Mere_Mortal......Nice to see you join us......You seem to know a lot about the hijacker ........
"Why on earth are you getting the user to remove the Windows Update file? There is no way to tell this is a trojan without first knowing the Operating System.
There is no of knowing the Operating System because this information has not been included in the posts. Probably XP, but that cannot be assumed "
The user is using WinXP with SP1 .......
As far as ..... wuauclt.exe ........ yes your correct about it being a win update file .......but have you seen this ....
http://www.auditmypc.com/process/wuauclt.asp ,
As far as .....C:\Program Files\Messenger\msmsgs.exe ,
yes I saw that as well however the user says he didnt have it . ( He may not realise that its there ) ,
All of the "safe sites" need to be removed. There is a possibility that some will resist removal. Again there where a number of these which were in fact ( not good )
The user has removed them and it was suggested that he look carefully at each of the ones remaining .
Internet Optimizer ..... optimize.exe ........is considered a Users Choice .
"All malicious files need to be removed from the computer. Chances of reinfection are high if the files still exist. " Again we are in complete agreement .....
Quote:
Are you sure your using hijackthis correctly ?
"In my honest opinion, I think you need to be asking yourself the same question. "
I am certainly not the expert on using hijackthis that you seem to be .......Could we have missed an rogue entry .....absolutely ....we're only human......
As a referance to removing unwanted entries , I use ....
http://www.spywareinfo.com/~merijn/downloads.html ....I believe that merijn has done a tremendous amount of work re the hijacker .........
and also use ........
http://computercops.biz/HijackThis.html I would trust that you will continue to visit this site and offer your expertise in assisting the good people who come here seeking assistance.
Have a good one ,
dl65