To help pinpoint the problem, please do the following:
Download the most current version of HijackThis! (as of this date v1.98.2) at subratam.org. Unzip to a PERMANENT folder, e.g. C:\HJT. This is a CRITICALLY IMPORTANT step. HijackThis creates backups of any modifications made, in case a restore is necessary. If run from a temporary folder, these backups will be lost as soon as HJT is closed. From it's permanemt folder, double-click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Click "Save Log". A Notepad window will open with the contents of the scan. Save to a convenient location. Important: Most of what HJT lists will be harmless or even essential, DO NOT FIX ANYTHING YET.
Hit Ctrl+A to Select All, Ctrl+C to copy scan contents. Hit Ctrl+V, to paste the log contents into a reply to THIS thread. Note: Starting a new thread will monly cause confusion.
Another option is to post your log at one of the anti-spyware sites, such as: Tom Coyote's, or: Spywareinfo.com.
These sites are swamped and sadly under staffed. Please be patient.
I tried Spybot and it got rid of stuff but didnt help with my problem, and the other one you said didnt help
ok SpotCheckBilly
here this is what I got after using HijackThis
Logfile of HijackThis v1.98.2 Scan saved at 11:52:48 AM, on 10/2/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Basically HJT is a diagnostic tool while CWShredder is a repair tool designed for one particular type of infection.
CWShredder only targets one hijacker (CoolWebSearch), along with a group of it's variants. On the other hand, HijackThis! provides a detail of everything that's running on a computer. A quick glance at casanovabob's scan shows several items needing investigation, as well as the fact that he has not installed sp2 for his OS. If you've never done so, check out the HJT tutorial here: http://www.spywareinfo.com/~merijn/htlogtutorial.html to see just what HJT does and what the various entries indicate. very informative.
casanovabob's problem with fonts may be an OS, not a malware issue. the HJT log should help determine which it is.
Have only had time for a quick glance at your HJT log. There are definitely some things needing attention. I still don't know if any of those things is causing your fonts problem. I'll get back to you as soon as I can.
im having a problem because this site
http://www.heretofind.com/show.php?id=15 keeps becoming my hompage and it wont let me go to sites. and i cant get rid of it
Sorry I didn't get back to you earlier. I've been out most fo the day and haven't had time to analyze your HJT log.; Hopefully I can do it tomorrow morning. My wife brought some work home with her this weekend and since her work (home or otherwise) pays the bills, she has first chance at the computer. LOL We're still a one computer family.
Meanwhile, if any of the other fine folks here has time to get to it first, I will not feel slighted if they take over.
i just found ou that www.heretofind.com is what keeps coming up. whenever i try to type in a url in the address bar it goes to www.heretofind.com and looks for the site on there, and it dosent let me go to the site.
so i cant go to site that i dont have saved in my favorites, what is going on?
2. Then post your log to one of the sites below where you can receive help analyzing your HijackThis log from trained experts. Note that the sites require registration before you will be able to post. Include your Hijackthis log in the post while explaining your problem at the same time.
The following information should be supplied in every malware support request:
***Please do not post HijackThis Logs until requested to do so.*** 1. Operating System and if there are multiple user accounts on the computer. For Eg. win xp ,win me, win 98 2. Browser and version For Eg. Internet Explorer 6,5.5,5 Netscape,Opera,Mozilla,FireFox 3. Nature of the error or problems including content of any error messages 4. List of security software installed, i.e., firewall, anti-virus, spam blockers, popup blockers, script protection, etc. For Eg.ZoneAlarm,Norton,Mcafee 5. Spybot S&D log report for latest scan included as an ATTACHMENT. 6. What steps have been taken so far to address the problems. Examples: virus scan, uninstalled such and such progam, etc.
It is required you provide the above information as a request for assistance
Hijackthis removal forum at Spywareinfo http://forums.spywareinfo.com/index.php?showforum=18 This forum is for help getting rid of spyware, browser hijackers, porn dialers, thiefware, and all other unwanted advertising parasites. If you have none of the above and just want someone to check your log for anything suspicious, post that in the PC Troubleshooting forum below please.
Forum Led by: Moderators, Global Moderator, groovicus,Grinler(DELL REGULAR),harrywaldron,Papakid,
Hijackthis removal forum at net-integration.net (Spybot Search & Destroy 1.X OFFICIAL FORUM) http://forums.net-integration.net/index.php?showforum=32 (OFFICIAL SPYBOT FORUM) Forum Led by: Global Moderator, Administrators, Technical Experts, Technical Assistant, Team Spybot S&D, Technical Guide TonyKlein,Eagle1,Galadriel,tashi,Archon_Wing,
If you have questions, right now, about SpybotS&D, malware, or how to get rid of malware if you're already infected, computer security/privacy, any computer related matter, or just have something to say , visit the online experts that is open 24 hours a day. If it is empty when you go in, just try it again later. There will usually be someone in there day and night (USA time zones). Please be sure you carefully read the rules for the chatroom.
The best of the best experts of all the spyware/virus forums hangout there.Some of the experts who are available at the chat rooms are subratam,baskar(Kill Spyware),SpyDie(lavasoftsupport),Eagle1,Galadriel,tashi,(net-integration.net)Psykel(zerosrealm).Someuser etc
There may or may not be experts in the chat rooms depending on the time you log into those chat rooms US time
Kill spyware chat room http://tech-touch.net/temp/indexold.php (when you get the security warning about the java applet and you sometimes cannot click on it .Press Alt+Y on the keyboard
You will get a security warning click yes if you get it. IF you cant log in Press F5 on your keyboard to allow the page to refresh then try and connect also click on join and in the name type #killspyware. http://www.net-integration.net/chat1.html
OR If you have an IRC client, connect to irc.dixiesys.net on port 6667 and join #privacy once you are connected. The most popular IRC client is mIRC http://www.mirc.com/get.html. mIRC only works on Windows IF you prefer to use firefox to access the chat sites install chatzilla http://www.hacksrus.com/~ginda/chatzilla/ click on install 0.9.65 on the bottom right of the page
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. http://www.javacoolsoftware.com/spywareblaster.html - SpywareBlaster
---Grinler wrote---- Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly Operating without a firewall today is not a very wise decision. Not only does a firewall protect against "hacker" attacks but protects against most malware infections by alerting users to unusual computer or application activity. http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown
Open Control Panel then Add/Remove Programs. Look for the following and uninstall them if found:
My Web Search
My Way Speed Bar
My Search
My Search Bar
Search Assistant - My Way
Please download this tool to fix the start.chm hijack:
Startchmfix.exe
Download it. Run it and extract the folder to the desktop preferably. Open the folder after extracted.
Please make sure all Internet Explorers are closed, and double click the fix.bat
Only run it once or you will lose the backups although they shouldn't be needed.
Notepad will open at the end with a message and the bad file listing at the end. Please post that bad file listing line here. If no files show in the bad file listing then do a Reboot and do a search for any of these files and DELETE them:
You have HijackThis running from a temporary folder. Any backup files HJT creates during the repair process will not be secure if left in a temporary folder.
Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. If required a tutorial is here:
Hijackthis Folder Tutorial
Thanks ddeerrff for jumping in. My wife's been on the machine most all day so I haven't had time to do much of anything online. Thankfully, these work-at-home weekends don't happen very often
scoobydooby
2 Intern
•
495 Posts
0
October 2nd, 2004 04:00
Run a program called CWShredder.
Can also try Spybot S&D.
Both are free programs, and you can download both here:
http://www.spywareinfo.com/downloads.php?cat=sp#det
SpotCheckBilly
932 Posts
0
October 2nd, 2004 06:00
Hey casanovabob
To help pinpoint the problem, please do the following:
Download the most current version of HijackThis! (as of this date v1.98.2) at subratam.org. Unzip to a PERMANENT folder, e.g. C:\HJT. This is a CRITICALLY IMPORTANT step. HijackThis creates backups of any modifications made, in case a restore is necessary. If run from a temporary folder, these backups will be lost as soon as HJT is closed. From it's permanemt folder, double-click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Click "Save Log". A Notepad window will open with the contents of the scan. Save to a convenient location. Important: Most of what HJT lists will be harmless or even essential, DO NOT FIX ANYTHING YET.
Hit Ctrl+A to Select All, Ctrl+C to copy scan contents. Hit Ctrl+V, to paste the log contents into a reply to THIS thread. Note: Starting a new thread will monly cause confusion.
Another option is to post your log at one of the anti-spyware sites, such as: Tom Coyote's, or: Spywareinfo.com.
These sites are swamped and sadly under staffed. Please be patient.
