Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wallpaper Hijacked.[CLOSED]

Started by Sydy , May 07 2005 11:18 AM

  • This topic is locked This topic is locked

#1
Sydy
Posted 07 May 2005 - 11:18 AM

Sydy

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys,



My computer got infected by a virus or spyware that hijacked my wallpaper. I ran Norton anti-virus 2005, Spybouncer, Adware away and xoftspy, got rid of several things but still can't change wallpaper.



My HJT log is:

Logfile of HijackThis v1.99.1
Scan saved at 14:13:07, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softick\CardExport\CardGate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\clipmt40\CLIPMT45.exe
C:\Program Files\Star Alliance Timetable\StarUpdater.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Network ICE\BlackICE\rapapp.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
F2 - REG:system.ini: Shell=Explorer.exe sysinit32p2.exe
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <title>P2dll.com install toolbar</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <link href="style.css" rel="stylesheet" type="text/css">
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#FFFFFF" background="images/layout_55.gif" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
O1 - Hosts: <!-- ImageReady Slices (layout.psd) -->
O1 - Hosts: <table id="Table_01" width="100" height="651" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <!-- MSTableType="nolayout" -->
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="11">
O1 - Hosts: <img src="images/layout_01.gif" width="470" height="104" alt=""></td>
O1 - Hosts: <td colspan="5">
O1 - Hosts: <img src="images/layout_02.gif" width="302" height="104" alt=""></td>
O1 - Hosts: <td width="100" rowspan="8" background="images/layout_03.gif">
O1 - Hosts: <img src="images/layout_03.gif" width="8" height="294" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="104" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_04.gif" width="16" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=/><img src="images/layout_05.gif" width="81" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_06.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td colspan="2">
O1 - Hosts: <A href=index?name=about><img src="images/layout_07.gif" width="72" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_08.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=write><img src="images/layout_09.gif" width="83" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_10.gif" width="20" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=index?name=terms><img src="images/layout_11.gif" width="95" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_12.gif" width="17" height="42" alt=""></td>
O1 - Hosts: <td colspan="3">
O1 - Hosts: <A href=index?name=about><img src="images/layout_13.gif" width="120" height="42" alt="" border=0></A></td>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_14.gif" width="232" height="68" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="42" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12" rowspan="2">
O1 - Hosts: <img src="images/layout_15.gif" width="525" height="50" alt=""></td>
O1 - Hosts: <td rowspan="6">
O1 - Hosts: <img src="images/layout_16.gif" width="15" height="148" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="26" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="3">
O1 - Hosts: <img src="images/layout_17.gif" width="34" height="71" alt=""></td>
O1 - Hosts: <td rowspan="3" background="images/layout_18.gif"> <form method=post action=login>
O1 - Hosts: <div align="center">
O1 - Hosts: <input type="text" name="id" size="12"><br>
O1 - Hosts: <br>
O1 - Hosts: <input type="password" name="pass" size="14">
O1 - Hosts: </div>
O1 - Hosts: <td rowspan="2">
O1 - Hosts: <img src="images/layout_19.gif" width="64" height="37" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="24" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="4" rowspan="3">
O1 - Hosts: <img src="images/layout_20.gif" width="174" height="79" alt=""></td>
O1 - Hosts: <td colspan="8" rowspan="3">
O1 - Hosts: <img src="images/layout_21.gif" width="351" height="79" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="13" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <input type=image src="images/layout_22.gif" width="64" height="34" alt="" border=0></td></form>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="34" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_23.gif" width="232" height="51" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="32" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12">
O1 - Hosts: <img src="images/layout_24.gif" width="525" height="19" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="19" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12" valign="middle">
O1 - Hosts: <table id="Table_02" width="525" height="304" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_25.gif" width="525" height="19" alt=""></td>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Program Files\Palm\FireConverterBrowserHelperObject.dll
O2 - BHO: RepliGoIEHelperCtl Class - {91DE4477-9CDC-4806-9BCB-28A963988E94} - d:\Program Files\Cerience\RepliGo\RepliGoIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - d:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CardGate] "C:\Program Files\Softick\CardExport\CardGate.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RepliGo Assistant] "d:\Program Files\Cerience\RepliGo\RepliGoMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WatchDog] D:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [second] C:\WINDOWS\system32\second.bat
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - Startup: ClipMate 4.5.lnk = C:\Program Files\clipmt40\CLIPMT45.exe
O4 - Startup: StarUpdater.exe.lnk = ?
O4 - Startup: CMStart.exe.lnk = C:\Program Files\CH Products\Control Manager\CMStart.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm\iSiloX\iSiloXIE.dll
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\palm\iSiloX\iSiloXIE.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\rapapp.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe







I thank you guys in advance.



