PhoenixNet problem

Ok well I had to format my computer recently... and then I started getting this. My mobo is a Soyo which apparently has PhoenixNet in it. (I only know this because in the top right of my startup sequence it says "this computer is PhoenixNet enabled"). I never had this problem before and I really don't know what to do. I tried the way another website said to remove it but it didn't work.
My Norton Antivirus detects a Malicious Script at startup so nothing major has come of it yet but it is a rather big annoyance.
If anyone can help me I would greatly appreciate it.


Logfile of HijackThis v1.98.2
Scan saved at 12:54:06 PM, on 10/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Edit by chaslang: HJT log deleted

 

Sorry for not following your guidlines the first time.

I have run Ad-Aware and Spybot S&D. They are updated but since it's in my bios they didn't help at all.
I have had no problems with MSN Plus 3 but uninstalled it as you requested anyways.

My problem is that after formatting my C:\ and returning it to a backed up state there was a new icon on the desktop. While it was finishing starting up my Norton Anti-Virus detected a Malicious Script.

The icon is called "PhoenixNet" and is directed to "http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875"

After looking things up myself I found that it is a discontinued BIOS program from Phoenix Technologies.
It's not very serious because it doesn't actually install cause Norton detects and stops it before anything can happen, but it is very annoying to have to deal with it every time I start-up or restart my computer.

The page on Counter Exploitation that you sent me to only confirms what I found out.

I didn't have this problem once one previous backups or complete formats so a setting in my BIOS must have triggered it. I did recently get a new hard drive and I think that it might have something to do with it, since I had to change some BIOS settings (IDE Auto Detection and what not) so that the new drive worked.

If you need any other info please let me know so that I can post it as soon as possible.

Thanks.

 

http://forums.spywareinfo.com/lofiversion/index.php/t23856.html

I've tried following the instructions this forum had. After the normal restart it was back.

 

Correct. It did not work.

 

Not yet. But I will start right now.

 

Ok I searched and deleted all entries about "PhoenixNet" and "seqdl" (which was in the Desktop file [http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875])

I performed a normal restart and to no avail, the file returned as did the registry entry.

 

Yeah I figured it out before I read that message though. But thank you for the help you did provide.

For future reference to people trying to fix this problem.

You have to delete the files and registry entries associated with it.

HijackThis does a good job since it can recognise the registry entry faster than the search option in regedit. Although if you choose to use 'regedit' to do it just search "PhoenixNet" and delete the whole folder.

After the registry stuff delete any associated favourites and desktop icons.

Then restart and during the restart change your BIOS settings so that your pre-OS virus scan (which does nothing most of the time anyways) is off then in the same option screen there should be something that says PhoenixNet. Make sure it says "No" or "Disabled" in the field. You have to disable the Pre-OS virus scan or else it may not work. (That's what happened in my situation anyways.

So again.

1. Remove all associated files and reg entries.
2. Restart and adjust BIOS settings (no pre-os virus scan, and no "phoenixnet".

Worst product idea for phoenix tech. EVER.