http://www.nkvd.us or http://www.smart-finder.biz/ Removal

Discussion in 'Spyware' started by brian, Jan 17, 2004.

  1. brian

    brian Guest

    I have to admit I have tried almost everything to remove this htlm
    webpage from my PC and it just keeps changing my webpage back to this.
    I have run across some thought problems, but this is the first to
    really have me stumped. Here are the programs I have tried so far to
    remove it:

    Ad-Aware
    CWshredder
    hijackthis

    does anyone know how to get rid of this one, I would love to get rid
    of this garbage from my PC. Thans :)
     
    brian, Jan 17, 2004
    #1
    1. Advertisements

  2. brian

    Jim Byrd Guest

    Hi Brian - Well, you kinda need to know what the parasite(s) is/are before
    you can do much about fixing them except to apply some general tools like
    AdAware and/or SpyBot S&D (see below). If they don't fix it then start
    here:

    Download HijackThis, free, here:
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip (Always download a
    new fresh copy of HijackThis [and CWShredder also] - It's UPDATED
    frequently.)

    Unzip it to any convenient folder, start it then press Scan. Click on
    SaveLog when it's finished which will create hijackthis.log. Now click the
    Config button, then Misc Tools and click on Generate StartupList.log which
    will create Startuplist.txt

    Then go to one of the following forums:

    Spyware and Hijackware Removal Support, here:
    http://www.spywareinfo.com/forums/index.php?s=8a236cdf61469fbad3bddbe810be0374&act=SF&f=11

    or Net-Integration here:
    http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

    or Tom Coyote here:
    http://tomcoyote.org/forums/index.php?act=ST&f=10&t=495&s=2c6e92805e310b519b9fa61cc7098fba

    Sign in, then copy and paste both files into a message asking for
    assistance, Someone will answer with detailed instructions for the removal
    of your parasite(s).


    For the general hijack case, the best way to start is to get Ad-Aware 6.0,
    Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
    UPDATE and run this regularly to get rid of most "spyware/hijackware" on
    your machine. If it has to fix things, be sure to re-boot and rerun
    AdAware again and repeat this cycle until you get a clean scan. The reason
    is that it may have to remove things which are currently "in use" before it
    can then clean up others.

    Another excellent program for this purpose is SpyBot Search and Destroy
    available here: http://security.kolla.de/ SpyBot Support Forum here:
    http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
    using both normally. After UPDATING and fixing things with SpyBot S&D, be
    sure to re-boot and rerun SpyBot again and repeat this cycle until you get a
    clean "no red" scan. The reason is that SpyBot sometimes has to remove
    things which are currently "in use" before it can then clean up others.


    Note that sometimes you need to make a judgement call about what these
    programs report as spyware. See here, for example:
    http://www.imilly.com/alexa.htm


    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Jan 18, 2004
    #2
    1. Advertisements

  3. brian

    brian Guest

    Thanks a lot for the detailed response, I'm sure with this additional
    info I should be able to isolate the source of this parasite :)
    Thanks again for your feedback!

    Brian
     
    brian, Jan 19, 2004
    #3
  4. On oublie les HijackThis, CoolWebShredder : ce sont en fait 2 Dll
    (mtwirl32.dll et mtwcnl32.dll) qui sont piratées et qui foutent la
    merde : voici la méthode à suivre pour se débarasser de ce fameux
    nkvd.us !!! Attention, les noms exacts de clés sont ceux de mon pc :
    il se peut qu'elles diffèrent légèrement sur les votres mais ce n'est
    pas grave, il faut quand même suivre le process dans l'ordre !!! C'est
    parti :

    Démarrer > Exécuter > Regedit, accède à la
    HKEY_USERS\S-1-5-21-1343024091-112
    3561945-839522115-500\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}

    Efface la clé "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"

    Maintenant va sur la HKEY_USERS\S-1-5-21-1343024091-112356
    1945-839522115-500_Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA
    23B61E40F} et supprime la clé "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"

    Enfin, va sur [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    Clique sur la clé "SharedTaskScheduler" pour faire apparaitre son
    contenu et efface la valeur "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"

    Redémarre ton pc, et efface mtwirl32.dll et mtwcnl32.dll
    C'est clean maintenant ? Merci qui ?
     
    Mehdi KARROUCHA, Jan 19, 2004
    #4
  5. brian

    Jim Byrd Guest

    YW Brian

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Jan 20, 2004
    #5
  6. Thank you, thank you! I've been fighting with that damned
    http://www.nkvd.us/s.htm bugger for over a week now. It looks like I
    finally got it off my computer. I was gonna reformat the hard drive
    next but it looks
    I may not have to now.


     
    Dalton Willams, Jan 21, 2004
    #6
  7. brian

    The Show Guest

    Thanks Jim. This helped me out as well big time.
     
    The Show, Jan 22, 2004
    #7
  8. brian

    siljaline Guest

    Dalton, if you've been working a week to get a hijack off your system,
    why are you posting the URL that hijacked you?

    One our the FAQ's in this NG ( I'm not picking on you :) is not to
    post "live" hijack web links - URL's - thanks.

    Regs - Lurkers - take note, thanks.
     
    siljaline, Jan 22, 2004
    #8
  9. brian

    Jim Byrd Guest

    YW, Dalton - Glad it helped you clean it up.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Jan 22, 2004
    #9
  10. brian

    Jim Byrd Guest

    YW, Show - Glad it was of help.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Jan 22, 2004
    #10
  11. Sorry my bad. I didn't give it much thought since it was the title of
    the intial post in the thread, but you make a good point. Yet I am
    glad he did post the site's name because I may not have found the
    thread or this group in the 1st place. I hope I don't get hijacked
    again but at least now I now where to go and how to post.
     
    Dalton Willams, Jan 22, 2004
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.