cache:mk:@MSITStore:C:\speed\start.chm::/start.html# - did not match
any documents.

how do I kill thia plague on humanity

---

Request for Question Clarification by hummer-ga on 06 Sep 2004 07:53 PDT

Hi  jackarron,

The key is to delete the C:\spe folder. Follow the instructions as
outlined by Mow Green at the AUMHA forum.

>>>> AUMHA FORUMS:
NE - mk:@MSITStore:C:\spe\start.chm::/start.html#:

" Please download this tool to fix the start.chm hijack.
http://tools.zerosrealm.com/startchmfix.exe

Download it. Run it and extract the folder to the desktop preferably.
Open the folder after extracted.
Please make sure all Internet Explorers are closed.

Double click the fix.bat
( Only run it once or you will lose the backups although they
shouldn't be needed. )

Notepad will open at the end with a message and the bad file listing
at the end. Please post that bad file listing line here. If no files
show in the bad file listing then do a Reboot and do a search for
either of these highlighted files and DELETE them:

C:\Windows\System32\ C_10230.DLL or
C:\Windows\System\crt32_v2.dll 

There should be no folder named spe . It contains the hijacker,
start.chm, and must be deleted. Start.chm fix should have created a
C:\backup folder and this will contain the "bad" .dll file . Since it
has no name, we'll delete the C:\spe folder."
http://forum.aumha.org/viewtopic.php?t=7468

You should also run the following programs (be sure to update before running):

CWShredder:
http://www.majorgeeks.com/download4086.html

AdAware:
http://www.majorgeeks.com/download506.html

Spybot:
http://security.kolla.de/index.php?lang=en&page=download

Please let me know how that goes -
hummer

---

Clarification of Question by jackarron-ga on 06 Sep 2004 15:05 PDT

Thank you for assiting me - I ran the fix tool but IM not sure what i
do next  Am I suppose to look for the files after I restart . I
clicked explorer and the page is still active ( I guess I probably
should not have done that huh? ) Im not clear where I am suppose to
look for the infected file after I run the fix tool download.... If
additional fees are required let me know and I will post them .
Thanks so much for all your help 
jody sherman

---

Request for Question Clarification by hummer-ga on 06 Sep 2004 18:12 PDT

Hi Jody,

I have been reading alot of information about this plague and I am
convinced that Mow Green is the person who can help you. If I were
there with you I'd feel more confident about trying to help but at
this point I think you should post to Mow's forum so that he can
tailor-make a solution for you.  If I try to help you, I would just be
trying to interpret his instructions so it would be best for you to
communicate with him directly.

Start a new thread on the AUMHA forum.
http://forum.aumha.org/viewtopic.php?t=7468

I'm sure everything will be fine soon. Please don't feel that I'm
abandoning you - I'd love to see this through to the happy end with
you but all things considered, Mow's got this one covered more than I.
 I'll check in at the forum and see how you are making out.

Sincerely,
hummer

---

Clarification of Question by jackarron-ga on 04 Oct 2004 22:36 PDT

problem fixed !  
thanks so much for all your help

Dear Jody,

Thank you for the good news and for giving me the opportunity to post
my answer, I appreciate it. Here it is again to make it official.

>>>

The key is to delete the C:\spe folder. Follow the instructions as
outlined by Mow Green at the AUMHA forum.

>>>> AUMHA FORUMS:
NE - mk:@MSITStore:C:\spe\start.chm::/start.html#:

" Please download this tool to fix the start.chm hijack.
http://tools.zerosrealm.com/startchmfix.exe

Download it. Run it and extract the folder to the desktop preferably.
Open the folder after extracted.
Please make sure all Internet Explorers are closed.

Double click the fix.bat
( Only run it once or you will lose the backups although they
shouldn't be needed. )

Notepad will open at the end with a message and the bad file listing
at the end. Please post that bad file listing line here. If no files
show in the bad file listing then do a Reboot and do a search for
either of these highlighted files and DELETE them:

C:\Windows\System32\ C_10230.DLL or
C:\Windows\System\crt32_v2.dll 

There should be no folder named spe . It contains the hijacker,
start.chm, and must be deleted. Start.chm fix should have created a
C:\backup folder and this will contain the "bad" .dll file . Since it
has no name, we'll delete the C:\spe folder."
http://forum.aumha.org/viewtopic.php?t=7468

You should also run the following programs (be sure to update before running):

CWShredder:
http://www.majorgeeks.com/download4086.html

AdAware:
http://www.majorgeeks.com/download506.html

Spybot:
http://security.kolla.de/index.php?lang=en&page=download

>>>

Since working on your question, I've found an excellent tutorial on
spyware removal - here is the link for future reference.

How to: Spyware, Trojan And Virus Removal
http://forums.majorgeeks.com/showthread.php?t=35407

Also, it's a good idea to run a HouseCall virus scan about once per
month (this is in addition to your regular virus program) - it often
catches things that others miss.

HouseCall, a very thorough online virus scan:
http://housecall.trendmicro.com/

Thanks again,
hummer

This is not a worm. You may have clicked on a link in a CHM files.
This link gives access to an unavailable file start.html which is a
simply HTML file within "start.chm".

These help files are usually build in a special program and cannot
contain a malicious worm. Here is what a sample CHM file looks like:
http://www.rctek.com/chm_info.html

this did not help but thansk for trying . The problem is fixed,.