help! cant get rid of the following

files i have tried to delete them from the registry and it wont let me. does anyone have a clue on how to get rid of the two files


isearch.xpi located in C:\windows\isrvs
ffisearch located in the same folder

tried several different spyware removals, HJT removes it then it comes back, spybot, spy weep, mcafee antispyware, stinger, hsa removal, ccleaner, and many more..... i am running out of options here and it is driving me crazy!!!

 

anyone familiar with this?

 

Yes, its a nasty bug!

Download and install Microsoft® Windows AntiSpyware during the install make sure you get any updates .

Please make sure ALL Browser Windows are Closed.

Now allow the Microsoft Antispyware program to run a full scan. After it completes, reboot again in normal boot mode and continue the below steps.


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

ok here is the log now what do i do?

 

Be sure you have the latest version of MSAS. You MUST have these updates for MSAS to remove this baddie!

Microsoft AntiSpyware Version: 1.0.509

Microsoft AntiSpyware Spyware Definition Version: 5711

 

i checked and i do. even though antispyware keeps removing it it keeps reinstalling itself... what a pain in the A$$!!!....

whats next?

 

Your Operating System is WAY out dated, so thats one thing thats causing your serious problems. This is a MAJOR security risk and should be resolved as soon as we get your system clean. You should make sure you have System Restore disabled as this can cause us problems.

Run these online scans and post your results if anything was found or removed.

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After running these online scans, post a fresh HJT log.

 

ok system restore is disabled and herehas found and here is a new hjt log. also housecall hs found and cleaned a malware called troj_ieser.a

 

Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following folder:

C:\WINDOWS\isrvs

NEXT:
Run CCleaner

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


NEXT:
Run a FULL SCAN with Microsoft AntiSpyware again and remove all found infections.

After you do ALL of the above,
Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

sorry for the late response-- i have been on vation and just got back... i have attached more recent hjt log can someone take a look at it and let me know what do do next ... shall i still follow the instructions listed below???

thanks for your patience
Cristine

 

Umm, yes!

You need to handle this in a timely manner or else this will be difficult to remove.

Follow Post #9 step by step!

 

ok i did everything and it seems to be gone here is my new hjt log attached for you to look at

the only thing was that i did not have....

NOW:
Navigate to and DELETE the following folder:

C:\WINDOWS\isrvs --- did not have


so where do i go from here???

 

Your log is now clean, you MUST surf in to Windows Updates and install Service Pack 2. Until you install this critical update you will continue to have Malware problems.

After that you should see this thread on How to Protect yourself from malware!

 

ok now i dont know what to do as i keep getting an error message that states that i cannot install sp2.

the product key used to install windows is invalid please contact your system administrator or retailer to obtain a valid product key.

have tried it from the web and alos i have the disc that they have sent me. any clue on how i can update my pc to sp2? could it be cause i dont have sp1 installed? this happened when i just tried to instal sp1

anoyne have a clue as to what do i do now? this OS came with the pc and i have had this pc for about 7-8 years and i dont have any of the original stuff

thanks

Cristine

 

Not good!

You will need to obtain a legitimate product key in order to install Service Pack 2. Remember without this update you will continue to have Malware/Virus problems. In the mean time make sure you follow the thread below to HELP in keeping you somewhat clean until you can get updated. Make sure you have ONE up-to-date antivirus and ONE up-to-date firewall on your computer at ALL times.

How to Protect yourself from malware!