|
Donations |
|
|
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
View previous topic :: View next topic |
Author |
Message |
meee
Cadet
Joined: May 31, 2004
Posts: 2
Location: USA
|
Posted: Mon May 31, 2004 10:22 pm Post subject: Your-Searcher |
|
|
Been reading several threads about this and none of them had a answer to my prob i know i need to check thease:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
but what more do i need to remove? this is my log:
Logfile of HijackThis v1.97.7
Scan saved at 02:10:16, on 2004-06-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\docume~1\spinal\lokala~1\temp\TJs.exe
C:\docume~1\spinal\lokala~1\temp\dhcjum.exe
C:\docume~1\spinal\lokala~1\temp\bxBc.exe
C:\docume~1\spinal\lokala~1\temp\QD4P.exe
C:\windows\cvchost.exe
c:\apache\APACHE.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\System32\wuauclt.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TJs.exe] C:\docume~1\spinal\lokala~1\temp\TJs.exe
O4 - HKLM\..\Run: [dhcjum.exe] C:\docume~1\spinal\lokala~1\temp\dhcjum.exe
O4 - HKLM\..\Run: [bxBc.exe] C:\docume~1\spinal\lokala~1\temp\bxBc.exe
O4 - HKLM\..\Run: [QD4P.exe] C:\docume~1\spinal\lokala~1\temp\QD4P.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtstr.exe
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/158cc0a...ip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8002.2627430556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1105
Location: USA
|
Posted: Tue Jun 01, 2004 3:58 am Post subject: |
|
|
You have several viruses running from your temp folder..
These ones are optional to remove, but removal will speed up your pc and its performance. You can still access them manually by clicking on the icon. They usually arn't malware, just a resource hogs. I recommend you fix them, your decision.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
O4 - HKLM\..\Run: [TJs.exe] C:\docume~1\spinal\lokala~1\temp\TJs.exe
O4 - HKLM\..\Run: [dhcjum.exe] C:\docume~1\spinal\lokala~1\temp\dhcjum.exe
O4 - HKLM\..\Run: [bxBc.exe] C:\docume~1\spinal\lokala~1\temp\bxBc.exe
O4 - HKLM\..\Run: [QD4P.exe] C:\docume~1\spinal\lokala~1\temp\QD4P.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WAPI] C:\WINDOWS\System32\wtstr.exe
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/158cc0a...ip/RdxIE601.cab
Go to START>.ALL PROGRAMS..ACCESSORIES>>SYSTEM TOOLS>> DISK CLEAN UP>> and clean everything...
Go to start >Run and paste this in:
%Userprofile%\Local Settings\Temp folder
It will open your temp folder.
Go to the toolbar>Edit>Select All
Then go back to File>Delete
Reboot and delete the following files or folders:
C:\WINDOWS\System32\wtstr.exe
c:\windows\cvchost.exe
Then get an online virus scan here: http://housecall.trendmicro.com/ Please select the Autoclean option when prompted.
or here: http://www.pandasoftware.com/activescan/
FLUSH RESTORE POINTS
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn off System restore on all Drives.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
then reboot and post a new log and we will take it from there.
_________________
Forum Moderator at:
http://killspyware.go.dyndns.org/
Helper At:
http://www.spywareinfo.com/
1st Rwsponder At:
http://www.computercops.biz/ |
|
Back to top |
|
|
meee
Cadet
Joined: May 31, 2004
Posts: 2
Location: USA
|
Posted: Tue Jun 01, 2004 8:19 am Post subject: |
|
|
Thx for taking you're time helping me irelynnmisses
I did all those things, but there wassn't any file named wtstr.exe ion my system32 folder here is my new log tho:
Logfile of HijackThis v1.97.7
Scan saved at 14:18:49, on 2004-06-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\apache\APACHE.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\System32\wuauclt.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spinal.tk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77...scan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab |
|
Back to top |
|
|
irelynnmisses
1st Responder
Joined: Jan 27, 2004
Posts: 1105
Location: USA
|
Posted: Wed Jun 02, 2004 10:38 pm Post subject: |
|
|
ok, you still have a virus.. Please do this..
Please Download CWShredder from [URL=http://www.spywareinfo.com/~merijn/files/CWShredder.exe ]http://www.spywareinfo.com/~merijn/files/CWShredder.exe [/URL] and run the Program. Press the "Fix Button" Let it fix all variants. Next, Close the program and Post a Fresh HijackThis log.
Run hijackthis again.. and in the boxes to the left of the entry, please place a check marck next to these.. and then click on FIX SELECTED ITEMS...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O4 - HKCU\..\Run: [cvchost] c:\windows\cvchost.exe
Then reboot and search for then delete this file or folder: c:\windows\cvchost.exe
You can't possibly expect to resolve any future exploits without proper updates.
I would go to windowsupdates and install ALL critical updates. They are very important to have since they are vital to the health of your system. That will fix innumerable bugs, update a large number of important system files, and plug many security holes. It can also prevent future catastrophes! People have no idea how many predators there are out there. It's a shame really.
http://v4.windowsupdate.microsoft.com/en/default.asp
then reboot and post a fresh log.
_________________
Forum Moderator at:
http://killspyware.go.dyndns.org/
Helper At:
http://www.spywareinfo.com/
1st Rwsponder At:
http://www.computercops.biz/ |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|