PPRuNe Forums - View Single Post - Zone Alarm latest update trouble
Thread: Zone Alarm latest update trouble
View Single Post
Old 12th Nov 2004, 17:28
  #6 (permalink)  
E-Liam
 
Join Date: Jan 2004
Location: Bracknell UK
Posts: 357
Likes: 0
Received 0 Likes on 0 Posts
Hi TG,

The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…

O1 - Hosts: 203.161.127.141 www.dcsresearch.com

O3 - Toolbar: Enfish Find... - {1F680408-B58A-40B0-A330-50A344786F97} - C:\Program Files\Enfish Corporation\Client\EtiFndBr.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe

O4 - HKLM\..\RunServices: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe

O4 - HKCU\..\Run: [Slingshot Tray App] C:\Program Files\Enfish Corporation\Client\EtiTray.exe /startup

O4 - HKCU\..\Run: [WindowsRegKey upd4te2d4te] dcxrpaeur.exe

O4 - Global Startup: Image Transfer.lnk = ?

O16 - DPF: EtiGrab - http://www.enfish.com/smart_install/etiGrab.cab

O18 - Protocol: eti - {3AAE7392-E7AA-11D2-969E-00105A088846} - C:\Program Files\Enfish Corporation\Client\EtiPBrkr.dll

Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK.

Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\WINNT\Temp folder, but not the folder itself. Next please find and delete the following bolded file...

C:\WINNT\System32\dcxrpaeur.exe

..and this folder...

C:\Program Files\Enfish Corporation

Then please boot back into normal mode and download AdAware SE from here.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file

· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed

3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information

4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot

5. Click on Proceed to save the settings.

6. Click Start and on the next screen choose:
· Use Custom Scanning Options

7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program.

Click on Updates | Download Updates, and follow the prompts.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.

Next, please reboot and post a new log for a final once over.

Then, you really need to update your security. XP is on SP2 now, and IE is on SP1. These patches cover huge holes in both operating system and browser. I'd suggest for the OS updates that you get a PC mag disc or similar.. If you're on dial up, it takes forever. The IE patches take less time though. Just lick on teh Windows update button, or go url=http://v4.windowsupdate.microsoft.com/en/default.asp]here[/url], click Scan for updates in the main frame, and download and install all CRITICAL updates recommended. (Again, unless you're on broadband, do the OS patches off a disc.

I've just seen that you sent a new PM, so I'll just go and read that, and then I have to pop out for a an hour. I'll check up how you're doing later.

Cheers

Liam

---------------------------------------------------------------------------------
A member of the Alliance of Security Analysis Professionals since 2004.
E-Liam is offline