Well, I didnt want to say it before, as I wasn't certain, but I think I have won the battle, with no help from any anti-virus software I might add. I wish I had found the thread I post below (majorgeeks) sooner, as it might have saved me some time!! Anyway. . . much of what I did is what one guy there did that fixed his infection. My lawyer has advised me to make this disclaimer: let me say that if any of this isn't clear, or you dont know how to use any of the listed programs that I would be more than willing to help you out on coms or the phone. . . so just ask. If you delete stuff in the registry or your system folder and kill your machine, don't blame me!AnywayMy Norton and ZoneAlarm became dissabled so to get them back in working order I had to reinstall them. press ctrl-alt.del and look in the process lists for anything strange (if you go to the task manager often they should stick out like sore thumbs, if not, well, then you have to google everything in the list) Go into the programs page of ZoneAlarm and look for any of the strange little .exe proggies that are trying to get to the internet. . stuff like apity.exe, apibj32.exe, ieoq.exe, sysxg.exe keep in mind this virus creates hundreds if not thousands of different reandom names for the infected files, so just look for anything strange, then search on the web for it, and use google and some common sense to figure out what they are and block them. HijackThis was pretty handy, so I guess thats deserves some credit. The way I did it was to uninstal any updates to Internet Explorer, then go into my add remove programs (windows components button), and uncheck the box for Internet Explorer to disable/uninstall it. I also removed any updates to Office XP and then rebooted to safe mode and ran all the virus checkers. nothing new here yet. . these are the first things I did which did nothing, but would still be a good idea anyway, as I found a LOT of different infections. . .VBS Malware script, LOADS of .dll and exe trojans and virus files etc.Even though I stopped using IE I kept running Browser HijackBlaster to let me know any time anything was changed if it was, though it wasnt needed with firefox, but at least I could verifiy that. Now for how I actually fixed it: I went into the registry. . this is the dangerous part, be EXTREMELY careful , go yo regedit, then Edit>Find and type in that "res://sdshdjs.dll****" string that your browser keeps resetting to, and delete any of those entries in the registy (PM me for the actual name to search for if you dont know it. . . I dont wanna spread it around). I also noticed I had a odd program called "Home Search Assistent" in my add remove programs window and I discovered it had left many registy entries (many contained a search thread
http://looking- for.cc/"unistal" or "search"****) under the tabs SA, SE, HSAetc. **Make an export backup of these registry folders that contain the suspect entries (IMPORTANT IF YOU SCREW SOMETHING UP THESE LOOK LIKE, AND IF YOU GOOF UP, MAY VERY WELL BE ACTUAL WINDOWS COMPONENTS!!).*** To do this right click the folder branch, then click export and type in the name to save to desktop or somewhere. To verify that these are part of this virus you can look to the window on the right to see if they have that string I jsut typed in parenthesis. Use caution not to be looking in the windows Search Assitant registy. . . when I first found that I though I was infected with like 50 more major trojans. . .as I say all the kk32.dll surf.dat etc entries. .. then I realized that this entry was just the registry entry for the windows search feature to autocomplete when I type search names into the window. . so when I was searching to see if I had anythign on my machine I was writing these names into the registry. . how silly. . .but boy was that a fright!!!!Anyway, I deleted the HSA(HomeSearchAsistent), SA (search assistent), SE (search extender) that I found in there, (there are others that might be on your system, see that thread I posted before for some such entries). I looked for anythign else that seemed odd. . any strange .dlls or .exes, I ran HiJackThis many times and made sure to research anyhting before I deleted it, but then had a field day removing things. Once I had done this and rebooted a few times and ran Avast Virus boot and desktop scans (seemed to pick up things norton missed) a few times, norton a few times, I went back to add/remove programs and enable IE, then (keep running browser hijack blaster) using IE I went to microsoft and updated my IE5 software (microsoft has a hard time updating using anything other than IE) and then looked for Microsoft Office updates. . and found one. This update coupled with the reg changes will put a stop to the VERY annoying office XP reinstaller pop-up that is characterisitc of this virus.I know these arent really step by step instructions. . . that would be ideal but hard to provide as I spent probably 60 hours working to eradicate this. If anyone has this I can give them my phone number and talk them through the registry work, or use TS if that still works for you.by the way check out Avast as a virus scanner, it seemed the quickest way to find anything running in memory even though it still failed at fixing anything.It doesnt like to run with norton of course. . . so I keep the installer on my computer, install it when I am using it, then uninstall it after.
http://www.majorgeeks.com/vb/showthread.php?t=34941&page=1&pp=20phew. . .S!TX-EcoDragon
