View Single Post
Old 10th June 2004, 00:26   #62
Lothwin
Junior Member
 
Join Date: Jun 2004
Posts: 1
DJ Egg, thank you ever so much! I was plagued with this thing too and it was doing other evil things to my puter besides. Your method worked but not until I FIRST ran msconfig/start tab and unchecked this from the list. Then I could deactive it on taskmanager and it wouldn't come back. Then ran HJT and killt it off that way. Genius! This was defeating every virus scanner I have. !!! Hats off!

Quote:
Originally posted by DJ Egg
@Alien_Concept

1) Print out these instructions
Close all browser and Windows Explorer windows

2) Open the Task Manager (right click Taskbar, or Ctrl+Alt+Del)
Go to the Processes tab and end process for both instances of
winhlp32.exe

C:\WINDOWS\DOWNLO~1\winhlp32.exe

Note: both "DPF" and "DOWNLO~1" stand for:
"Downloaded Program Files"

3) Run HJT again, click "Scan"
Checkmark the following items in HJT, then click "Fix checked"

O4 - HKLM\..\Run: [winhlp32.exe] C:\WINDOWS\DOWNLO~1\winhlp32.exe

O16 - DPF: {6C31790D-1EDF-4B05-83DC-925B3A8E2318} (Reactivator Class) - http://www.mp3downloading.com/shared/flash/winhlp32.exe

4) Now go to "C:\Windows\Downloaded Program Files"
and, if it's still there,
make sure the Winhlp32 Reactivator Class file is deleted.

5) Reboot


Now run SpybotSD scan


Further steps and protection info can be found in my post above.



btw, there was one other entry in your HJT log that I wasn't sure about:

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

If you know this to be 100% safe, then fine,
otherwise have HJT fix this entry as well.
Lothwin is offline