anthrorules
Premium
join:2003-09-14
Rollinsville, CO
 ·Qwest.net
 ·IonSKY
|  Madfinder: Keeps Coming Back
Hello, all.
I've been keeping up-to-date with the CWShredder program, and every time I update it and run the SCAN, it always removes Madfinder. Then when I run in the same version, it shows Madfinder as "not present", but when I update the program, again, it finds Madfinder.
Can someone tell me how I can prevent this from installing on my computer -OR- how I can completely delete it for good?
Since it seems that either CWShredder is giving false positive results or it doesn't really delete it or it just keeps coming back.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
2 edits | 
CWShredder Screenshot |
Forgot to mention the following:
- My IE homepage has never been hijacked (run SpywareBlaster and check the option to hide changing the homepage options, although I notice that from time to time, the homepage options become un-grayed, probably another issue)
- I have not noticed the svc.exe file running in my Task Manager.
- I've never seen the BrowserHelper.dll (that is installed by Madfinder) in my C:\Windows\System32 folder.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
| reply to anthrorules
CW Shredder |
Here is link to some instuctions for you. On how to remove MicroSofts Virtual Machine.
Link to Sun Java.
»java.sun.com/getjava/index.html
--
*TeamZ*Member |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| Thanks, but I need to use M$ VM for speed tests, since Sun Java scews the results.
So, does that mean I'll have to live with Madfinder if I keep the $M Virtual Machine...seems ridiculous for me to have to un-install $M Virtual Machine, just to get rid of Madfinder.
Any other suggestions?
Thanks.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
| You could disable Java for your Internet Zone. And allow it in your Trusted Sites setting in your browser.
Our you could use Enough is Enough. Created by Eric Howes to lock to down your browser. And help keep your machine clean.
»www.staff.uiuc.edu/~ehowes/resource6.htm
--
*TeamZ*Member |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England | Just what I was going to write. |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| reply to anthrorules
Thanks for the replies.
I've taken your advice and set higher security settings, including turning off M$ Virtual Machine in my Internet Zone, and added the sites (like speakeasy.net) that I frequent and know that they require M$ Virtual Machine. I do have Java Sun turned off by default for all sites.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
| You may also want to take a look at this site as well.
»www.markusjansson.net/
Lots of good info there on Secure IE settings. And more. 
--
*TeamZ*Member |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to Hutch
Re: Eric Howe UIUC link
Thanks for the link! Eric's Privacy & Security Page looks like a nice reference and tutorial for semi-technical level folks who want to learn, review or teach some of the technical considerations of IT security. It'll be in my bookmarks!
PS really *like* his privacy statement ...
(edited for fingercheck typing)
EG
--
I hate jogging. It makes my beer foam up... |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to anthrorules
Re: Madfinder: Keeps Coming Back
Is your CWShredder 1.35.0?
Maybe you have a new variant....I would do this:
Download
*Hijack This!* »www.tomcoyote.org/hjt/ or »www.spywareinfo.com/~merijn/file···this.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.
Anything out of order might be found in that.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| reply to anthrorules
Yes!
Every time I update the program, it finds MadFinder and removes it. Every single time I update.
And I know about HighjackThis...and run it quite often to double check my system. Nothing out of the ordinary.
Hopefully, the suggestions provided above will avoid having it installed on my computer in the future.
I'll wait for the next update of CWShredder, which the way it's going, should be any day now, and report back if turning off JVM in the Internet Zone solves the problem, if not, then I'll persue other options.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Did you at least get the patch for the exploit as shown in Judgedredd's screen shot?
What does it show when it finds Madfind and removes it on the last screen of the run (the screen after the one you posted?)
Also, did you have ALL browsers and windows closed down?
I still think it would be a good idea to post the HJT log and see what the spyware experts say. It could be hiding in a file that you think is benign but they may be able to spot.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to anthrorules
I have never used CWShredder so I am not sure if it's a false positive or not. Does CWShredder show you the path of Madfinder is so can you send me a copy of it.
--
TrojanHunter Stands For Privacy!!!!!!! |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| reply to CalamityJane
"Did you at least get the patch for the exploit as shown in Judgedredd's screen shot?"
That patch is only for Windows 9.X, Windows 2000 SP2 and higher, and Windows XP Gold SP1, I have Windows XP Professional, and yes, my system is fully patched, there are no patches or updates available at Windows Update.
"Also, did you have ALL browsers and windows closed down?"
Of course.
"I still think it would be a good idea to post the HJT log and see what the spyware experts say. It could be hiding in a file that you think is benign but they may be able to spot."
Fine...here it is....
