The damn adware wont die!

The only one I can't find info on is dart mpeg surf.exe. Please do the following in the exact order stated (it's important).

If you don't reconize it lets kill it. First open hjt and click the "open the misc tools section" button. then click the "open process manager" button. If you see it, kill it, (if it doesn't let you than open the "kill on reboot" tool and use that, also in the misc. tools section of hjt.). Also out of curiousity lets look at the host file. Back on the misc tools click the "host file manager" button and make sure that everything has an # in front of it except for 127.0.0.1 localhost.

Now run a hjt scan and delete the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gkpishmwqtlvknbpc.biz/o/...u83fKpP1vu.html
O4 - HKCU\..\Run: [The four] C:\DOCUME~1\Sebouh\APPLIC~1\4OPTIO~1\dart mpeg surf.exe

Now DONT reboot yet. Make sure your set to view all files and folders and hidden and system files (Mycomputer/Tools/FolderOptions/view tab). Then go to the dart mpeg surf.exe file and delete it. if it doesn't let you, go to hjt and in the misc tools open the "delete file on reboot" button, browse to the file and let hjt do it's thing. At this point, reboot to SAFEMODE and double check that the file is gone. If not delete while in safemode. Reboot normal and reset you IE web settings (control panel/Internet options/Programs tab/"reset web settings button and Advanced tab/restore defaults). Then open IE and see if you get MSN.
 
ok i did these and i got rid of the dart mpeg surf.exe manually so it's gone, but i am waiting to see if anything is gonna happen with the searchbar, so i'll let you posted.
 
well i don't think it will be coming back, so i guess deleting it from the safe mode too worked out fine. I think the cause that i got this in the first place is that i had the security setting low because of the activeX that was blocked very often.
thanks alot for the help!
 
You may want to install spyware blaster by javacool. It's great for all the activex spyware/hijacks as a preventative measure. :)
 
Its Called LOP

hehehe........That is the spyware i just got rid of. do you have messenger plus installed by any chance? By the way, the spyware is called LOP.
Its made by c2 media.
 
Back
Top