Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/s-redirect/virus problems, please help


  • Please log in to reply

#1
JosephC

JosephC

    New Member

  • Member
  • Pip
  • 2 posts
Hello, I was refered to this board and I am hopeful that you can help me with my problems.

I am working with Windows 98 and will be happy to supply any other details about my computer specs if necessary.

A couple of weeks ago I ran into this s-redirect bug which would take my browser settings in Internet Explorer (version 6.0) and write over my homepage preferences and continuously send me to this s-redirect site. At first I just wanted to post a hijackthis log and hope someone could fix my problem, but I think I have many more problems than what I originally suspected.

I saw the "tutorial" provided by geekstogo prior to posting an hijackthis log, and followed their suggestions to the best of my ability. Here is what I've done so far and the results.

1. I downloaded AdAware SE, downloaded all updated components, adjusted the settings as indicated in the geekstogo tutorial and ran a scan using those settings. It found 17 critical objects which I quarantined and deleted. After that I rebooted and repeated the AdAware scan, and found no critical objects. So far so good.

2. I downloaded CWShredder and ran the program. No problems found. Still so far so good.

3. I downloaded Spybot-Search and Destroy and searched but there were no new updates. I checked for problems and there was only 1, which I was able to fix. Still so far so good.

4. I downloaded AVG Anti-Virus. I scanned the computer and it found a whole pile of viruses (about 90 total). About 40 of them I was able to delete on my own. However, there are about 50 which are embedded and won't let me delete. They are as follows:
-Java/Byte Verify (about 46 of approximately 50 viruses that remain)
-Trojan Horse Startpage.17.F
-Java/Open Stream
-Trojan Horse PSW.Hooker.A
-Trojan Horse Proxy.9.AN
Now I know I have big problems.

At this point I'm not really sure what my options are. I went ahead and ran hijackthis and created a log, but is that even worth dealing with at this point? I have no idea how to deal with the embedded viruses that have been identified by AVG Anti-Virus. If anyone has any recommendations for me at this point, I would greatly appreciate it.

Thanks.
  • 0

Advertisements


#2
JosephC

JosephC

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
If the hijackthis log can help diagnosing my problems, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 7:47:02 PM, on 3/5/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\WINCJ.EXE
C:\WINDOWS\SYSTEM\WINOS32.EXE
C:\WINDOWS\ADDRE32.EXE
C:\WINDOWS\ADDYT32.EXE
C:\WINDOWS\SYSTEM\JAVAFK32.EXE
C:\WINDOWS\WINSM.EXE
C:\WINDOWS\APIKB.EXE
C:\WINDOWS\ATLAL.EXE
C:\WINDOWS\SYSTEM\MFCHA32.EXE
C:\WINDOWS\WINJT.EXE
C:\WINDOWS\SYSTEM\WINNH32.EXE
C:\WINDOWS\SYSTEM\WINJS.EXE
C:\WINDOWS\SDKSW32.EXE
C:\WINDOWS\MSVH.EXE
C:\WINDOWS\IEWL.EXE
C:\WINDOWS\SYSTEM\NTVO32.EXE
C:\WINDOWS\IEPM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TerraCom, Inc.
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\uijnwb7n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\uijnwb7n.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {B9D73454-1C5A-449E-41EE-D9FF73648196} - C:\WINDOWS\SYSTEM\SDKSF32.DLL (file missing)
O2 - BHO: Class - {6A69821F-18F4-B763-5240-1F762A039561} - C:\WINDOWS\SYSUJ32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [WINUI.EXE] C:\WINDOWS\WINUI.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ADDYT32.EXE] C:\WINDOWS\ADDYT32.EXE
O4 - HKLM\..\RunServices: [WINOS32.EXE] C:\WINDOWS\SYSTEM\WINOS32.EXE
O4 - HKLM\..\RunServices: [WINCJ.EXE] C:\WINDOWS\WINCJ.EXE
O4 - HKLM\..\RunServices: [JAVAFK32.EXE] C:\WINDOWS\SYSTEM\JAVAFK32.EXE
O4 - HKLM\..\RunServices: [ADDRE32.EXE] C:\WINDOWS\ADDRE32.EXE
O4 - HKLM\..\RunServices: [APIKB.EXE] C:\WINDOWS\APIKB.EXE
O4 - HKLM\..\RunServices: [WINSM.EXE] C:\WINDOWS\WINSM.EXE
O4 - HKLM\..\RunServices: [WINNH32.EXE] C:\WINDOWS\SYSTEM\WINNH32.EXE
O4 - HKLM\..\RunServices: [ATLAL.EXE] C:\WINDOWS\ATLAL.EXE
O4 - HKLM\..\RunServices: [WINJT.EXE] C:\WINDOWS\WINJT.EXE
O4 - HKLM\..\RunServices: [WINJS.EXE] C:\WINDOWS\SYSTEM\WINJS.EXE
O4 - HKLM\..\RunServices: [MFCHA32.EXE] C:\WINDOWS\SYSTEM\MFCHA32.EXE
O4 - HKLM\..\RunServices: [SDKSW32.EXE] C:\WINDOWS\SDKSW32.EXE
O4 - HKLM\..\RunServices: [MSVH.EXE] C:\WINDOWS\MSVH.EXE
O4 - HKLM\..\RunServices: [NTVO32.EXE] C:\WINDOWS\SYSTEM\NTVO32.EXE
O4 - HKLM\..\RunServices: [IEWL.EXE] C:\WINDOWS\IEWL.EXE
O4 - HKLM\..\RunServices: [IEPM.EXE] C:\WINDOWS\IEPM.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [PES-] C:\WINDOWS\SYSTEM32\PES-.EXE
O4 - HKCU\..\Run: [MSNTMSSY32] C:\WINDOWS\SYSTEM32\MSNTMSSY32.EXE
O4 - HKCU\..\Run: [PE64] C:\WINDOWS\SYSTEM32\PE64.EXE
O4 - HKCU\..\Run: [3264] C:\WINDOWS\SYSTEM32\3264.EXE
O4 - Startup: Windows Guardian.lnk = C:\Program Files\the HelpSpot!\Fawgrd32.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .wma: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll

Thanks again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP