atdmt.com

[nobuffer]

I have been trying to get rid of atdmt.com with no success. I have run spybot, Xoftspy, and AdAware. They all detect it and remove it - but it returns as soon as I open internet explorer again. As explorer is opening my home page - I can see "view.atdmt.com" in the status bar at the bottom. Any help/guidance would be much appreciated as I'm at a loss as to what to do. I have run HijackThis and do have the log available. Oh - my operating system is Windows XP. THANKS!!!

[bjgarrick]

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:


Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

[nobuffer]

Thanks for the guidance. I carefully followed all of the steps in the READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal thread. However, when I start IE, I'm still getting the view.atdmt.com redirection evident in the status bar. I ran Hijack This and have attached the log. Thanks, in advance, for your help.

[bjgarrick]

The first thing I notice is that your Operating System is WAY out dated. This is a critical security risk and should be updated ASAP. After we get your system clean, I would recommend surfing in to Windows Updates and getting updated. You need to download and install Service Pack 2 and all other critical updates.

Your HJT log is clean, there is no sign of a browser hijacker. However, just to be sure do the following. After you complete the following registry merge, reboot and let me know what problems in any remain.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file iefix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Quote:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Do404Search"=hex:01,00,00,00
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"
"provider"=""
" "="+"
"&"="%26"
"+"="%2B"
"#"="%23"
"?"="%3F"
"="="%3D"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
@="http://"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"="ftp://"
"gopher"="gopher://"
"home"="http://"
"mosaic"="http://"
"www"="http://"

Double-click on the iefix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

[nobuffer]

Thanks so much for checking the log over. I did the regedit - things seem to be OK. I know I don't have SP2 loaded. My computer crashed a few weeks ago - bad to the point I couldn't access the internet, files, etc. I resorted to finding a computer repair service in the phone book - supposedly they knew what they were doing - told me it would take 24 hours to fix - it took 4 days. $316 later my computer was back - a bunch of my software was gone. They supposedly loaded SP2 - but my automatic updater told me it needed to be done. During the update, there was an error message telling me to remove the SP2 update using Add/Remove programs since it didn't update properly. Since then, I've been hesitant to update again - for fear my machine crashes. This computer expert also told me that I didn't need SpyBot, any other spyware programs, or my Norton Internet Security 2005 since he installed something better - which I cannot locate anywhere on my machine. He said that they wouldn't work together. Needless to say, he won't return my calls either.

Any advice? Would you recommend going forward with the SP2 update? Thanks.

[bjgarrick]

That is crazy man, you should go get your money back for real. That has to be the dumbest human being ever. That dumbass needs to stay clear of computers.

Service Pack 2 is a critical security update for the Windows XP Operating System. You should download and install it or else you will have problems with malware/virus infections.

Its a HUGE security risk and should be fixed ASAP. For a list of free antivirus programs, antispyware programs and more, please see the below thread.

How to Protect yourself from malware!

[nobuffer]

I agree with your assessment of the computer "tech". He seemed to have no clue when he returned my machine to me. He couldn't even tell me which folder my documents were in - that's when I got really nervous. Anyway....just to make sure....since I really don't want to screw anything up...the SP2 update is compatible with Norton Internet Security 2005? Do I need to shut anything down - i.e., disable the Norton program prior to downloading the update?

Sorry about the littany of questions, but I'm definitely no computer expert - although I'm not completely computer ignorant either.

Thanks again for all your help

[bjgarrick]

Quote:

Originally Posted by nobuffer

I agree with your assessment of the computer "tech". He seemed to have no clue when he returned my machine to me. He couldn't even tell me which folder my documents were in - that's when I got really nervous. Anyway....just to make sure....since I really don't want to screw anything up...the SP2 update is compatible with Norton Internet Security 2005? Do I need to shut anything down - i.e., disable the Norton program prior to downloading the update?

Sorry about the littany of questions, but I'm definitely no computer expert - although I'm not completely computer ignorant either.

Thanks again for all your help

Yes it is compatible. Just download and install, nothing special needs to be done.

[nobuffer]

I attempted to download SP2 - got an error message during the download about it not being able to copy a file and that the download had to be aborted - the file was o_____.dll This is the 2nd time I've gotten this error message and have no clue why - but it won't allow the SP2 download to complete properly. Not sure what to do at this point.

[bjgarrick]

If you cant download this update then order a FREE CD from Microsoft. Follow the below site and go from there. Allow it up to a week to get the disk.

http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx