Eliminating the dreaded "winantivirus PRO 2006" malware

[Achilles]

Just another user with the problem of eliminating the winantivirus PRO 2006 malware...please help in totally eliminating and removing all remnants!!

 

[fastco]

Follow these instruction carefully.

https://www.techspot.com/vb/topic17297.html

 

[howard_hopkinso]

Hello and welcome to Techspot.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

O2 - BHO: (no name) - {c350525f-ebd6-4d76-bb25-e6812dc8948c} - C:\WINDOWS\system32\lsasReg.dll (file missing)

Fix all 016-DPF entries.

O17 - HKLM\System\CCS\Services\Tcpip\..\{2859F36F-BC0D-40AF-B74D-75EB4861782C}: NameServer = 68.237.161.12 71.250.0.12<Only fix this, if it doesn`t belong to your ISP.

O20 - Winlogon Notify: lsasReg - lsasReg.dll (file missing)

Click on the fix checked button.

Close HJT.

Reboot your system and post a fresh HJT log. Please tell us how your system is running now.

Regards Howard :wave: :wave: