Re: "http://rl.webtracer.cc" start page, unable to remove

I'm not sure what steps you have run and what you have not run so please follow the steps below. If you have already run ALL the steps in the READ ME just let me know and skip to the steps for the HijackThis log.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Your OS is severly out of date and that is part of the reason for your problems. You have a worm. See:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CW

After we fix your current problems you MUST get your updates. I'll ge back to you in a few minutes.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to IP Stack ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, open up HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

IP Stack

Let me know if that works okay and you do not get any error messages.

 

You're welcome but it would be good if you posted a follow up HJT log. There were some other things that needed fixing.

 

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O19 - User stylesheet: (file missing)
After clicking Fix, exit HJT.

Double check to see if each was actually fixed and let me know.

My normal suggestion is for people to run all the steps in: How to Protect yourself from malware!

Sounds like you will not be able to do step 1 (which is going to leave you vulnerable) but make sure you have done the equivalent of all the other steps (for example: one of the steps mentions a firewall. Since you already have one, you can check that off as complete.)

 

You're welcome. Save your money and get a licensed copy of Win XP SP2!