Download And Install
1.) Spybot search and destroy
2.)Avast! Antivirus
3.) Comodo registry Cleaner. -> Delete the 3PMmUpdate entry from the startup..
Fix your HOST file.,Download this http://www.funkytoad.com/download/hoster.zip
Another way to remove the Trojan is ->>
Make Sure Internet Explorer is NOT open when trying this)
Launch HijackThis, click the 'Open'Misc Tools'Section -> 'Open hosts file manager'. Delete every line (select each line and click 'Delete line(s)') except the very first top lines beginning with # and: 127.0.0.1 localhost
Once finished, click the 'Open in Notepad' button. It should look like this:
QUOTE
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
After the above:
Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\940477L.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
Close ALL windows and browsers except HijackThis and click "Fix checked"
Delete these Files if listed:
C:\WINDOWS\940477L.exe
Reboot
------------------------------------------End of File-----------------------------------------
Worms / Viruses
Date
Title
10/09/2008
Win32/Lolyda Family
Aliases: Infostealer.Lineage (Symantec), PWS:Win32/Lolyda (MS OneCare), Trojan-GameThief.Win32.OnLineGames (Kaspersky)
10/09/2008
Win32/Lolyda.BZ
Aliases: PWS:Win32/Lolyda.K (MS OneCare), Infostealer.Onlinegame (Symantec), Trojan-GameThief.Win32.OnLineGames.thlh (Kaspersky)
10/09/2008
Packed.Generic.190
Aliases: none known
10/09/2008
Packed.Generic.189
Aliases: none known
10/08/2008
Trojan.Hexzone
Aliases: none known
10/07/2008
not-a-virus:NetTool.Win32.Transmit.a
Aliases: SPR/Transmit.A
10/07/2008
Trojan-Downloader.JS.Agent.bxr
Aliases: none known
10/07/2008
Worm.Win32.AutoRun.bnb
Aliases: none known
Good article on a recent "Spear phishing" attack on LinkedIn users
10/07/2008
Trojan.Win32.ConnectionServices.e
Aliases: none known
10/06/2008
Win32/Starimp.AX
Aliases: FakeAlert-AB.dr (McAfee), Troj/Agent-HRF (Sophos), Trojan.Fakeavalert (Symantec)
update new patches friend...
boot your computer on dos scan your memory for viruses...
(Avast and mcafee can clean this)
1 comment:
Hi writer
since looking your post could it be the same of related storys in
[url=http://www.avg-free.us]avg free[/url]
Post a Comment