Expert: Brian Benosky - 5/28/2008

Question
QUESTION: Hello, Brian.  Your answers tend to go into my permanent favorites file.  Here's my own Q.  In cleaning my computer recently w/ Spybot, I noticed multiple entries called Name of Place.casino.PT.  There were an amazing amt of them, considering I don't play any casino games at all.  London, New York, Kiwi, a long list.  I tried to find this stuff in my register & in programs lists, but couldn't. Clearly the never-helpful search function found nothing also.  I'm using xp home & ie 6.0.2900.  Can you tell me how to find these whatevertheyare, & whether I can uninstall/delete them directly?  THANKS.

ANSWER: Hi Nikki

Thanks for the kind words.  Follow the steps below to view hidden folders:

   * Click on Start –> Control Panel –> Folder Options.
   * Click on the View Tab and check the radio button “show hidden files and folders” and press OK.

If you don't already have it, please download CCleaner here:
http://www.ccleaner.com/download/builds/downloading-slim
Once you have installed CCleaner you can open the application by double-clicking the desktop icon.  Click the Run Cleaner button.

If, as you said, there are many of these entries, I suggest that you don't delete them manually.  Most likely there will be registry entries to delete.  You should instead do the following:

Download and Install SDFix from here:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Save it to your Desktop.
Double click SDFix.exe and it will extract the files.


Then run SDFix:

   * Open the extracted SDFix folder and double click RunThis.bat to start the script.
   * Type Y to begin the cleanup process.
   * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
   * Press any Key and it will restart the PC.
   * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
   * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
   


Also, please download Malwarebytes' Anti-Malware to your desktopfrom here:
http://www.besttechie.net/tools/mbam-setup.exe
Double-click mbam-setup.exe and follow the prompts to install the program.
   * At the end, be sure a checkmark is placed next to
         o Update Malwarebytes' Anti-Malware
         o and Launch Malwarebytes' Anti-Malware
   * then click Finish.
   * If an update is found, it will download and install the latest version.
   * Once the program has loaded, select Perform full scan, then click Scan.
   * When the scan is complete, click OK, then Show Results to view the results.
   * Be sure that everything is checked, and click Remove Selected.
   * When completed, a log will open in Notepad.

Finally, if you haven't already done so, Please download TrendMicro HijackThis! from the following link:
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) here, along with
the Malwarebytes' Anti-Malware log and the SDFix log.  

Note that this may be more than AllExperts can hold in a single reply.  If you desire, you can send all files to me directly at numbersix6@yahoo.com so that I can check them over.

Brian

---------- FOLLOW-UP ----------

QUESTION: Hi, Brian.  I sent results to you @ yahoo address, but delivery failed.  Will resend them here, in separate emails, tomorrow.

ANSWER: Hi Nikki

I have not received the logs.  Have you tried resending them today?

Brian

---------- FOLLOW-UP ----------

QUESTION: Brian,

I found all the reports, give or take a report, but I'm concerned with the amt of personal data on them.  

Is it possible for you to just explain how to find and delete the casino.PT invasion?

Thanks, Brian.

Nikki

Answer
Just start another question and make it private.  I would be the only one to see the info.  There is nothing in a HJT log of a personal nature, anyway.  It contains a readout of settings that may have been changed by spyware, malware or other unwanted programs.  Fixing or deleting something that is required by Windows can lead to trouble.  If you want to have a go anyway, first read the article: Understanding and Interpreting HijackThis Entries
http://www.malwarehelp.org/understanding-and-interpreting-hjt1.html

Brian