|
|
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=31403
O2 - BHO: (no name) -
{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\WV2PHP~1.DLL
O20 - AppInit_DLLs:
botxnknn8w6j.dll
|
|
|
|
Click here to download TheKillbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it. In the 'Paste Full Path of File to Delete' box, copy and paste this
entry:
The file identified in AppInit_DLLs key -
C:\WINDOWS\system32\******.dll
Don't click any of the buttons though, instead click on the Action menu and choose "Delete on Reboot". In the window that opens up, click on the File menu and choose "Add File". The file should show up in the window. Then in the same window choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run
TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox
again.
Using HijackThisclose all browser windows, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed
checked':
The R0 - HKCU value redirecting to http://www.windowws.cc/hp.htm
The O2 - BHO: random CLSID with concatenated filename
The O20 - AppInit_DLLs: dll entry
Reboot when done. Rescan with HJT and check the new log.
|
|
