Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

About Hijack...


  • Please log in to reply

#1
JourneyMan

JourneyMan

    Member

  • Member
  • PipPip
  • 86 posts
It looks like the program is infected with a W32/Generic.worm!p2p (McAfee).

I get that error messaage when I click on the link, before I start downloading. Would somebody please clarify the error before I download the program. Thanks.
  • 0

Advertisements


#2
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi JourneyMan,

Are you talking about Hijackthis?? If so, be sure to update your McAfee virus definitions. Then try downloading HijackThis:
http://www.atribune..../HijackThis.exe

Hope that helps.
  • 0

#3
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Thanks for helping.

Yes, I am talking about hijackthis. I've got the 2005 disk edition of McAfee, so I think I've got the best definitions, ALTHOUGH........

I got hit by a trojan that wipes out auto-daters and destroyed alot of ActiveX controllers. I believe it was a variant of the old Win32.SMProxy.A. Here:

http://vic.zonelabs....s.jsp?VId=38063

I got rid of it, but I'm still working on damage control. All of my ActiveX controllers were deleted and I don't know how to restore them.

For instance, at startup I get this error:



an error has occured in the script on this page

Line: 279

Char: 2

Error: ActiveX component can't create object: 'Scripting.Dictionary'

Code: 0

URL: mcp://C:\PROGRA~1\McAfee.com\Agent\RegWizUI.dll::default.htm



additionaly, my buddy list on AOL has been severly affected, with it being affected on their server (I believe). They have not been able to help me so far, so advice would be appreciated.


BTW, I think that is a dead link. I got nothing....

Thanks anyways!
  • 0

#4
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
BTW, you have to acces the link twice to use it. Wierd.
  • 0

#5
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi JourneyMan,

If you are running Windows 2000 or XP. you could try installing/reinstalling the Windows Scripting host. It won't restore your ActiveX objects but it almost sounds like the scripting host got damaged somehow.
http://www.microsoft...&displaylang=en

After rebooting, if you still get that error, you can try uninstalling McAfee, rebooting and reinstalling again. That may solve that startup error.

As for AOL's buddy list, that info is stored on their end so not sure if there's anything we can do there. :tazz:

Which link did you have problems with?? The hijackthis link?
  • 0

#6
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
OK, I got my ActiveX comtrollers to work. The last thing I have is wired. I've tried downloading several programs (spywareblaster, windows script), and I have a missing .dll everytime I try to run them, even with all of my anti-virus stuff turned off. Is there something else that could keep me from running them?
  • 0

#7
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
BTW, thx for the help. Your advice worked.
  • 0

#8
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Whats the message your getting?? And what is the missing dll? Glad the other thing worked for you. :tazz:
  • 0

#9
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Error
---------------------------------------------------------------------------------------X

\ /
/ \ Cannot find import; DLL may be missing, corrupt, or wrong version
File "MSVBVM60.DLL", error 126

|------------------------|
| OK |
|------------------------|


Thats my message.
  • 0

#10
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
And I'm getting a class not registered" error whenever I try to play a movie. This happens no matter what program I choose to open the movie file.
  • 0

Advertisements


#11
OSC

OSC

    Malware Expert

  • Retired Staff
  • 301 posts
Hi JourneyMan,

Let's try downloading that file and replacing your current file with this new one.

Go here:
http://www.dll-files...nload0UDmTGYKiP

Save the file, then unzip it and extract msvbvm60.dll to your c:\windows\system32 folder. Reboot, then see if that error goes away.

As for the error while watching movies, what kind of file is it?? .avi? .mpeg?
  • 0

#12
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
OK, I ran the scan and I got 3 error messages. The first one I recieved twice:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.



An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.





Here is the Hijack log itself:


Logfile of HijackThis v1.99.1
Scan saved at 10:10:08 AM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\COMMON~1\AOL\110519~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\COMMON~1\AOL\110519~1\EE\AOLServiceHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\CompUSA\Desktop\HijackThis.exe
C:\Documents and Settings\CompUSA\Desktop\metapad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presari...&c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1105195795\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Advisor - {8BF39E8E-B4F0-45F7-B79F-9669594B2A34} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105140831438
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...438/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
  • 0

#13
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Can I please get some help?
  • 0

#14
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
That worked, thx. As for the movie playback, I'm going to uninstall the programs that are causing trouble and re-install them and see what that does.
  • 0

#15
JourneyMan

JourneyMan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
Pretty pretty please?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP