TechSpot

Probassfishing-dm.exe cannot be removed

By herringt
Jul 5, 2005
  1. I've tried deleting this in safemode and it still says there is a process running it. My hijack log is attached.
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. herringt

    herringt TS Rookie Topic Starter

    This is not what I have or it's under a different name because I can't find this process or registry keys anywhere
     
  4. IronDuke

    IronDuke TS Rookie Posts: 856

    Give Trend a chance to find it for you.
     
  5. herringt

    herringt TS Rookie Topic Starter

    Can't get trend to work for me
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Let's try it the 'hard' way:

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    LTMSG.exe
    msnmsgr.exe
    run.exe
    updmgr.exe
    wupdater.exe
    sysupd.exe
    tpjhcc.exe

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common files\updmgr\updmgr.exe
    C:\Program Files\Common files\updater\wupdater.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    run.exe (could be there twice!)
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - blank (file missing)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
    O4 - HKLM\..\Run: [LSA] run.exe
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot <<== only FIX
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [aosdmnki] C:\WINDOWS\System32\tpjhcc.exe
    O4 - HKLM\..\RunServices: [LSA] run.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LSA] run.exe
    O4 - HKCU\..\Run: [PRIVANAL] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunServices: [LSA] run.exe
    O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?

    Fix ALL those O16 - DPF: entries
    Unless thes IPs are from your ISP, fix this O17:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D664147A-525D-4605-B6D4-2A4EC3575F0B}: NameServer = 216.166.216.20,64.40.72.21
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.

    ONLY after you have done the above, to delete that fish-program,
    try DrDelete from http://www.dslreports.com/forum/rem...sware~mode=flat

    or KillBox from http://www.bleepingcomputer.com/files/killbox.php
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...