|
Posted by Byron Hynes [MS] on March 11, 2006, 2:45 am
If you were Registered and logged in, you could reply and use other advanced thread options
then, I'd say it's time to "flatten" the system disk and rebuild it by
reinstalling
the OS from scratch. Don't restore anything from backup except data/documents
and only AFTER you've scanned those files using a new clean system.
What I have done on occassion for clients is to put in a new hard drive,
and put the current hard drive in a USB enclosure, so that the files could
be accessed... but be very careful not to re-infect.
Byron Hynes
Windows Server
Microsoft Corporation
http://spaces.msn.com/members/byronphynes
> Thanks Dave,
>
> I have already used Ad-Aware, AVG, Microsoft's MalwareRemove,
> Microsoft's Defender, Hijackthis, BFU, and I may have tried some other
> tools.
>
> Adware NaviPromo keeps comming up, with popups and is apparently a
> datalogger of some sort. msclock32.dll in %sysroot%/system32 can be
> deleted
> from safemode but keeps comming back. Hijackthis shows msclock32.dll
> even
> after deleted, so there is another copy somewhere. Where?? I don't
> know yet.
> Also in surfing the net I found some information about something
> called a
> "rootkit" which hackers can use to hide files. msclock32.dll seems to
> be
> only visible from safemode command prompt. I deleted it, and created
> a text file with 0 length, and renamed it to msclock32.dll and the
> msclock32.dll came back.
>
> Thanks for the lead on Multi_Av and the Step by Step site. I'll check
> it out.
>
> Know what the "rootkit" is and does??? I would be interested.
>
> Thanks,
> --max
> "David H. Lipman" wrote:
>
>>
>> | Where is a good place to get information on how to remove
>> Adware-NaviPromo, | msclock32.dll, and other spyware? What is
>> "rootkit"???
>>
>> For non-viral malware...
>>
>> Please download, install and update the following software...
>>
>> * Ad-aware SE v1.06
>> http://www.lavasoft.de/
>> http://www.lavasoftusa.com/
>> http://www.lavasoft.de/ms/index.htm
>> * SpyBot Search and Destroy v1.4
>> http://security.kolla.de/
>> http://www.safer-networking.org/microsoft.en.html
>> After the software is updated, I suggest scanning the system in Safe
>> Mode.
>>
>> I also suggest downloading, installing and updating BHODemon for any
>> Browser Helper Objects that may be on the PC.
>>
>> * BHODemon
>>
>> http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a875
>> 39eea8ed6904332b4b8b8442d
>>
>> For viral malware...
>>
>> * Download MULTI_AV.EXE from the URL --
>> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>> To use this utility, perform the following...
>> Execute; Multi_AV.exe { Note: You must use the default folder
>> C:\AV-CLS }
>> Choose; Unzip
>> Choose; Close
>> Execute; C:\AV-CLS\StartMenu.BAT
>> { or Double-click on 'Start Menu' in C:\AV-CLS }
>> NOTE: You may have to disable your software FireWall or allow
>> WGET.EXE to go through your FireWall to allow it to download the
>> needed AV vendor related files.
>>
>> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
>> C:\AV-CLS}
>> This will bring up the initial menu of choices and should be executed
>> in Normal Mode.
>> This way all the components can be downloaded from each AV vendor's
>> web site.
>> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
>> Reboot the PC.
>> You can choose to go to each menu item and just download the needed
>> files or you can download the files and perform a scan in Normal
>> Mode. Once you have downloaded the files needed for each scanner you
>> want to use, you should reboot the PC into Safe Mode [F8 key during
>> boot] and re-run the menu again and choose which scanner you want to
>> run in Safe Mode. It is suggested to run the scanners in both Safe
>> Mode and Normal Mode.
>>
>> When the menu is displayed hitting 'H' or 'h' will bring up a more
>> comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm
>>
>> Additional Instructions:
>> http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.h
>> tm#Step_3_%96_Getting_Help
>> * * * Please report back your results * * *
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> http://www.ik-cs.com/got-a-virus.htm
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map