Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware

Started by Khristopher , May 01 2005 01:20 PM

  • Please log in to reply

#1
Khristopher
Posted 01 May 2005 - 01:20 PM

Khristopher

    New Member

  • Member
  • Pip
  • 5 posts
Help, Please. Someone used my computer and claimed to "do nothing" and now I have a non stop barrage of popups. I have run AdAware many times. It catches something and cleans it out. Then on the next restart I get more popups. I belive that I have almost all of it taken care of except "imGIANT". Could someone take a look at my hijack this file and let me know what I need to do? Thanks!

Here is what programs I've used so far to clean my computer.
Spyware Doctor (found numerous problems)
Trendmicro Housecall (found 5 viruses)
AdAware (found numerous problems)



Logfile of HijackThis v1.99.1
Scan saved at 5:22:14 AM, on 5/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\PROGRAMS\HIJACKTHIS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UPDATES\IMMUFIX.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.comcast.net/~k80714/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINDOWS\IMGIANT.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [SC3300CC] C:\WINDOWS\twain_32\SiPix\SC-3300\SC3300CC.exe
O4 - HKLM\..\Run: [USBPNP] C:\WINDOWS\twain_32\SiPix\SC-3300\USBPNP.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! GoStop - http://download.game...ts/y/gst1_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
  • 0

Advertisements

#2
Metallica
Posted 01 May 2005 - 02:10 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINDOWS\IMGIANT.DLL

Then reboot.

If that doesn't stop the popups can you let us know where they are coming from or what they look like?

Regards,
  • 0

#3
Khristopher
Posted 01 May 2005 - 02:29 PM

Khristopher

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks!

I followed your directions. No more popups at this time. I did find the following files on my computer:

whCC-Giant.exe

newimurl.exe

IMGIANT.inf

imgiant (folder)

imgiant.ico

I belive these all have something to do with it so I deleted them and restarted.

I reran HJT and it is no longer there.

I am still concerned about a IMGIANT.DLL in C:\\WINDOWS. Do I need to do something about this file?

Thanks again for all your help.
  • 0

#4
Metallica
Posted 02 May 2005 - 12:44 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Hmm. HijackThis should have removed it.

Download and run:
http://www.downloads...org/KillBox.exe
Run killbox and paste this line into the box, select delete on reboot then press the red X button, when it says reboot now, let it.

C:\WINDOWS\IMGIANT.DLL

After the reboot check if it is gone and let me know.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP