Forum     

Go Back   Digit Technology Discussion Forum > Portables, Peripherals and Electronics > QnA (read only)
180 search assistant 180 search assistant
Register FAQ Calendar Mark Forums Read

QnA (read only) Mods please help transfer the contents of this forum to proper sections. :)


 
 
LinkBack Thread Tools Search this Thread Display Modes
Old 11-06-2005, 11:43 AM   #1 (permalink)
Apprentice
 
Join Date: Aug 2004
Location: Right Ahead of u
Posts: 81
Default 180 search assistant

my pc is infected with the 180 s.a spyware and spybot is doing nuthin about it.. plz help
__________________
~YOU LEARN FROM UR FAILURES , OTHERS LEARN FROM YOUR SUCCESS...
BLITZ~KRIEG! is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 11-06-2005, 12:31 PM   #2 (permalink)
In The Zone
 
anomit's Avatar
 
Join Date: Mar 2005
Location: Kharagpur
Posts: 252
Default
Its a hell of a task to remove it manually. First of all try using MS Antispyware and Ad-Aware if you haven't used it.

Otherwise this is the manual process:

Quote:
1.Stop Running Processes:

Kill these running processes with Task Manager:

30.exe
34yf28fg.exe
c:\temp\salm.exe
gm.exe
istsvc.exe
iunkjjsc.exe
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\sais.exe
saie1101.exe
salm.delete.exe
shopinst.exe
systemroot+\adg.exe
systemroot+\avghalsb.exe
systemroot+\cjqxe.exe
systemroot+\knuzql.exe
systemroot+\qhutst.exe
systemroot+\temporary internet files\content.ie5\klyrklmh\msbb[1].exe
videoinst.exe

2. Remove Autorun Reference:

Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run


If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\adg, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\cjqxe, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\salm, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\shytersd, delete it and reboot the machine immediately.

3.Unregister DLLs:

Unregister these DLLs with Regsvr32, then reboot:
atpartners.dll
c:\temp\salmhook.dll
programfilesdir+\180solutions\msbbhook.dll
programfilesdir+\180solutions\ncmyb.dll
programfilesdir+\180solutions\saishook.dll
sfbho.dll
systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
systemroot+\downloaded program files\conflict.1\ncaselib.dll
systemroot+\downloaded program files\ncaselib.dll

4.Clean Registry:

Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\interface\{8dd50c56-8a07-40b9-98c4-3f169e3ae28e}
HKEY_CURRENT_USER\software\180solutions
HKEY_CURRENT_USER\software\salm
HKEY_LOCAL_MACHINE\software\180solutions
HKEY_LOCAL_MACHINE\software\iefeatures
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\app management\arpcache\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\c:/windows/downloaded program files/conflict.1/ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\c:/windows/downloaded program files/conflict.1/ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\moduleusage\c:/windows/downloaded program files/ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\adg
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\cjqxe
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\salm
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\shytersd
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shareddlls\systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shareddlls\systemroot+\downloaded program files\conflict.1\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shareddlls\systemroot+\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\msbb
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\msbb\displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\msbb\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\msbb\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\uninstall\salm
HKEY_LOCAL_MACHINE\software\msbb\boom
HKEY_LOCAL_MACHINE\software\msbb\boom_ver
HKEY_LOCAL_MACHINE\software\msbb\did
HKEY_LOCAL_MACHINE\software\msbb\duid
HKEY_LOCAL_MACHINE\software\msbb\gma
HKEY_LOCAL_MACHINE\software\msbb\gpi
HKEY_LOCAL_MACHINE\software\msbb\gvi
HKEY_LOCAL_MACHINE\software\msbb\mt1
HKEY_LOCAL_MACHINE\software\msbb\mt2
HKEY_LOCAL_MACHINE\software\msbb\mt3
HKEY_LOCAL_MACHINE\software\msbb\partner_id
HKEY_LOCAL_MACHINE\software\msbb\product_id
HKEY_LOCAL_MACHINE\software\salm

5.Remove Files:

Remove these files (if present) with Windows Explorer:
180ax.log
180ax_gdf.dat
180ax_kyf.dat
180axau.dat
180solutions.txt
30.exe
34yf28fg.exe
atpartners.dll
c:\temp\salm.exe
c:\temp\salm.log
c:\temp\salm_kyf.dat
c:\temp\salmhook.dll
deleteatreboot.bat
dumprep.exe-1b46f901.pf
dwwin.exe-30875adc.pf
gm.exe
istsvc.exe
iunkjjsc.exe
pestpatrol.exe-0bbbd3d1.pf
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
profilepath+\recent\salm.log.lnk
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\msbbhook.dll
programfilesdir+\180solutions\ncmyb.dll
programfilesdir+\180solutions\sais.exe
programfilesdir+\180solutions\saishook.dll
saie.log
saie1101.exe
sais.log
sais_gdf.dat
sais_kyf.dat
saisau.dat
salm.delete.exe
salm.exe-1f186734.pf
salm.exe-27b5f52a.pf
salm.lnk
salmau.dat
sfbho.dll
shopinst.exe
systemroot+\adg.exe
systemroot+\avghalsb.exe
systemroot+\cjqxe.exe
systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
systemroot+\downloaded program files\conflict.1\ncaselib.dll
systemroot+\downloaded program files\ncaselib.dll
systemroot+\knuzql.exe
systemroot+\qhutst.exe
systemroot+\temporary internet files\content.ie5\klyrklmh\msbb[1].exe
videoinst.exe
working.lnk
systemroot refers to C:\Windows\
programfilesdir refers to C:\Program Files\
profilepath refers to C:\WINDOWS\system32\config\systemprofile
Phew! Isnt that huge?

