seeking filost removal advice

Status
Not open for further replies.
S

scriblerus

Posts: 10   +0
Hello. This is my first time posting and I'm stuck with a filost 540 problem.

When I open my browser another window sometimes opens redirecting me to a random site. It's a bit annoying and I'm worried it might be harmful somehow.

Anyway, below is a hjt log. Any help would be much much appreciated.

Cheers.
 
Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:
 
Go HERE and run this removal tool.

Then follow the rest of the instructions below.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Isass.exe<Note the spelling. Not to be confused with lsass.exe. This nasty is spelled with an I and not L.

hanguard.exe
BBJ.exe

Close task manager.

Click start/run and type regsvr32 /u C:\WINDOWS\System32\hKeyword.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\AsntDll.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.


Click start/run and type regsvr32 /u C:\WINDOWS\System32\vbsys2.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: Translate Class - {350279C2-C2B0-457B-9A16-1A5DB2EE88AF} - C:\WINDOWS\System32\hKeyword.dll

O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - "C:\Program Files\Ahnlab\V3\V3Bar.dll" (file missing)

O4 - HKCU\..\Run: [hansetup] C:\WINDOWS\System32\hanguard.exe

O4 - HKCU\..\Run: [BHPw3gh0] "C:\WINDOWS\pchealth\BBJ.exe"

Fix all 016-DPF entries.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: asnt3 - C:\WINDOWS\SYSTEM32\AsntDll.dll

O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\System32\vbsys2.dll
C:\WINDOWS\SYSTEM32\AsntDll.dll
C:\WINDOWS\pchealth\BBJ.exe
C:\WINDOWS\System32\hanguard.exe
C:\WINDOWS\System32\hKeyword.dll

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard
 
Hi Howard,

I followed your instructions. There were only two files I couldn't remove:

C:\WINDOWS\SYSTEM32\AsntDll.dll
C:\WINDOWS\pchealth\BBJ.exe

AsntDll.dll was in use or otherwise unable to delete.
BBJ.exe I couldn't find that file.

Here's the new HJT log.

Thanks a bunch for the response.
 
The C:\WINDOWS\pchealth\BBJ.exe file is gone, so nothing to worry about there.

As for C:\WINDOWS\SYSTEM32\AsntDll.dll do the following.

Run HJT and click on the config button, then the misc tools button. Click on the delete file on reboot button and browse to C:\WINDOWS\SYSTEM32\AsntDll.dll.

Click on the AsntDll.dll file and click open. You will be prompted to restart your computer, click yes.

Once your computer has restarted the AsntDll.dll should have been deleted.

Please post a fresh HJT log.

Regards Howard :)
 
Status
Not open for further replies.

Similar threads

Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
Imacreep
I need advice for recovering an external hard drive
Replies
1
Views
2K
DelJo63
D
S
Inactive Malware created Win7 system processes I cannot end or delete
2
Replies
36
Views
5K
Broni
Broni

Latest posts

Back