Manual Removal

0james0

Appologies for starting a new thread so soon after my last issue!

While looking for info on my infections I ended up on the wiki virus site, it advised me to download Spyhunter 3 for free.

I did and it found loads of infections that all the rest missed (MBAM, SBS&D, SASP, AA -hope you understand the shortened versions of their names!)

Of course, to remove these items I need to pay, which I'm not going to do.

It does tell me where they are located to, is it as simple as using reg edit and removing said infected files?

See my earlier issues and Hijackthis logs here: http://forums.moneysavingexpert.com/showthread.html?t=1762027

0james0

Oh and to be clearer on where the infections are located, they are all in one place:

HKLM\SOFTWARE\Microsoft Windows\Current Version\Internet Settings\ ZoneMap\ EscDomains\ xxxxx.com

With the xxxxx.com being loads of different "adult" sites

Result of a Zlob Trojan apparently

0james0

While having an adventure into the ESCdomains section in regedit, I've noticed that it is filled, and I mean filled, with loads of nasty looking websites.

I just want to delete the whole Ecdomains section now!

Need advice on if that is a stupid thing to do.

I'm on Vista 32 bit.

-TangleFoot-

This may shed some light on the matter.

kippen_noedel

when running anti virus and spyware removal software it's always best to do so from Safe Mode

getting rid of Zlob & Smitfraud - Vista ONLY
grab this http://www.malwarebytes.org/rogueremover.php save this to desktop rr-free-setup.exe update immediately, and scan, just follow instructions

run hijackthis again and post log.

-TangleFoot-

kippen_noedel wrote: »

getting rid of Zlob & Smitfraud - Vista ONLY

What makes you think they're responsible? This stuff could have been put there by SpyBot for all we know!

0james0

-TangleFoot- wrote: »

This may shed some light on the matter.

It shed so much light I couldn't even understand it!

I did think that the Spyhunter app may have just put stuff there.

Do you think its safe to delete all the junk in Escdomains?

0james0

kippen_noedel wrote: »

when running anti virus and spyware removal software it's always best to do so from Safe Mode

getting rid of Zlob & Smitfraud - Vista ONLY
grab this http://www.malwarebytes.org/rogueremover.php save this to desktop rr-free-setup.exe update immediately, and scan, just follow instructions

run hijackthis again and post log.

They no longer run it seperate, it just advises to use Mal Bytes.

I'll try run Mal Bytes in safe mode and see what it finds.

Did you see some iffy stuff in my last Hijackthis log?

-TangleFoot-

0james0 wrote: »

I did think that the Spyhunter app may have just put stuff there.

Possible, but unlikely. I suspect they're all false positives. Y'see, the likes of Spybot and SpywareBlaster incorporate a sort of vaccination capability: they add a long list of nasty web addresses to Internet Explorer's Restricted Sites list, so that should you accidentally visit one you'll be moderately well protected from any gremlins that reside there. Some anti-malware applications notice these blacklisted addresses and assume that their presence is a Bad Thing. Frankly, I think you'd be better off removing SpyHunter instead. It has a rather unsavoury reputation.

If you want to remove them regardless, you should be able to do so from within Internet Explorer.

kippen_noedel

-TangleFoot- wrote: »

What makes you think they're responsible?

#I took his words literally "Result of a Zlob Trojan apparently "

it's why I asked for a fresh log to be posted, no point in reading a log that has already been worked on. haven;t seen zlob on a pc for over a year.

kippen_noedel

forget Spy Hunter, it's shareware at best

try either of these, use free versions only
http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

and try Firefox with the addons Noscript and ADBlock Plus instead of IE.