll

      Close HJT.

    4. Navigate in Windows Explorer and delete the following files and folders in bold.

      C:\WINDOWS\system32\myqlejy.dll
      C:\Program Files\video activex access

    5. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of sajth only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. BlackScarlet

    BlackScarlet TS Enthusiast Posts: 114

    You may consider using ToolbarCop to remove sticky toolbars.
    http://www.scancomplete.com/download/toolbar-cop-3.3/


    Also, when you scan, be sure to restart your pc in safe mode first. Make sure you disconnect your internet while you do this, because some malware can contact its server to say 'hey, im being deleted, replace me'.
    The reason why you want to go into safe mode is because in normal startup certain malware cannot be removed because they are constantly 'in use' by some unknown source. In safe mode the system is loaded with minimal drivers and no startup programs, etc, which almost guarantees the file will not be in use.

    Files in quarantine are safe and cannot harm your computer.
    Also, don't be afraid to try and manually delete malware if your scanner is having a hard time with it, to see firsthand what error messages you might get, which give a very good indication of why it can't be deleted, at that time. If your scanner gives you the exact file and path, to the system file or registry key, then you needn't worry about ****ing anything up by deleting something you shouldnt have, because you will only be deleting that malware file or folder.

    Let me know how that goes.
    =)



    ~BlackScarletLove~
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.