so far nothing has worked -this chm file will not disapppear . Fix
with  follow up gets the prize and referral
cache:mk:@MSITStore:C:\speed\start.chm::/start.html#

---

Request for Question Clarification by livioflores-ga on 23 Sep 2004 22:33 PDT

Please post a HijackThis log:

To download it go to:
http://www.snapfiles.com/dlnow/dlnow.dll?Inc=No&ID=106738


For HijackThis guides see in the following pages:
"HijackThis Quick Start":
http://s89223352.onlinehome.us/mirror/hjt/

"HijackThis Tutorial":
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42


When you post the log, I will check it for what do you need to fix.


Regards.
livioflores-ga

---

Request for Question Clarification by hummer-ga on 27 Sep 2004 19:36 PDT

Hi jackarron,

I think you should run the following, in the order given. 

1) Run HouseCall, a very thorough online virus scan:
http://housecall.trendmicro.com/

Download and "check for updates" before scanning:

2) CWShredder:
http://www.spychecker.com/program/coolwebshredder.htmls

2) Adaware
http://lavasoft.element5.com/default.shtml.en

4) SpyBot
http://www.safer-networking.org/en/index.html

You'll find an excellent tutorial at the following website and you
would do well to follow it.

KRC Anti-Spyware Tutorial
http://www.greyknight17.com/spyware.htm

Good luck - let us know how it goes,
hummer

What have you tried so far? Is this related to the MS Technet article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;312456

download:
-----

* aasepro_1.03.rar (you can search for it with google).
* Spybot S&D 1.3

Install these two programs and make sure you have the latest
definition updates for both programs. After that close ALL!!! your
connections with internet.

Run Ad-Aware SE Professional and do a full scan. Wait till it's done.
(DONT OPEN AN INTERNET CONNECTION CAUSE CRAP WILL REINSTALL)
After that, reboot your pc. This is for "Let Windows remove files in
use after reboot"

When you're done with your Ad-Aware scan, start Spybot S&D 1.3. Do
NOT open any connection with your internet yet. Run Spybot's Scanning
Engine. Check all the things it found and repair/delete them.

REBOOT YOUR COMPUTER AGAIN!!

The crap should have been removed.

Please refer to 
http://computercops.biz/postx68920-0-15.html&sid=9235c098582edc5b10f4fbc3493373f9

Try downloading geeksuperhero from http://www.download.com from what i
have read of this, is the file you have on your comp is hijacking it.
Anda geek superhero should remove it with no problems.

Also do not forget to delete all temp internet files and cache files
from your internet explorer before reestablishing internet
connections.

Check this previous GA thread out:

http://www.answers.google.com/answers/threadview?id=397329

Do a search on your local hdd for a couple of files, "hosts" and
"lmhosts". Edit or view these files with Notepad, they will have some
lines at the beginning of the file that explain the file and such, but
at the end either file may have a big list of IP address' and
websites, if so those file(s) maybe have gotten hijacked (and yes,
some spyware detection software won't see it). Edit the file to delete
everything after localhost 127.0.0.1 and resave. Just a thought.
Regards,
PCPHENOM

Ok, 1st things 1st.

Spyware (malware, which is what you have) exploits security holes in
IE. If you repair the symptom of this issue you may not have repaired
the cause. Removing this start file may not solve the problem and it
may come back.

2nd.
I need a better description of what is happening. 

3rd. 
Microsoft will not solve your problem.

Now....what to do. 

1st. 
Make sure you have a backup of what you need. Don't start until you
have no risk of losing data. If you haven't backed up, proceed at your
own risk.

Boot the system into safe mode "command prompt only". 

you can do this by turning the computer on and hitting the F8 key from
when you turn the system on and continue hitting the F8 key about once
per second until a menu comes up. you will see many options including
"command prompt only"

when you get to the command prompt, type in MSCONFIG and hit enter.
This will bring up your startup area. Choose the services are and
click "hide all microsoft services". Now uncheck everything else.
Next.
Choose the "Startup" tab. Uncheck everything. 
Now, type into the command prompt (the black screen) "regedit.exe".
From the file menu choose "Export". Export your registry.

now go back to the command prompt. 
type in control.exe
double click on add remove programs
remove anything you don't recognize. any accidental removals that you
want can be downloaded or reinstalled from disk.

now reboot.

Choose Safe mode with networking

Go online. 
download "Norton Internet Security" from symantec.com....the trial
version is just fine, it will get you out of the woods. )You can
download this using another computer and burn it to CD if you need.

Now, get adaware and update it. run a scan and remove everything.
now, get hijack this. run a scan and remove everything. anything you
need can be reinstalled when your back online (like macromedia
flash).notate if there are any erronious dll's on the system.

now, open internet explorer. goto the tools menu and open "internet options".
go to the "Trusted Sites"area. Remove anything in there.
Now go to the "Internet" option and bring the bar up to "High" security.

Delete you cache, uninstall java and reboot your computer. YOU MUST
UNINSTALL JAVA. This is how 40-60% of malware gets on the system.

In the Norton Internet Security options, disable all Java and ActiveX
controls unless you specifically allow them.

For $20, this is the best answer I can give you. 

You most likely have an MS-redirect exploit or a Trojan.Byteverify on
the system and  your antivirus is not picking it up. I have seen
system that have three trojans on them which an antivirus is running.

Putting IE security on high is COMPLETELY INEFFECTIVE unless you are
running a firewall cuz your ports are wide open. I have seen
everything that was removed come back in less than 3 seconds. You
cannot win without a firewall.

Block ports, delete all startup programs, remove anything you don't
know, hijackthis and adaware.

Thats it for now. 

Good luck.

Open a Command Prompt window and leave it open. Close all open
programs.  Click Start, Run and enter TASKMGR.EXE   Go to the
Processes tab and End Process on Explorer.exe.  Leave Task Manager
open. Go back to the Command Prompt window and change to the directory
the AVI (or other undeletable file) is located in.  At the command
prompt type DEL <filename>  where <filename> is the file you wish to
delete.   Go back to Task Manager, click File, New Task and enter
EXPLORER.EXE to restart the GUI shell.  Close Task Manager.

This worked !  Im new at this what is the protocol ( if any) so you get your fee . 
thanks very much
Jody Sherman