Re: Do you trust the uninstaller?

Author	All Replies
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	reply to sanjuandav Re: Do you trust the uninstaller? Hi sanjuandav, and welcome to DSLReports Security Forum Without taking this thread too far off topic, you should know there are alternative operating systems, but none are what I would call "bulletproof" and you would need to learn how to use and protect them as well. Also, for Windows there are some fine free Antivirus (and other programs) available to protect your system. And there are other things you can do that require no special program at all, just a little know how to secure your system. You might want to start a new topic or browse our FAQ pages »Security get some tips on how to secure your system. In particular, you might want to start with this one: »Security »How do I prevent browser hijacks and spyware? -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-12-07 15:54:52 · (locked)
ambience @cable.rogers	Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters. here's my log ---- Log of AproposFix v1 ********** Running from directory: C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix ******** Registry entries found: [HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45] @="vzx658AHIIHIIJI8Zw\\bhBcHIIHXKIrdiioInF9Az3ONIy8:Cz89IvAv8:y\\zJ9F9" "Device"="\\\\.\\rEbgGMuH" "DriverPath"="C:\\WINNT\\System32\\drivers\\ataridge.sys" "DriverName"="aecport" "HideUninstallerName"="C:\\Program Files\\Abcrixxx\\dmlphost.exe" "UninstallerPath"="C:\\WINNT\\System32\\minvdmod.exe" "UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}" "UninstallerParams"="/CTUN" "HDll"="C:\\WINNT\\System32\\atrctrac.dll" "ServerAddress"="adchannel.contextplus.net" "LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html" "PartnerId"="CP.IST2" "InstallationId"="{Xeaafef2-cba3-7c9a-0cb5-ccb96dcaee12}" "PageFiltering"=dword:00000001 "ClientName"="C:\\Program Files\\Abcrixxx\\srrdocvw.exe" ********** Removing hidden service: Service aecport removed. Removing hidden folder: Deletion of folder Abcrixxx succeeded! Deleting files: Deletion of file C:\WINNT\System32\drivers\ataridge.sys succeeded! Deletion of file C:\WINNT\System32\ddrtopen.exe succeeded! Deletion of file C:\WINNT\System32\atrctrac.dll succeeded! Deletion of file C:\WINNT\System32\minvdmod.exe succeeded! Backing up files: Done! Removing registry entries: REGEDIT4 [-HKEY_CURRENT_USER\Software\CsXhrAvFfS45] [-HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EFA0C85E-FA86-4516-BE63-1BD72C253A34}] Done! Finished!
	to forum · permalink · 2005-12-11 20:41:13 · (locked)
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	said by ambience : Ok, so I used the fix, and it cleaned the problems, but when I rebooted in normal windows, the problems came right back. Those registry keys it deleted returned and i have system restore turned off. I'm still unable to see Device manager or my network adapters. That's a first! It is possible you have some securtiy program settings that are blocking the changes? Are you running Adaware with Adwatch enabled? -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-12-11 20:58:40 · (locked)
ambience @cable.rogers	I do have adaware installed, but AdWatch is turned off. HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time. Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites.
	to forum · permalink · 2005-12-11 21:11:22 · (locked)
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	said by ambience : I do have adaware installed, but AdWatch is turned off. Just turning it off is sometimes not enough. It adds them back when you re-enable it on reboot. Make sure you have disabled Adwatch in this manner: This to Disable AdWatch Open AdAware SE. Go to AdWatch User Interface. Go to Tools and Preferences. At the bottom of the screen you will see 2 options Active and Automatic. Active: This will turn Ad-Watch On\Off without closing it Automatic: Suspicious activity will be blocked automatically Uncheck both options. You can enable these after resolving your problem. quote: HKEY_LOCAL_MACHINE\Software\CsXhrAvFfS45 keeps returning even after deleting that key in safe mode. I ran the fix again in safe mode and it couldn't find anything this time. So you are saying the AproposFix log now comes up clean? quote: Also after looking through my system and googled some files, I seem to have RtKit files on my system, that too will not go away after being picked up by spybot, the spf.sys are all over my computer, deleting the registry keys LEGACY_NPF seem to have no effect as directed by some sites. quote: Those two files I do not see in the log. Possibly you have something else on the system besides this pest? If so, AproposFix will not address those. Go through these steps and post a new topic. We'll see if we can help. »Security »I think my computer is infected or hijacked. What should I do? -- It takes a disaster to make a woman out of a female Microsoft MVP/Windows Security 2003-2006 Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-12-11 21:22:11 · (locked)
ambience @cable.rogers	ok, I don't have ad-watch on because my version of adaware doesn't have it hehe. I do have spysweeper installed, I've noticed sometimes it blocks things. The log below is what I get when I scanned again. Still no device manager Log of AproposFix v1 ********** Running from directory: C:\Documents and Settings\x AMBIENCE x\Desktop\aproposfix ******** Registry entries found: ********** No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished!
	to forum · permalink · 2005-12-11 21:40:16 · (locked)
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	ambience, That log is clean so we've exhausted that. For remaining issues you'll need to go here: »Security »I think my computer is infected or hijacked. What should I do? and then post a new topic.
	to forum · permalink · · 2005-12-11 23:14:44 · (locked)


Wednesday, 02-Dec 17:53:10	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF