TechSpot

Eliminating the dreaded "winantivirus PRO 2006" malware

By Achilles
Jul 2, 2006
  1. Just another user with the problem of eliminating the winantivirus PRO 2006 malware...please help in totally eliminating and removing all remnants!!
     

    Attached Files:

  2. fastco

    fastco TS Booster Posts: 1,122

  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/

    R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    O2 - BHO: (no name) - {c350525f-ebd6-4d76-bb25-e6812dc8948c} - C:\WINDOWS\system32\lsasReg.dll (file missing)

    Fix all 016-DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2859F36F-BC0D-40AF-B74D-75EB4861782C}: NameServer = 68.237.161.12 71.250.0.12<Only fix this, if it doesn`t belong to your ISP.

    O20 - Winlogon Notify: lsasReg - lsasReg.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot your system and post a fresh HJT log. Please tell us how your system is running now.

    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...