All the best,



Sydy
  • 0

Advertisements

#2
Guest_thatman_*
Posted 09 May 2005 - 02:32 AM

Guest_thatman_*
  • Guest
Hi Sydy

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Lets see if this will finds any hidden Trojan’s http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate tne run a full scan save the log when the scan has finnished.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www/google.com.br
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jambock.com/
F2 - REG:system.ini: Shell=Explorer.exe sysinit32p2.exe
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <meta http-equiv="Content-Language" content="en-us">
O1 - Hosts: <title>P2dll.com install toolbar</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
O1 - Hosts: <link href="style.css" rel="stylesheet" type="text/css">
O1 - Hosts: </head>
O1 - Hosts: <body bgcolor="#FFFFFF" background="images/layout_55.gif" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
O1 - Hosts: <!-- ImageReady Slices (layout.psd) -->
O1 - Hosts: <table id="Table_01" width="100" height="651" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <!-- MSTableType="nolayout" -->
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="11">
O1 - Hosts: <img src="images/layout_01.gif" width="470" height="104" alt=""></td>
O1 - Hosts: <td colspan="5">
O1 - Hosts: <img src="images/layout_02.gif" width="302" height="104" alt=""></td>
O1 - Hosts: <td width="100" rowspan="8" background="images/layout_03.gif">
O1 - Hosts: <img src="images/layout_03.gif" width="8" height="294" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="104" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_04.gif" width="16" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=/><img src="images/layout_05.gif" width="81" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_06.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td colspan="2">
O1 - Hosts: <A href=index?name=about><img src="images/layout_07.gif" width="72" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_08.gif" width="18" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=write><img src="images/layout_09.gif" width="83" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_10.gif" width="20" height="42" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <A href=index?name=terms><img src="images/layout_11.gif" width="95" height="42" alt="" border=0></A></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_12.gif" width="17" height="42" alt=""></td>
O1 - Hosts: <td colspan="3">
O1 - Hosts: <A href=index?name=about><img src="images/layout_13.gif" width="120" height="42" alt="" border=0></A></td>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_14.gif" width="232" height="68" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="42" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12" rowspan="2">
O1 - Hosts: <img src="images/layout_15.gif" width="525" height="50" alt=""></td>
O1 - Hosts: <td rowspan="6">
O1 - Hosts: <img src="images/layout_16.gif" width="15" height="148" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="26" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td rowspan="3">
O1 - Hosts: <img src="images/layout_17.gif" width="34" height="71" alt=""></td>
O1 - Hosts: <td rowspan="3" background="images/layout_18.gif"> <form method=post action=login>
O1 - Hosts: <div align="center">
O1 - Hosts: <input type="text" name="id" size="12"><br>
O1 - Hosts: <br>
O1 - Hosts: <input type="password" name="pass" size="14">
O1 - Hosts: </div>
O1 - Hosts: <td rowspan="2">
O1 - Hosts: <img src="images/layout_19.gif" width="64" height="37" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="24" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="4" rowspan="3">
O1 - Hosts: <img src="images/layout_20.gif" width="174" height="79" alt=""></td>
O1 - Hosts: <td colspan="8" rowspan="3">
O1 - Hosts: <img src="images/layout_21.gif" width="351" height="79" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="13" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <input type=image src="images/layout_22.gif" width="64" height="34" alt="" border=0></td></form>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="34" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="3" rowspan="2">
O1 - Hosts: <img src="images/layout_23.gif" width="232" height="51" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="32" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <td colspan="12">
O1 - Hosts: <img src="images/layout_24.gif" width="525" height="19" alt=""></td>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/spacer.gif" width="1" height="19" alt=""></td>
O1 - Hosts: </tr>
O1 - Hosts: <tr>
O1 - Hosts: <table id="Table_02" width="525" height="304" border="0" cellpadding="0" cellspacing="0">
O1 - Hosts: <tr>
O1 - Hosts: <td>
O1 - Hosts: <img src="images/layout_25.gif" width="525" height="19" alt=""></td>
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKLM\..\Run: [second] C:\WINDOWS\system32\second.bat
O4 - HKLM\..\RunServices: [win32 system server] c:\windows\system32\winserver.exe
O4 - HKCU\..\Run: [win32 system server] c:\windows\system32\winserver.exe
Click on Fix Checked when finished and exit HijackThis.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
sysinit32p2.exe
c:\windows\system32\winserver.exe
C:\WINDOWS\system32\second.bat
Exit Explorer.Reboot as normal.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
Guest_thatman_*
Posted 20 May 2005 - 07:58 AM

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP