TheTechGuide Forum
General Category => Software => Topic started by: sss_cols on April 19, 2005, 11:32:13 AM
-
I cannot remove CallingHome.biz from my system. It is impervious to Spybot, AdAware, Spyware Doctor, SpySweeper, Microsoft Anti-Spy and BHO Demon. (As well as a couple others) All updates have been downloaded and failed. I am not qualified to attempt to edit the registry. Our resident IT has asked me to load the HiJackThis logfile and asks for direction before proceeding, but I keep getting error messages that the 9K results file is too large. I'll have to do another post when asked.
Thanks for any assistance you can provide. CallingHome.biz appears to be almost indestructible. Please forgive any forum protocol I may have violated. I'm a first timer on this kind of message board. Thank you.
-
No worries, how about a list of your running processes from Taskmanager, track down those processes vital, stiffle the rest. Check your startup folder (yeah its 3rd grade, but im still seeing them put there) , check in the registry under any Run RunOnce RunOnceEx folders for out of place start ups or calls to user32dll.exe or svchost.exe that use the /s switch. This is a good jumping off point. You could of course always roll back to last known good configuration if using XP with system restore enabled.
I suggest once you are clean again give mozilla a shot. Excellent browser. Though no browser can give you 100% security it has alot of the "features" ( creavices that spyware distros use to infect ) disabled by default.
-
I just read a post on designtechnica.com that relates to this post. Say's he visited www.mypctuneup.com and downloaded an uninstall program from them that got rid of callinghome.biz (ceres) from his computer. Incidently, he is convinced callinghome.biz and mypctuneup are in cahoots but the point is that the fix worked.
-
It does not work. That is, the mypctuneup software does not remove callinghome.biz and in fact, seems to add more malware.
-
Had the same problem - could not remove with spybot or scanspyware.
Used the following procedure:
Ctrl-Alt-Delete
Running tasks: kill task zdcoofd.exe
Delete following 2 files in sindows\system32: zdcoofd.exe and zdcoofdaeg05.dll
Start registry editor (run regedit)
Delete following 2 keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] zdcoofd.exe (sneaky one) and
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] zdcoofd.exe
Voila!!
Regards
ComPete
Peter B. Kristensen
-
Sorry typo:
Windows\system32 i.s.o. sindows\system32
Btw:
Symptoms on my PC:
Could not start Internet Explorer
Could not start any Office programs
Regards
ComPete
Peter B. Kristensen
-
My laptop also had the "callinghome.biz" installer on it, masquarading as "fzjlpnw". I removed the 4 (!) fzjlpnw references from my startup sequence (using "msconfig" in the "run" part of "start" menu) and the "fzjlpnw.exe" from my "Windows\system32" folder