Saturday, November 6, 2010

Come rimuovere il dirottatore needupdate [del.icio.us]

Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 9382.
Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

Also you can try the tutorial, if you have got redirect to these domains:
dns404.net, needupdate.com, yoursystemupdate.com, systemwarning.com, warningmessage.com, syserrors.com, notfound404.com, updateyoursystem.com, securityerrors.com, hdnsservidce.com, downldboost.com

You should to download some programs to aide in our fix :Do Not Run Them now

1. Download smitRem.exe and save to your desktop. Double- click it to extract it to it’s own folder on the desktop.

2. Download and Install Ad-aware SE. If you have a previous version of Ad-Aware installed during, the installation of the new version, you will be prompted to uninstall the older version – be sure to uninstall the previous version.
Run Ad-Aware. Click on the world icon at the top right of the Ad-Aware window and let AdAware update the reference list for the adware and malware. Close Ad-Aware.

3. Download and Install Ewido Security Suite. When installing, under “Additional Options” uncheck :
- “Install background guard”
- “Install scan via context menu”
Launch Ewido, there should be an icon on your desktop double-click it. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.

4. Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.
It`s all programs.

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.
Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now you need to run HijackThis and click “Do a system scan only
Place a check next to the following entries (if they are still there):

R3 – URLSearchHook: (no name) – {4D25F926-B9FE-4682-BF72-8AB8210D6D75} – C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)

O2 – BHO: HomepageBHO – {1ca480cd-c0e5-4548-874e-b85b17905b3a} – C:\WINDOWS\system32\hp4BCE.tmp
(maybe another filename, hp6810.tmp, for example)

Click Fix Checked

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Your desktop and icons will disappear and then reappear again — this is normal.
Wait for the tool to complete and Disk Cleanup to finish — this may take a while; please be patient.

Run Ad-aware
Click on the Gear icon (second from the left at the top of the window) to access the preferences/settings window:
In the General window make sure the following are selected in green:

Under Safety:
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)

Under Definitions:
- Prompt to update outdated definitions – set the number of days
Click on the Scanning button on the left and select in green:

Under Driver, Folders & Files:
- Scan Within Archives

Under Select drives & folders to scan:
- Choose all hard drives

Under Memory & Registry:all green
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URLs
- Scan my Hosts file

Click on the Advanced button on the left and select in green:

Under Shell Integration:
- Move deleted files to recycle bin

Under Logfile Detail Level:all green
- include addtional object information
- DESELECT – include negligible objects information
- include environment information

Under Alternate Data Streams:
- Don’t log streams smaller than 0 bytes
- Don’t log ADS with the following names: CA_INOCULATEIT

Click the Tweak button and select in green:

Under Scanning Engine:
- Unload recognized processes during scanning
- Scan registry for all users instead of current user only

Under Cleaning Engine:
- Let Windows remove files in use at next reboot

Under Log Files:
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Please do not check: Include Module list in logfile

Click on Proceed to save the settings. Click Start. Choose Perform Full System Scan.

- DESELECT “Search for negligible risk entries”, as negligible risk entries (MRU’s) are not considered to be a threat.

Click Next and Ad-Aware will scan your hard drive(s) with the options you have selected and clean automatically. If Ad-Aware finds bad entries, you will receive a list of what it found in the window. Click on Next and check all the boxes in the window. Click next and OK to remove. Close Ad-Aware.

Run Ewido Security Suite
Click on scanner. Click on Complete System Scan and the scan will begin. NOTE:During some scans with ewido it is finding cases of false positives.
**See Below**

**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game “Risk”)

You will need to step through the process of cleaning files one-by-one.
If Ewido detects a file you KNOW to be legitimate, select none as the action.
DO NOT select “Perform action on all infections”
If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report. Click Save report. Save the report .txt file to your desktop.
Now close Ewido Security Suite.

Next go to Control Panel, Display, Desktop, Customize Desktop, Web, Uncheck Security Info (if present)
Open Windows Explorer, locate and Delete the following files in BOLD : (if present)

C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\hp4BCE.tmp or other file, get name from HijackThis log, O2 Entry
C:\WINDOWS\system32\nvctrl.exe

Restart your computer in normal mode.

Run the Panda online virus scan.

- Once you are on the Panda site click the Scan your PC button
- A new window will open…click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Finally, restart your computer.

December 20, 2005 on 8:02 am | In Browser Hijacking, Tips, Tutorials - HowTo | 5 Comments |



View the original article here

No comments:

Post a Comment