also @ TechSpot: More evidence of a 7-inch Asus / Google co-developed tablet surfaces

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

RazeSpyware caught me !!

Discussion in 'Virus and Malware Removal' started by jombaby, Nov 22, 2005.

Thread Status:
Not open for further replies.

  1. jombaby Newcomer, in training

    Hi All,

    RazeSpyware stolen my desktop. It replaced with a red screen having blinking "Warning" message. Please help me out to solve this problem.

    i am attaching the Hijack log.

    Please help me.
    jombaby, Nov 22, 2005
    #1

  2. Mictlantecuhtli TS Special Forces

    Welcome to TechSpot, jombaby

    First of all, if you disable web content on desktop, the red screen should be gone. Actually, I don't know why anyone would use web content on the desktop anyhow.

    Right-click on the desktop,
    select Properties,
    Desktop tab,
    Customize Desktop,
    Web tab,
    Delete security (or anything else than "My Current Home Page").


    Your HJT log:

    Unless you use NetWare messaging, delete this:

    F3 - REG:win.ini: load=nwpopup.exe

    If you don't use these toolbars, fix these:

    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
    O3 - Toolbar: Cool Toolbar - {F8EF36D3-FF02-4771-ADBB-7E4E60521617} - C:\PROGRA~1\COOLTO~1\COOLTO~1.DLL
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

    If you don't use e-Asset, fix these:

    C:\WINNT\Java\lib\e-Asset.exe
    O4 - HKLM\..\Run: [Wipro e-AssetTracker] C:\WINNT\Java\lib\e-Asset.exe
    O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro.com/easset/jassetcab.cab


    These look suspicious to me:

    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
    Mictlantecuhtli, Nov 22, 2005
    #2

  3. jombaby Newcomer, in training

    Thank You

    Thank you Sir.

    When I disabled the webcontent the red screen has gone.
    Thanks a Zillion.
    jombaby, Nov 23, 2005
    #3

  4. poooh Newcomer, in training

    I just have the same situation as 'jombaby', and I performed a online virus scan on the microsoft website, it shows that it is a "trojandownloader.win32".

    Do you know how can i actually delete the raze spyware?

    Thanks!
    poooh, Nov 23, 2005
    #4

  5. vidall Newcomer, in training

    vidall, Nov 23, 2005
    #5
Thread Status:
Not open for further replies.