Logfile of HijackThis v1.97.7
Scan saved at 6:51:31 PM, on 11/21/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apache\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\CFusion\Bin\cfserver.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\JRun\bin\JRun.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Apache\bin\Apache.exe
C:\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\American Systems\EZ Scheduler\EZScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ATClock\AtClock\AtClock.exe
C:\Program Files\PDFX\3.0\pdfSaver\pdfSaver3.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\Palm\hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
C:\Program Files\PGP\8.0.2\PGPtray.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\FRU\Remind32.exe
C:\Program Files\SpywareGuard\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\SpywareGuard\sgbhp.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\FAPMonitor\fapmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »red.clientapps.yahoo.com/customi···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »red.clientapps.yahoo.com/customi···rch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »red.clientapps.yahoo.com/customi···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »red.clientapps.yahoo.com/customi···ahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »red.clientapps.yahoo.com/customi···ahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = M$ Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
https;
ftp;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\AcrobatReader\6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SpyBot\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\RoboForm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\TrojanRemover\Trjscan.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [EZ Scheduler] C:\Program Files\American Systems\EZ Scheduler\EZScheduler.exe /m
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [AtClock.exe] C:\Program Files\ATClock\AtClock\AtClock.exe
O4 - HKCU\..\Run: [pdfSaver3] C:\Program Files\PDFX\3.0\pdfSaver\pdfSaver3.exe
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O4 - Startup: Hewlett-Packard Recorder.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\FRU\Remind32.exe
O4 - Startup: K-Meleon Loader.lnk = C:\Program Files\K-Meleon\loader.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\SpywareGuard\sgmain.exe
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\hotsync.exe
O4 - Global Startup: HPAiODevice(hp officejet 5100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 5100 series\Bin\hpoant07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft\Office\Office\OSA9.EXE
O4 - Global Startup: PGPtray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet\2003\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet\2003\\Wizard.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\RoboFormComFillForms.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet\2003\\Parser.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\RoboFormComSavePass.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Offline (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: www.dslreports.com
O15 - Trusted Zone: www.hpsfaa.org
O15 - Trusted Zone: nyc.speakeasy.net
O15 - Trusted Zone: phl.speakeasy.net
O15 - Trusted Zone: wdc.speakeasy.net
O16 - DPF: {0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class) - »www.webtrends.com/Download/Brows···etup.dll
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - »127.0.0.1:8080/CFIDE/classes/CFJava.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - »download.mcafee.com/molbin/Share···wFld.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - »bin.mcafee.com/molbin/shared/mci···sctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »207.188.7.150/093ff0e78610e3844b···E601.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - »toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···78472222
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - »bin.mcafee.com/molbin/shared/mcg···dmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA92F1E7-398F-4C05-B4F9-733C620A0B2A}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA92F1E7-398F-4C05-B4F9-733C620A0B2A}: NameServer = XXXX
XXXX = replaced for security - DNS servers
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO | reply to Vampirefo
Thanks for the offer, Vampireinfo.
Unfortunately (well fortunately for me at this time), CWShredder already removed it from my system. |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
1 edit | I downloaded CWShredder and tested it, it's a false alarm, I don't like CWShredder at all, it should list the paths before it deletes anything. What it deletes and wrongly calls MadFinder is this registry entry, which upon reboot XP recreates it, so on every reboot CWShredder will claim to remove MadFinder.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager
To prove this copy and past below in notepad save as MadFinder.REG then merge to your registry, then run CWShredder.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager]
--
TrojanHunter Stands For Privacy!!!!!!!
|
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
1 edit | Thanks, VampireInfo.
Okay, so your test did work on my system, it deleted that registry key.
I guess the next question is, do I have trojan on my system?
I am very careful with my security, including running Trojan Remover daily...and no malicious files have been found to date.
After doing a quick search for the key you mentioned, I found out that quite a few trojans add this key in the registry.
»securityresponse.symantec.com/av···y.d.html
»us.mcafee.com/virusInfo/default.···k=100522
»www.esecurityplanet.com/alerts/a···/3095901
Is this is a malicious key? If so, how do I get rid of it for good? I was thinking of deleting all my Restore Points, deleting the key, and then setting a Restore point.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 1250 | Dell Dimension 4550 - WinXP Pro SP1 - 256MG Ram |ZA+ 4.5 | AVG 7.0 | Trojan Remover | Ad-Aware | SpyBot S&D | MailWasher Pro 3.2 |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
1 edit | No this entry is not malicious it's created by XP.
--
TrojanHunter Stands For Privacy!!!!!!!
|
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO | Hmm...in the links I provided above, all of them mention that the trojans add that registry key, is that mis-information? |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| said by anthrorules  :
Hmm...in the links I provided above, all of them mention that the trojans add that registry key, is that mis-information?
Yes, and no they don't add it unless ones OS doesn't have it, they do add values to it, if you have any values in that key delete them.
--
TrojanHunter Stands For Privacy!!!!!!! |
|
