How to get rid of this

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

How to remove from the Register of my WinXP Pro SP2
the following malware:
spyware:   iehelp
adaware:   favadd,   wupd,   ist.istbar

My system is clean but I can't get rid of above.

I'm looking for a freeware or shareware software.

Regards,
Artur

Re: How to get rid of this


| Hi,
|
| How to remove from the Register of my WinXP Pro SP2
| the following malware:
| spyware:   iehelp
| adaware:   favadd,   wupd,   ist.istbar
|
| My system is clean but I can't get rid of above.
|
| I'm looking for a freeware or shareware software.
|
| Regards,
| Artur



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
Version 6.0 update 1 (jre 6u1)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_01

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE 2007
  http://www.lavasoft.de /
  http://www.lavasoftusa.com /
  http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
  http://security.kolla.de /
  http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
  http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.


For viral malware...

* Download MULTI_AV.EXE from the URL --
  http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How to get rid of this

Thank you very much for your answer.

Quoted text here. Click to load it


At the moment I have: C:\Program Files\Java\jre1.5.0_07
I don't remember what it is used for but I understand that I should update it.

From time to time an icon of Sun Java appears on the task bar and in the same
time
a directory Sun is created in the C:\Windows and under C:\Documents and Settings.
As I don't know what it is for, I always cancel the icon.
I don't know if it is connected with the version of jre.
Could you explain it to me, please?

For non-viral malware I use:
Ad-Aware SE Personal Build 1.06r.1 with installed definition file:
SE1R178.29.06.2007
SpyBot Search and Destroy 2000-2005 (from Help -> About).
a-squered Free 2.0
Unfortunatelly, none of them is able to remove the malware mentioned above,
in Safe Mode either.

For viral malware I use:
AVG Free Edition ver. 7.5.476 with virus base 269.9.14/880 with Resident Shield.

I'll try to download and install all other software you suggested.

Thanks once again.
Regards
Artur

Re: How to get rid of this - cont.

Quoted text here. Click to load it

I remove not only the icon but also the Sun subdirectory in the above
directories.
Is it correct?

Artur

Re: How to get rid of this - cont.



|
| I remove not only the icon but also the Sun subdirectory in the above
directories.
| Is it correct?
|
| Artur

Fisrt use the Control Panel applet "Add/Remove Programs" and remove ALL versions
of Sun Java
before installing v6 update 1.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: How to get rid of this - cont.

Quoted text here. Click to load it

I used the Add/Remove Programs and removed J2SE Runtime Environment 5.0 Update 7
yesterday.
Since then the computer hasn't prompted to install Sun Java yet. If it does,
I'll install ver. 1.6.0_01.

I also downloaded and installed the SuperAntiSpyware and scanned the system in
Safe Mode.
It found 4 trojans in 3 files and although the IEXPLORER
(C:\WINDOWS\IEXPLORER.EXE)
was among checked and removed or at least quarantined files, after rebooting the
IEXPLORER works.
The list of quarantined Items in ManageQuarantine.. in SuperAntiSpyware Main
Menu window
is empty.
It didn't find the malware I mentioned in my first news. However I think it was
a false alarm,
as it was found by Panda ActiveScan program only and, as I read in the Internet,
a lot of people
don't trust the Panda program.

What do you think about AVG Free Edition ver.7 ? I am used to it and I don't
know whether
I should replace it with one of the components of MULTI_AV like McAfee or
Kaspersky.
I read that one should use just one antivirus program in a system.
By the way, I use the firewall that is in the WinXP Pro SP2 only - is it enough?

Thanks for youe help.
Regards
Artur


Re: How to get rid of this - cont.

Artur aka a@k.com,after much thought,came up with this jewel:

Quoted text here. Click to load it

Don't wait for a prompt-just install the latest and greatest-
Sun Java 6.0


Quoted text here. Click to load it

The XP firewall is minimal at best. Buy a router with built-in firewall.
I don't care much for AVG or Avast. Use a good AntiVirus program like
NOD32 or if you need a free one use AntiVir. MULTI_AV can be used for
an on-demand AV. BitDefender has a free,on-demand scanner. You would be
better off learning how to make your system more secure like turning
off unused services,using a more secure browser and email client etc.I
have more tips and links on my pages.
max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.

Re: How to get rid of this - cont.

Thank you very much.

Quoted text here. Click to load it

What does the WinXP Pro SP2 need Sun Java to?

Quoted text here. Click to load it

I not only have read your news carefully but also visited your pages.
In the near future I'll try to apply the tools.

Regards
Artur


Re: How to get rid of this - cont.

Artur aka a@k.com,after much thought,came up with this jewel:

Quoted text here. Click to load it

Microsoft's Java Virtual is not supported anymore(because of lawsuits)
so you need to install the java runtime from Sun.
Some pages you visit use java,that is why the java icon appears in your
toolbar from time to time.

Quoted text here. Click to load it

Thanks for taking the time to read my pages. I also have links to more
info on my Tools page.

max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.

Re: How to get rid of this


Quoted text here. Click to load it
f-disk and format will sort it for good.




Re: How to get rid of this

'Dave '
| f-disk and format will sort it for good.
_____

 So will a hammer, but so what?

Phil Weldon

|
| > Hi,
| >
| > How to remove from the Register of my WinXP Pro SP2
| > the following malware:
| > spyware:   iehelp
| > adaware:   favadd,   wupd,   ist.istbar
| >
| > My system is clean but I can't get rid of above.
| >
| f-disk and format will sort it for good.
|
|
|



Site Timeline