|
Donations |
|
|
|
|
|
|
|
|
Search |
|
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
Hosted By |
|
|
|
|
|
Computer Cops is a satisfied customer of [ JaguarPC ]
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
spywaresucks
Cadet
Joined: Mar 04, 2004
Posts: 3
Location: USA
|
Posted: Thu Mar 04, 2004 12:26 am Post subject: ive been highjacked |
|
|
i need help i cant get this rid of this stupid spyware for anything, ive used just about everything known to man to get rid of it. Every week it seems to be a new manifestation. One day it maybe searchv and the next its res://mshp.dll , ive tried everything to get rid of it but im afrait that it may have steped into the realm of worm or virus and beyond just a simple take over. This isnt my computer... cause it wouldnt have happend on mine.
here is the hijack log, i cant find anything i havnt already deleted once, besides the stuff that shouldnt be deleted, ive used ad-aware, cwschredder... everything even norton I NEED HELP
Logfile of HijackThis v1.97.7
Scan saved at 11:25:20 PM, on 3/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jonathan Cox\Desktop\HighjackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Jonathan Cox\Application Data\ievh\ievh32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Jonathan Cox\Application Data\ievh\mssearch.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Jonathan Cox\Application Data\ievh\msiesh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\BestBuy\HelpExpress\Jonathan Cox\HXIUL.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.new,Install
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x...DASAct.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/...=200331010
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...7594.29125
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Aut...dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab |
|
Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 177
Location: Australia
|
Posted: Sat Mar 06, 2004 5:56 am Post subject: |
|
|
Hi
Please download CWShredder from:
http://computercops.biz/downloads-cat-14.html
Unzip, Open CWShredder and click on the Fix button to find and fix any problems.
How to stop CWS infection...read the information when you click "Next" at the end of running CWShredder.
Reboot Computer.
Close ALL browser Windows and Windows Explorer windows, only have HijackThis running.
In HiJackThis, Check the boxes beside the below entries, then click on "Fix checked" .
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\BestBuy\HelpExpress\Jonathan Cox\HXIUL.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/...=200331010
Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,
then press the "Enter" key)
Make sure you can see Hidden files and Folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Then delete the below Folder:
C:\Program Files\BestBuy .....( delete BestBuy folder)
Reboot computer, and post back a new HJT log to this thread, please.
Cheers.
So how did I get infected in the first place?
http://www.computercops.biz/postt7736.html
. |
|
Back to top |
|
|
spywaresucks
Cadet
Joined: Mar 04, 2004
Posts: 3
Location: USA
|
Posted: Sun Mar 07, 2004 1:07 am Post subject: |
|
|
thanks for the heads up ill have to wait till im at my dads next, just thought id let you know cause it may be a week |
|
Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 177
Location: Australia
|
Posted: Sun Mar 07, 2004 3:34 am Post subject: |
|
|
Not a prob,
..have a good week,
Cheers
|
|
Back to top |
|
|
spywaresucks
Cadet
Joined: Mar 04, 2004
Posts: 3
Location: USA
|
Posted: Wed Mar 17, 2004 9:13 pm Post subject: so far so good |
|
|
Well im at my dads and i did everything you said. It worked like a dream, as far as i can tell it is completely fixed! Thanks alot your awesome. Ill pass on what ive learned to others. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8 © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|