need help just yesterday morning my kaspersky antivirus picked up on a "trojan-downloader.win32.conhook.aa" named basmem.dll
this thing has embedded its self into a few things including explorer thus making a delete nearly impossible (imposwsible at the moment for me)
ive tried goin under admin to delete (nothing, fail to delete)
ive tried a live knoppix cd (nothing,fail to delete)
i cannot even find "basmem.dll" using google
PLEASE HELP

Download Avenger from here:
http://swandog46.geekstogo.com/

Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:

Files to delete:
C:\WINDOWS\system32\basmem.dll

and click 'Done'

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.


Then upon reboot, please rescan with HijackThis and place a checkmark by the following entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {db1a3e29-7bae-44de-a5f8-2e3715189560} - C:\WINDOWS\system32\basmem.dll
O20 - Winlogon Notify: basmem - C:\WINDOWS\SYSTEM32\basmem.dll



Also check these entries if you, an administrator, or Spybot S&D did not set it:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Close all other windows except HijackThis and press "Fix Checked". Now close HijackThis and restart the computer again.

Rescan with HijackThis and post the new log here in your next reply.

thanks for the help
kaspersky updated and got rid of this before i could read this

and as for O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
spybot set these restrictions

You may want to check those HijackThis entries if they still exist and post a new HijackThis log, so we can be sure everything malicious is really off your computer. For all you know, Kaspersky may have missed something.

here ya go

Your HijackThis log appears clean, just that you'll have to update Java.

1. First, remove any older versions of the Sun Java Platform from the Add/Remove Programs screen as they are known to contain security vulnerabilities.
2. Reboot your system
3. Download a new version at the Java website by selecting the Windows (Offline Installation) option.
4. Verify that the current version installed properly by clicking here.

Then click Start, click All Programs, click Accessories, click System Tools, and then click System Restore. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply. When you are warned that all existing Restore Points will be deleted, click Yes to continue. All system restore points are deleted. Now you should manually create a restore point. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
Click Create a Restore Point, and then click Next. Name your restore point. (I use the date as well as a descriptive term such as "Clean system.")


Here are a number of recommendations for additional protection to help prevent any malware infections in the future. These few simple steps can stave off the vast majority of spyware problems.

You may have already taken some of these steps:
1. Watch what you download!
Do not download just anything you see on the web. Some may have spyware bundled into them.

2. Try not to use peer-to-peer programs.
P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read this article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

3. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
We recommend checking for Windows updates monthly.

4. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

5. Download and install the following free programs:
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html
Periodically check for updates.

6. Keep your antivirus software up to date. If you don't have one, I recommend the free AVG.

7. Use a firewall. If you don't have a firewall, I recommend the free version of ZoneAlarm
A tutorial on understanding and using firewalls may be found here

8. IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.


9. You might consider installing Mozilla / Firefox, which is much safer than Internet Explorer.
http://www.mozilla.org/

10. Install spyware detection and removal programs:
Ad-aware: http://www.snapfiles.com/get/adaware.html
Spybot S&D:
http://www.safer-networking.org
Use these programs to regularly scan your system for and remove many forms of spyware/malware.

11. Microsoft now offers their own anti-spyware product. Windows® Defender (Beta 2) improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC. This is a BETA for XP/2000 only.

12. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!