HELP

[macdog]

how do i delette it?

[macdog]

nvm i deletted it

[Fed]

I just knew you'd work it out.

[CBMatt]

With that gone, you no longer see the results of the infection, but you're still not clean.  The site that added this to your menu has hijacked your browser, so if you don't pay attention, you'll just keep getting the entry added to your menu.  And you also have a couple of trojans and downloaders, which you should get rid of.

Before we start, you need to get some anti-virus software.  Download AVG Free, update it, and scan with it in Safe Mode.  You should do the same with SUPERAntiSpyware.  Scanning with those should get rid of most of your infections, but just in case, I will instruct you on what needs to be removed...

Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www/the-exit.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.the-exit.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com

O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [erwghjjrjt] c:\winnt\system32\drivers\ucbcg.exe

O15 - Trusted Zone: http://www.neopets.com

O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/4c791e23a585b1d7ea5127848837a5ed_35.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Inst all3.0/Installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install/installer.exe

O20 - Winlogon Notify: RelevantKnowledge - C:\WINNT\system32\rlls.dll

Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Navigate to and delete the following file(s) if present...

c:\winnt\system32\drivers\ucbcg.exe
C:\WINNT\system32\rlls.dll
c:\winnt\system32\rlvknlg.exe

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.

[oddjob]

firewall? antivirus?  where's winlogon ? 


OJ

[CBMatt]

Due to lack of feedback, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.