George
scoobydooby
2 Intern
•
495 Posts
0
October 2nd, 2004 07:00
casanovabob
4 Posts
0
October 2nd, 2004 15:00
I tried Spybot and it got rid of stuff but didnt help with my problem, and the other one you said didnt help
ok SpotCheckBilly
here this is what I got after using HijackThis
Logfile of HijackThis v1.98.2
Scan saved at 11:52:48 AM, on 10/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\vfigukrn.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Bobby DeYoung\Application Data\ttuh.exe
C:\WINDOWS\System32\t?skmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bobby DeYoung\Local Settings\Temp\Temporary Directory 1 for
hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
mk:@MSITStore:C:\spe\start.chm::/start.html#
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.heretofind.com/show.php?id=15&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
mk:@MSITStore:C:\spe\start.chm::/start.html#
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {1EAD6653-9E64-2DC2-D657-645508807F4E} - C:\WINDOWS\System32\piczfjrz.dll
O2 - BHO: (no name) - {4BAB625D-C168-7D93-8353-645508D8724E} - C:\WINDOWS\System32\watmdnrc.dll
(file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} -
C:\WINDOWS\System32\mscb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\2.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [eakausujzqhyl] C:\WINDOWS\System32\vfigukrn.exe
O4 - HKLM\..\Run: [tXsh] c:\documents and settings\bobby deyoung\local settings\temp\tXsh.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Bobby DeYoung\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Aaryi] C:\WINDOWS\System32\t?skmgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Corel Network monitor worker - {5303D00A-FA33-40C5-8FB3-7FAB9513AEAE} - (no
file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker -
{5303D00A-FA33-40C5-8FB3-7FAB9513AEAE} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Corel Network monitor worker - {5303D00A-FA33-40C5-8FB3-7FAB9513AEAE} - (no
file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker -
{5303D00A-FA33-40C5-8FB3-7FAB9513AEAE} - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program
Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=15&q=
O13 - WWW Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Home Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=15&q=
O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=15&q=
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} -
http://www.upp2ono41xi9rman2.com/ff/inst.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) -
http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) -
http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
SpotCheckBilly
932 Posts
0
October 2nd, 2004 18:00
Hey scoobydooby,
Basically HJT is a diagnostic tool while CWShredder is a repair tool designed for one particular type of infection.
CWShredder only targets one hijacker (CoolWebSearch), along with a group of it's variants. On the other hand, HijackThis! provides a detail of everything that's running on a computer. A quick glance at casanovabob's scan shows several items needing investigation, as well as the fact that he has not installed sp2 for his OS. If you've never done so, check out the HJT tutorial here: http://www.spywareinfo.com/~merijn/htlogtutorial.html to see just what HJT does and what the various entries indicate. very informative.
casanovabob's problem with fonts may be an OS, not a malware issue. the HJT log should help determine which it is.
George
SpotCheckBilly
932 Posts
0
October 2nd, 2004 18:00
Hey casanovabob,
Have only had time for a quick glance at your HJT log. There are definitely some things needing attention. I still don't know if any of those things is causing your fonts problem. I'll get back to you as soon as I can.
George
casanovabob
4 Posts
0
October 2nd, 2004 19:00
SpotCheckBilly
932 Posts
0
October 3rd, 2004 06:00
Hey casanovabob,
Sorry I didn't get back to you earlier. I've been out most fo the day and haven't had time to analyze your HJT log.; Hopefully I can do it tomorrow morning. My wife brought some work home with her this weekend and since her work (home or otherwise) pays the bills, she has first chance at the computer. LOL We're still a one computer family.
Meanwhile, if any of the other fine folks here has time to get to it first, I will not feel slighted if they take over.
George
casanovabob
4 Posts
0
October 3rd, 2004 16:00
i just found ou that www.heretofind.com is what keeps coming up. whenever i try to type in a url in the address bar it goes to www.heretofind.com and looks for the site on there, and it dosent let me go to the site.
so i cant go to site that i dont have saved in my favorites, what is going on?
jamez kann
860 Posts
0
October 4th, 2004 00:00
The Department of Homeland Security says switching browsers is one way to deal with security
threats. Is this really the right move? Don't bet on i
Is It Time to Ditch IE?
Feds say switching browsers is one way to deal with security threats
http://msn.pcworld.com/news/article/0,aid,117550,00.asp
Time to Dump Internet Explorer
http://www.securityfocus.com/columnists/249
If the above fixes fail you would need to run hijackthis
1. download hijackthis from anyone of the places below
http://www.subratam.org/?page=removal
http://radiosplace.com/
http://tomcoyote.com/hjt/#copyandpastea
www.aluriasoftware.com/tools/hijackthis.zip
2. Then post your log to one of the sites below where you can receive help analyzing your HijackThis log from trained experts. Note that the sites require registration before you will be able to post.
Include your Hijackthis log in the post while explaining your problem at the same time.
The following information should be supplied in every malware support request:
***Please do not post HijackThis Logs until requested to do so.***
1. Operating System and if there are multiple user accounts on the computer. For Eg. win xp ,win me, win 98
2. Browser and version For Eg. Internet Explorer 6,5.5,5 Netscape,Opera,Mozilla,FireFox
3. Nature of the error or problems including content of any error messages
4. List of security software installed, i.e., firewall, anti-virus, spam blockers, popup blockers, script protection, etc. For Eg.ZoneAlarm,Norton,Mcafee
5. Spybot S&D log report for latest scan included as an ATTACHMENT.
6. What steps have been taken so far to address the problems. Examples: virus scan, uninstalled such and such progam, etc.
It is required you provide the above information as a request for assistance
Spywareinfo
If you have not yet registered, please do so now: http://www.spywareinfo.com/rd/reg
Hijacked Users" - Start here, Seriously - READ THIS POST FIRST
http://forums.spywareinfo.com/index.php?showtopic=23382
Hijackthis removal forum at Spywareinfo
http://forums.spywareinfo.com/index.php?showforum=18
This forum is for help getting rid of spyware, browser hijackers, porn dialers, thiefware, and all other unwanted advertising parasites.
If you have none of the above and just want someone to check your log for anything suspicious, post that in the PC Troubleshooting forum below please.
PC Troubleshooting
http://forums.spywareinfo.com/index.php?showforum=28
The various helper groups here, Who is helping you? By cnm Mother Lion of SWI with info on how to join the boot camp if you want to become a hijackthis expert yourself
http://forums.spywareinfo.com/index.php?showtopic=9270
http://www.spywareinfo.com/~merijn/forums.html
Hijackthis removal forum at Kill Spyware Forums
http://forums.subratam.org/index.php?showforum=7
tools needed to get help http://forums.subratam.org/index.php?showtopic=7
Forum Led by: Forum Moderators,subratam,baskar1234(DELL REGULAR),efwis,Metallica,psyne, SpyDie, normmork, Admin,chrisRLG(DELL REGULAR)
Special fixes - Canned messages
http://forums.subratam.org/index.php?showforum=29
Hijackthis removal forum at Bleeping Computers
http://www.bleepingcomputer.com/forums/forum22.html
Our Tutorials
http://www.bleepingcomputer.com/forums/forum6.html
How to submit a Hijackthis Log
http://www.bleepingcomputer.com/forums/topict956.html
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/tutorial42.html
Forum Led by: Moderators, Global Moderator, groovicus,Grinler(DELL REGULAR),harrywaldron,Papakid,
Hijackthis removal forum at net-integration.net (Spybot Search & Destroy 1.X OFFICIAL FORUM)
http://forums.net-integration.net/index.php?showforum=32 (OFFICIAL SPYBOT FORUM)
Forum Led by: Global Moderator, Administrators, Technical Experts, Technical Assistant, Team Spybot S&D, Technical Guide
TonyKlein,Eagle1,Galadriel,tashi,Archon_Wing,
Malware Removal Procedures
http://www.net-integration.net/tools/procedure.html
http://forums.net-integration.net/index.php?showforum=28
If you are in desperate need for help, try the Net-Integration Chat room: http://www.net-integration.net/chat.html
Hijackthis removal forum at lavasoftsupport (OFFICIAL ADAWARE SUPPORT FORUM)
http://www.lavasoftsupport.com/index.php?showforum=44
Forum Led by: SpyDie, Lavasoft Admins, Moderators
Newbies
http://www.lavasoftsupport.com/index.php?showforum=34
Hijackthis removal forum at gladiator-antivirus
http://forum.gladiator-antivirus.com/index.php?showforum=170
Forum Led by: CalamityJane, LoPhatPhuud, FatsGordon,Hunter,TheSentinel,
Guidelines for Posting in This Forum, READ THIS FIRST PLEASE
http://forum.gladiator-antivirus.com/index.php?showtopic=10517
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index.php?showtopic=9857
ONLINE CHAT HELP
If you have questions, right now, about SpybotS&D, malware, or how to get rid of malware if you're already infected, computer security/privacy, any computer related matter, or just have something to say , visit the online experts that is open 24 hours a day. If it is empty when you go in, just try it again later. There will usually be someone in there day and night (USA time zones). Please be sure you carefully read the rules for the chatroom.
The best of the best experts of all the spyware/virus forums hangout there.Some of the experts who are available at the chat rooms are subratam,baskar(Kill Spyware),SpyDie(lavasoftsupport),Eagle1,Galadriel,tashi,(net-integration.net)Psykel(zerosrealm).Someuser etc
There may or may not be experts in the chat rooms depending on the time you log into those chat rooms US time
Kill spyware chat room
http://tech-touch.net/temp/indexold.php (when you get the security warning about the java applet and you sometimes cannot click on it .Press Alt+Y on the keyboard
Subratam antispyware chat room
http://chat.subratam.org/applet/
http://chat.skads.org/applet/
Spyware info (Most popular and populated)
http://www1.spywareinfo.com/chat/#chat
http://www1.spywareinfo.com/chat/applet.php
You will get a security warning click yes if you get it. IF you cant log in Press F5 on your keyboard to allow the page to refresh then try and connect also click on join and in the name type #killspyware.
http://www.net-integration.net/chat1.html
Bleeping computers
http://www.bleepingcomputer.com/chat.php#startchat
OR If you have an IRC client, connect to irc.dixiesys.net on port 6667 and join #privacy once you are connected.
The most popular IRC client is mIRC http://www.mirc.com/get.html. mIRC only works on Windows
IF you prefer to use firefox to access the chat sites install chatzilla
http://www.hacksrus.com/~ginda/chatzilla/ click on install 0.9.65 on the bottom right of the page
Other Online Tools Resources needed by theses sites to help you out
You can find almost everything here :) http://forums.subratam.org/index.php?showtopic=43
http://www.bleepingcomputer.com/forums/topict405.html
http://computercops.biz/downloads-cat-14.html
http://encyclopedia.thefreedictionary.com/Online%20Tools%20Resources
http://www.geekstogo.com/forum/index.php?showtopic=38
http://www.windowsbbs.com/showthread.php?t=31695
http://aumha.org/secure.htm
http://www1.spywareinfo.com/downloads.php
http://aumha.org/freeware/morefree.htm
HijackThis Logs - How to read and research
http://homepage.ntlworld.com/dvk01uk/hjttut.htm
http://www.geekstogo.com/forum/index.php?showtopic=61
http://www.richardthelionhearted.com/~merijn/htlogtutorial.html
http://www.security-forums.com/forum/viewtopic.php?t=13810
After your system is Clean of spyware
http://windowsupdate.microsoft.com/ - Windows Update (IMPORTANT!)
http://www.microsoft.com/windowsxp/downloads/updates/sp2/cdorder/en_us/default.mspx- XP SP2 on CD (FREE!)
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
http://www.javacoolsoftware.com/spywareblaster.html - SpywareBlaster
---Grinler wrote----
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly Operating without a firewall today is not a very wise decision. Not only does a firewall protect against "hacker" attacks but protects against most malware infections by alerting users to unusual computer or application activity.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown
Why you should use a computer firewall
http://www.microsoft.com/athome/security/viruses/fwbenefits.mspx
So how did I get infected in the first place?
With steps so it does not happen again!
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://www.bleepingcomputer.com/forums/topict2520.html
http://computercops.biz/postt7736.html
http://www.karlsforums.com/forums/viewthread.php?tid=19066
Dave Lyle
2 Intern
•
2K Posts
0
October 4th, 2004 02:00
Open Control Panel then Add/Remove Programs. Look for the following and uninstall them if found:
My Web Search
My Way Speed Bar
My Search
My Search Bar
Search Assistant - My Way
Please download this tool to fix the start.chm hijack: Startchmfix.exe
Download it. Run it and extract the folder to the desktop preferably. Open the folder after extracted.
Please make sure all Internet Explorers are closed, and double click the fix.bat
Only run it once or you will lose the backups although they shouldn't be needed.
Notepad will open at the end with a message and the bad file listing at the end. Please post that bad file listing line here. If no files show in the bad file listing then do a Reboot and do a search for any of these files and DELETE them:
C:\Windows\System32\\ C_10230.DLL
C:\WINDOWS\System32\ CRTV2_32.DLL
C:\WINDOWS\ CRTV2_32.DLL
C:\WINDOWS\System32\ CRT32_V2.DLL
C:\WINDOWS\ CRT32_V2.DLL
You have HijackThis running from a temporary folder. Any backup files HJT creates during the repair process will not be secure if left in a temporary folder.
Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Unzip HijackThis into this folder. If required a tutorial is here: Hijackthis Folder Tutorial
Reboot and post a new HJT log.
SpotCheckBilly
932 Posts
0
October 4th, 2004 06:00
Thanks ddeerrff for jumping in. My wife's been on the machine most all day so I haven't had time to do much of anything online. Thankfully, these work-at-home weekends don't happen very often
Pretty sound advice all around I'd say.
George