Quote:
Originally posted by Mobo@May 2 2005, 04:13 AM
Hi and welcome.
Lets start by having you rescan once again with hijack, insert a check next to each of the fiollowing then close all other open browser windows and click "fix checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O4 - HKLM\..\Run: [dmc] C:\WINDOWS\System32\dmc.exe
O4 - HKLM\..\Run: [z13fi] C:\WINDOWS\System32\z13fi.exe
O4 - HKLM\..\Run: [ootvrfyb] C:\WINDOWS\System32\ootvrfyb.exe
O4 - HKLM\..\Run: [ehljqvyiuele] C:\WINDOWS\System32\cotpbq.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
Then set the system to show hidden files and folders as per http://www.spyware911.net/forum/index.php?...ge&pg=showfiles
Then reboot into safe mode as per this http://www.spyware911.net/forum/index.php?...age&pg=safemode
Open windows explorer, find then delete:
C:\WINDOWS\alchem.exe
C:\WINDOWS\System32\cotpbq.exe
C:\WINDOWS\System32\ootvrfyb.exe
C:\WINDOWS\System32\z13fi.exe
C:\WINDOWS\System32\dmc.exe
Then reboot normally, reset the browser homepage, rescan with hijack and post a fresh log.
<div align="right">Quoted post</div>
|
okay, cuz the trojan i got was optix pro.
how do u delete from windows explorer?