Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Horseserver Infection -problems with OPEN32.exe


  • This topic is locked This topic is locked

#1
Esterano

Esterano

    New Member

  • Member
  • Pip
  • 2 posts
Hello from Spain...

Well I`ve read lot of posts about problems with a Horseserver Infection and I think I`m going slightly mad... ;)

I'm sure that is a Horseserver infection because sometimes when i'm surfin' the net it opens a page of "SearchEngine" and the title says "Horseserver" so... ;)
it's quite annoying

I read the posts of Mort and Don about the same problem so I tried to solve it, but now I don't know what to do. The only thing I did is to download HSFix, CleanUp! and HijackThis, so here's the last log file from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 1:17:34, on 23/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\ARCHIV~1\mcafee.com\vso\mcvsrte.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\Explorer.EXE
c:\archivos de programa\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\carpserv.exe
C:\Archivos de programa\Apoint2K\Apoint.exe
C:\ARCHIV~1\mcafee.com\vso\mcvsshld.exe
c:\archiv~1\mcafee.com\vso\mcvsescn.exe
C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\ARCHIV~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe
C:\Archivos de programa\Apoint2K\Apntex.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com/r/fz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\archivos de programa\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\archivos de programa\mcafee.com\mps\popupkiller.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FLASHGET\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Archivos de programa\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\ARCHIV~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\ARCHIV~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MPSExe] c:\ARCHIV~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Archivos de programa\Telefonica Kit ADSL USB\CnxDslTb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Archivos de programa\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Acceso directo a Rainlendar.lnk = C:\Archivos de programa\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Google Search - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Instantánea de caché de la página - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Páginas similares - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Páginas vinculadas - res://c:\archivos de programa\google\GoogleToolbar1.dll/cmbacklinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FLASHGET\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_es.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093103038217
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EE5E9B8-3D4C-4E62-B0B9-D90DB0A237FA}: NameServer = 80.58.0.33,80.58.32.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{9EE5E9B8-3D4C-4E62-B0B9-D90DB0A237FA}: NameServer = 80.58.0.33,80.58.32.97
O23 - Service: Servicio del iPod (iPodService) - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\ARCHIV~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Archivos de programa\TGTSoft\StyleXP\StyleXPService.exe

And that's all, I recognize a lot of inoffensive files, but I don't know what to do.
:tazz:

I hope you can help me.

Thank you very much.
  • 0

Advertisements


#2
njustice

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Hello and welcome to GTG!
We are sorry for the late reply,
If you’re still looking to resolve this issue, please run through the steps outlined in this Topic.

Post back a fresh HijackThis log when done.

If you have resolved this issue please let us know,
Thank you and again sorry for the late reply.
  • 0

#3
Esterano

Esterano

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello! ;)

Well, I´ve just solved the problem, thank you for your reply (I really thought that nobody would answer me ;) )...

I executed HijackThis and CleanUp, but the problem was still driving me crazy,
the next step was to execute Lavasoft AdAware 6.0 removing some archives and putting others into Quarantine... and that was the solution: after this there were no problems left. :)

The Horseserver Search Engine didn´t appear anymore. :)

Thank for all, I could read loads of posts and resolve my problem by myself. :tazz:
  • 0

#4
njustice

njustice

    Member

  • Member
  • PipPipPip
  • 521 posts
Esterano, glad your all sorted if you need help in the future please feel free to start a new topic or PM a moderator or Admin to re-open this topic.

Closing this Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP