Arcade File Downloads UsenetGeeks
Email
Confirm email
Articles Spyware Removal File Help Startup DB Tips Service DB News Hijack This! Analyzer

 

NCase Removal
NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Overview:
NCase is an adware application that delivers pop up ads to you as you surf and will also log every site you visit and upload it to the N-Case servers. The other part of this software that is a major threat is it updates itself and can install additional garbage if it wants to. I suggest you remove this from your system right away! This is installed through an ActiveX drive by so you probably never wanted it to be installed on your system!

brought to you by: http://www.180solutions.com/

From http://www.n-case.com/ncaseuninstall.html

  1. Download n-CASE uninstaller.
  2. Select 'Save' to save the nCASEUninstaller.exe to your hard drive.
    IMPORTANT NOTE: Do not select 'Open' when asked to download the uninstall program. Doing so will cause an error and you will be unable to uninstall n-CASE at that time.
  3. Make a note of where you save the uninstaller executable before closing ALL browser windows.
  4. Locate the nCASEUninstaller.exe you saved and double-click on it to run it.
  5. Select 'Yes', to confirm you want to uninstall.
  6. Select OK that you are connected to the internet.
  7. Select OK at the "Uninstallation Complete" message.
  8. You may receive a message titled "n-CASE Uninstall Error". If so, you can just click "OK", it is not necessary to do anything else to complete the n-CASE uninstall.

Also Known As:
n-CASE
TrojanDownloader.Win32.Dyfuca.g

Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\aknqux
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ghrxblvci
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ivdn
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\rjw
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\rym
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\twxcd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\zxlextmik
HKEY_USERS\SESSION ID STRING\software\microsoft\windows\currentversion\run\msbb

Reboot your system then:

Make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to the processes below should be deleted

End Processes (may or may not exist):
cjq.exe
delmsbb.exe
fmtahovc.exe
ggbilw.exe
ghrxblvci.exe
ivdn.exe
ncaseadsuninstaller.exe
ncaseuninstaller.exe
neuobsiz.exe
optimize.exe
msbb.exe
hbinst.exe
hbsrv.exe
s4setp.exe
qtw.exe
rym.exe
webassist.exe

Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.

Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.

ddmp.dll
efmcnfyu.dll
hbcoresrv.dll
hbhostie.dll
hbhostoe.dll
hbhostol.dll
hbtoolbar.dll
ncaseinstaller.dll
ncaselib.dll
ncmyb.dll

Folders to Remove:
%profile%\fleok
%program files%\n-case
%program files%\ncase
%program files%\rosoft\audio tools
%windows%\fleok

Clean your Registry:

You should be back to normal IF this was your only problem. I suggest you post in our HJT forum since its not likely that this is your only bug. Read this first

Views: 7063
Printer Friendly

Article Index:
Talk About it! -->
Copyright 2005 I Am Not A Geek Inc.