Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help identify hijacker [CLOSED]


  • This topic is locked This topic is locked

#1
megalick

megalick

    New Member

  • Member
  • Pip
  • 6 posts
Hi, i apologize if this is the wrong forum but can someone help identify this trojan? Ive tried smitfraudfix(safe mode), fixiedef, ccleaner, combofix and cant get rid of it. I figured if I could identify it, it would be easier to get rid of. here are the pop ups I keep getting along with a window telling me to purchase a specific spyware remover.

Edited by megalick, 13 February 2008 - 04:57 PM.

  • 0

Advertisements


#2
megalick

megalick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
heres another

Edited by megalick, 13 February 2008 - 04:58 PM.

  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please don't attach the reports

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#4
megalick

megalick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Deckard's System Scanner v20071014.68
Run by Gene on 2008-02-13 04:10:52
Computer is in Normal Mode.

Edited by megalick, 14 February 2008 - 07:42 PM.

  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#6
megalick

megalick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ive run hijackthis twice, why do I have to reboot to be able to access the internet afterwards?

Edited by megalick, 14 February 2008 - 07:42 PM.

  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It is a consequence of removing so much malware

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\pbar.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\764.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\rxjddnvj.exe

Folder::
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\p2pnetworks
C:\Program Files\Accoona
C:\Program Files\akl
C:\Program Files\3721

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#8
megalick

megalick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Im not sure if you wanted me to post this. it looks like the previous log.

Edited by megalick, 14 February 2008 - 07:43 PM.

  • 0

#9
megalick

megalick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I downloaded and ran malwarebytes which seems to have cleared it up. did the other programs help or is it just finding the compatible software for a certain malware?
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ComboFix was the program that removed it. You posted the wrong ComboFix log, it should be ComboFix(1).txt

If you can't find it then do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP