180 search assistant

[BLITZ~KRIEG!]

my pc is infected with the 180 s.a spyware and spybot is doing nuthin about it.. plz help

 

[anomit]

Its a hell of a task to remove it manually. First of all try using MS Antispyware and Ad-Aware if you haven't used it.

Otherwise this is the manual process:

1.Stop Running Processes:

Kill these running processes with Task Manager:

30.exe
34yf28fg.exe
c:\temp\salm.exe
gm.exe
istsvc.exe
iunkjjsc.exe
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\sais.exe
saie1101.exe
salm.delete.exe
shopinst.exe
systemroot+\adg.exe
systemroot+\avghalsb.exe
systemroot+\cjqxe.exe
systemroot+\knuzql.exe
systemroot+\qhutst.exe
systemroot+\temporary internet files\content.ie5\klyrklmh\msbb[1].exe
videoinst.exe

2. Remove Autorun Reference:

Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adg, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cjqxe, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\salm, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\shytersd, delete it and reboot the machine immediately.

3.Unregister DLLs:

Unregister these DLLs with Regsvr32, then reboot:
atpartners.dll
c:\temp\salmhook.dll
programfilesdir+\180solutions\msbbhook.dll
programfilesdir+\180solutions\ncmyb.dll
programfilesdir+\180solutions\saishook.dll
sfbho.dll
systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
systemroot+\downloaded program files\conflict.1\ncaselib.dll
systemroot+\downloaded program files\ncaselib.dll

4.Clean Registry:

Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\interface\{8dd50c56-8a07-40b9-98c4-3f169e3ae28e}
HKEY_CURRENT_USER\software\180solutions
HKEY_CURRENT_USER\software\salm
HKEY_LOCAL_MACHINE\software\180solutions
HKEY_LOCAL_MACHINE\software\iefeatures
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/conflict.1/ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\adg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\cjqxe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\salm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\shytersd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\systemroot+\downloaded program files\conflict.1\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\systemroot+\downloaded program files\ncaselib.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb\displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\msbb\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ncase
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\salm
HKEY_LOCAL_MACHINE\software\msbb\boom
HKEY_LOCAL_MACHINE\software\msbb\boom_ver
HKEY_LOCAL_MACHINE\software\msbb\did
HKEY_LOCAL_MACHINE\software\msbb\duid
HKEY_LOCAL_MACHINE\software\msbb\gma
HKEY_LOCAL_MACHINE\software\msbb\gpi
HKEY_LOCAL_MACHINE\software\msbb\gvi
HKEY_LOCAL_MACHINE\software\msbb\mt1
HKEY_LOCAL_MACHINE\software\msbb\mt2
HKEY_LOCAL_MACHINE\software\msbb\mt3
HKEY_LOCAL_MACHINE\software\msbb\partner_id
HKEY_LOCAL_MACHINE\software\msbb\product_id
HKEY_LOCAL_MACHINE\software\salm

5.Remove Files:

Remove these files (if present) with Windows Explorer:
180ax.log
180ax_gdf.dat
180ax_kyf.dat
180axau.dat
180solutions.txt
30.exe
34yf28fg.exe
atpartners.dll
c:\temp\salm.exe
c:\temp\salm.log
c:\temp\salm_kyf.dat
c:\temp\salmhook.dll
deleteatreboot.bat
dumprep.exe-1b46f901.pf
dwwin.exe-30875adc.pf
gm.exe
istsvc.exe
iunkjjsc.exe
pestpatrol.exe-0bbbd3d1.pf
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
profilepath+\recent\salm.log.lnk
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\msbbhook.dll
programfilesdir+\180solutions\ncmyb.dll
programfilesdir+\180solutions\sais.exe
programfilesdir+\180solutions\saishook.dll
saie.log
saie1101.exe
sais.log
sais_gdf.dat
sais_kyf.dat
saisau.dat
salm.delete.exe
salm.exe-1f186734.pf
salm.exe-27b5f52a.pf
salm.lnk
salmau.dat
sfbho.dll
shopinst.exe
systemroot+\adg.exe
systemroot+\avghalsb.exe
systemroot+\cjqxe.exe
systemroot+\downloaded program files\conflict.1\ncaseinstaller.dll
systemroot+\downloaded program files\conflict.1\ncaselib.dll
systemroot+\downloaded program files\ncaselib.dll
systemroot+\knuzql.exe
systemroot+\qhutst.exe
systemroot+\temporary internet files\content.ie5\klyrklmh\msbb[1].exe
videoinst.exe
working.lnk

systemroot refers to C:\Windows\
programfilesdir refers to C:\Program Files\
profilepath refers to C:\WINDOWS\system32\config\systemprofile
Phew! Isnt that huge?

DO a scan using HijackThis and post the log file here.

 

[expertno.1]

well dude update your soft to the latest and get new definitions

aslo try some other stuffs like these

*snapfiles.com/downloadfind.php?lc=1&action=s&st=spyware+remover&search=Search

 

[qarch]

I also had this problem. Spybot could not remove it fully. So I removed it manually - first using the task manager as above (checked filenames, their location on the drive to decide which running files to delete from TM), then the files, then the registry manually one by one. In the process I deleted some other files also but was able to reinstall the concerned software (my printer driver uses a TSR called sagent.exe which I thought was a part of 180 s.a.). Now the system is fine.

 

[Huzefa]

Lavasoft's ad-aware works great . Use this and let it handle the problem. Try not to play around with registry entries . It can be deadly

 

[anandk]

why remove it manually when ms anti-spy, adaware will remove it for you.

u cud also try spyware doctor and spybot or xoftspy.

 

[saROMan]

Its a hell of a task to remove it manually. First of all try using MS Antispyware and Ad-Aware if you haven't used it.

Otherwise this is the manual process:

1.Stop Running Processes:

Kill these running processes with Task Manager:

30.exe
34yf28fg.exe
c:\temp\salm.exe
gm.exe
istsvc.exe
iunkjjsc.exe
profilepath+\local settings\temp\msbb.exe
profilepath+\local settings\temporary internet files\content.ie5\8pcv4roj\internetfeatures[1].exe
profilepath+\local settings\temporary internet files\content.ie5\g1ppl2yl\msbb[1].exe
programfilesdir+\180solutions\fleok\msbb.exe
programfilesdir+\180solutions\msbb.exe
programfilesdir+\180solutions\sais.exe
........................

WOW...Detailed and Comprehensive work dude...keep it up

 

[ashisharya]

Use Lavasoft Ad-Ware to remove spywares and adwares.

 

[mediator]

Hey just dont use anti spys only also clean ur system completely!
I wud suggest using "steganos internet trace destrucer"! after scanning ur pc with anti spy softwares!