TechSpot

RazeSpyware caught me !!

By jombaby
Nov 22, 2005
  1. Hi All,

    RazeSpyware stolen my desktop. It replaced with a red screen having blinking "Warning" message. Please help me out to solve this problem.

    i am attaching the Hijack log.

    Please help me.
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Welcome to TechSpot, jombaby

    First of all, if you disable web content on desktop, the red screen should be gone. Actually, I don't know why anyone would use web content on the desktop anyhow.

    Right-click on the desktop,
    select Properties,
    Desktop tab,
    Customize Desktop,
    Web tab,
    Delete security (or anything else than "My Current Home Page").


    Your HJT log:

    Unless you use NetWare messaging, delete this:

    F3 - REG:win.ini: load=nwpopup.exe

    If you don't use these toolbars, fix these:

    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\system32\azesearch4.ocx
    O3 - Toolbar: Cool Toolbar - {F8EF36D3-FF02-4771-ADBB-7E4E60521617} - C:\PROGRA~1\COOLTO~1\COOLTO~1.DLL
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

    If you don't use e-Asset, fix these:

    C:\WINNT\Java\lib\e-Asset.exe
    O4 - HKLM\..\Run: [Wipro e-AssetTracker] C:\WINNT\Java\lib\e-Asset.exe
    O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro.com/easset/jassetcab.cab


    These look suspicious to me:

    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
    O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_cracks.cab
     
  3. jombaby

    jombaby TS Rookie Topic Starter

    Thank You

    Thank you Sir.

    When I disabled the webcontent the red screen has gone.
    Thanks a Zillion.
     
  4. poooh

    poooh TS Rookie

    I just have the same situation as 'jombaby', and I performed a online virus scan on the microsoft website, it shows that it is a "trojandownloader.win32".

    Do you know how can i actually delete the raze spyware?

    Thanks!
     
  5. vidall

    vidall TS Rookie

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...