Need help with 63.219.181.7

Hi everyone.
I'm looking for the REM.zip file to help me remove this site from a computer.
Every link I try though, no longer has a REM.zip attachment.
Can anyone here forward me or post a live link to a REM.zip file?

Thanks
rafael

 

Never mind, I find out the file I was looking for.

Can someone please take a look at this HJT log and see if there is anything else I need to address?
I think I cleaned out pretty well aside this site in the trusted zone which I hope this REM file can take care off.

 

The fact that you are running HJT from the Desktop begs the question, Do you know how to properly use the REM.Zip tool?

 

LOL

I usually run HJT from the desktop and *knock on wood* have never had a problem with that. Actually I'm to lazy to create a folder and it's a lot easier for me to delete when I'm done. Yeah I'm lazy I know....

These are the steps I was going to take in regards to the REM.zip file.

Can someone please confirm that I'm doing this correctly and not missing a step?

Download REM.zip
Unzip/install (rem.bat & zip.exe) >WIN>SYS32

Reboot to safe mode

Start>Run>Win>SYS32>rem.bat>ok

Reboot normal

Did I miss a step?

rafael

 

Looks Ok. Don't forget to rescan with HijackThis afterward - Sometimes this process flushes some things out into the open and the remnants need to be cleaned up.

If you'd like a second opinion after the fix, please save your log as a .txt file and attach it via the "manage attachments" tool when you post.

Regarding HJT - The desktop is OK, but it is that "ease of deleting" that is the problem. It is easy to inadvertantly delete the backups as well! Of course, some people don't make mistakes. . . .

Best luck
PP

 

Well, I ran the REM.zip and I think I got rid of the pesky trusted zone problem.
I say that because I thought it was taken care of last night but the darn thing
came back again today.

Ok, here is the latest HJT log.

Any thoughts?
The trusted site is no longer present.

Thanks
Rafael

 

Hi Rafael,

Your Hijack this is way out of date. It may not be showing you everything! You should update: HijackThis 1.98.2

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) --> Remnant

O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe --> Likely Part of Hosts Hijack, Definitely Malware

O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe --> Definitely Part of Hosts Hijack

O4 - HKLM\..\Run: [sp2chek.exe] sp2chek.exe --> I don't know what this is

PP

 

Cool, I'll have my folks update their HJT.
Caught those 04s but missed the 02.

The other line I had them removed was this one in safe mode:

C:\WINNT\system32\sp2chek.exe

 

Keep in mind also that the newest version of HJT (1.99) may have issues with this particular baddie - in case you run across it again! It might be a good idea to have v1.98.2 on hand as well.

Best

PP