DO a scan using HijackThis and post the log file here.
__________________
Don\'t SYN me, I'll SYN you. :p
anomit is offline  
Old 11-06-2005, 12:41 PM   #3 (permalink)
Human Spambot
 
expertno.1's Avatar
 
Join Date: May 2005
Location: Expert Planet
Posts: 2,480
Default
well dude update your soft to the latest and get new definitions

aslo try some other stuffs like these

http://snapfiles.com/downloadfind.ph...&search=Search
__________________
Off From Digit Forum for some months.....busy
expertno.1 is offline  
Old 11-06-2005, 01:52 PM   #4 (permalink)
Going green anyone?
 
qarch's Avatar
 
Join Date: Feb 2005
Posts: 69
Default
I also had this problem. Spybot could not remove it fully. So I removed it manually - first using the task manager as above (checked filenames, their location on the drive to decide which running files to delete from TM), then the files, then the registry manually one by one. In the process I deleted some other files also but was able to reinstall the concerned software (my printer driver uses a TSR called sagent.exe which I thought was a part of 180 s.a.). Now the system is fine.
qarch is offline  
Old 11-06-2005, 08:48 PM   #5 (permalink)
Broken In
 
Join Date: Jun 2005
Posts: 185
Default
Lavasoft's ad-aware works great . Use this and let it handle the problem. Try not to play around with registry entries . It can be deadly
Huzefa is offline  
Old 11-06-2005, 09:19 PM   #6 (permalink)
Distinguished Member
 
anandk's Avatar
 
Join Date: Mar 2005
Location: Pune
Posts: 3,783
Default
why remove it manually when ms anti-spy, adaware will remove it for you.

u cud also try spyware doctor and spybot or xoftspy.
__________________
> www.TheWindowsClub.com <
= www.WinVistaClub.com =
Microsoft® MVP
anandk is offline  
Old 11-06-2005, 10:59 PM   #7 (permalink)
QA Juggler
 
saROMan's Avatar
 
Join Date: Aug 2004
Location: format c: /s/u/x
Posts: 801
Default
[quote="anomit"]Its a hell of a task to remove it manually. First of all try using MS Antispyware and Ad-Aware if you haven't used it.

Otherwise this is the manual process:

Quote:
1.Stop Running Processes:

Kill these running processes with Task Manager:

30.exe
34yf28fg.exe
c:\temp\salm.exe
gm.exe
istsvc.exe
iunkjjsc.exe
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\sais.exe
........................



WOW...Detailed and Comprehensive work dude...keep it up
__________________
8-) सारोमान :!: :!: :!:
saROMan is offline  
Old 12-06-2005, 10:29 PM   #8 (permalink)
In The Zone
 
ashisharya's Avatar
 
Join Date: Jan 2005
Location: Locating....Locating...Access Denied!!!
Posts: 410
Default
Use Lavasoft Ad-Ware to remove spywares and adwares.
__________________
To follow the path:
look to the master,
follow the master,
walk with the master,
see through the master,
become the master. -Zen
ashisharya is offline  
Old 17-06-2005, 01:35 AM   #9 (permalink)
String Phreak
 
mediator's Avatar
 
Join Date: Mar 2005
Location: In ur Evil Mind!
Posts: 2,457
Default
Hey just dont use anti spys only also clean ur system completely!
I wud suggest using "steganos internet trace destrucer"! after scanning ur pc with anti spy softwares!
__________________
Bad Bad server.....No candy for u!
mediator is offline  
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
Latest Threads
Max Payne 3
- by abhidev
Battlefield 3 discussion!
- by cyborg47
National Telecom Policy 2012 Approved
- by ssk_the_gr8
Dead Space 3 Rumoured
- by vickybat
Should I buy Galaxy S2 now?
- by techlover
Windows 8 Thread.
- by Sujeet
The LG Optimus One Thread
- by noobdroid
Indie bundles/deals
- by Krow
Urgent help required!
- by nikhilnayak
Activision vs Jason West/Vince Zampella
- by cyborg47

Advertisement




All times are GMT +5.5. The time now is 08:17 AM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2