Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.QHost.DF


  • Please log in to reply

#1
wireflight

wireflight

    New Member

  • Member
  • Pip
  • 1 posts
My computer is a Dell notebook. Under "Start >> Settings >> Control Panel >> Administrative Tools >> Computer Management >> System Information >> System Summary" is revealed (typed as appears, with colons separating fields):

OS Name: Microsoft Windows 2000 Professional
Version: 5.00.2195 Service Pack 4 Build 2195
OS Manufacturer: Microsoft Corporation
System Name: USER1
System Manufacturer: Dell Computer Corporation
System Model: Inspiron 4000
System Type: X86-based PC
Processor: x86 Family 6 Model 8 Stepping 10 GenuineIntel ~902Mhz
BIOS Version: Phoenix ROM BIOS PLUS Version 1.10 A23
Windows Directory: C:\WINNT
Locale: United States
Time Zone: Central Daylight Time
Total Physical Memory: 392,604 KB
Available Physical Memory: 125,648 KB
Total Virtual Memory: 1,333,308 KB
Available Virtual Memory: 765,072 KB
Page File Space: 940,704 KB

I use a "3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)" modem and ADSL Internet service.

I went to http://www.geekstogo...?showtopic=2852 and, in the order that they appear within that text, diligently attempted each of the recommended procedures. I had already installed SP2 and had my computer set to update Windows automatically; I always use the "express install" feature when prompted.

I don't know if this is significant, shortly after I first noticed the problem, I also noticed that the "automatic updates" feature seemed to be deactivated. I reactivated it, and "express installed" whatever updates Microsoft sent me.

Avast! identified the original malware; it recommended the "Move to Chest" option, which I selected. A second indication occurred seconds later and, thinking perhaps the "Move to Chest" option was inadequate, I selected the "Remove" option.

Avast! indicated the malware was successfully removed; however, I continued to get different alerts that I was infected with "Win32.QHost.DF," with some sort of Adware [078], and with some sort of Adware [094]. Regrettably, I remember only the numbers associated with the latter two malware programs: thinking the solution was only a couple of clicks away, I didn't write that stuff down.

The latter two indicated-malware programs may have been identified by Yahoo! AntiSpy (from the Yahoo! toolbar). MSIE toolbars cannot now be either unlocked or selected/deselected from the "View >> Toolbars" tabs in the header, only the "Customize" function is available.

In my MSIE, "View >> Toolbars" shows only "greyed-out" links for "Standard Buttons," "Address Bar" and "Links" -- each of which is preceded by a "greyed-out" checkmark. The Yahoo! toolbar is no longer visible (which ordinarily wouldn't be a big deal for me, since I tried to keep it hidden when I was browsing, but the now it seems not to work, and that alarms me).

Avast! used to launch on startup and run as a little twirling blue ball in the "system tray" (in the same box as where the clock appears); now I have to start it manually, and it only runs from a GUI that resembles the front of an automotive radio or CD player.

I found HiJackThis before I found your site, and tried it. When I downloaded it, it was a .zip file, and the only way I had of unzipping it was to use Zipghost. It didn't give me an "extract to ..." option, so I ran it from the Zipghost window; this is how I ran it the first 3 times I used it.

I think I have all 3 logs available, in case an earlier log is needed than the one posted following these initial comments. I am not sure if the other programs generated useful logs, but if you think they will be helpful (and perhaps can help me find them), I'll try to post them.

I just ran Avast! again, and now it shows that my scanner is infected! I don't think any of my anti-malware efforts recommended at http://www.geekstogo...?showtopic=2852 were able to run to completion, with the possible exception of HiJackThis and maybe one other program -- but I've been working on this for 3 days now, and my brain seems to have turned to rubber.

I am perfectly willing to format my hard drive and reinstall my OS from scratch, but I haven't been able to figure out how to force Windows to let me do even that. I finally figured out how to extract HiJackThis into its own folder, and I renamed it to "C:\HJT" -- and ran it a fourth time to generate the following log:

Thanks for whatever help you're able to provide. Here's my latest HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:07 AM, on 8/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\WINNT\explorer.exe
C:\HTJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINNT\system32\lxcccoms.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Edited by wireflight, 05 August 2006 - 12:02 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP