Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All_Ru Attack!


  • Please log in to reply

#1
unconsciousmind

unconsciousmind

    New Member

  • Member
  • Pip
  • 1 posts
Hey! Is there somebody who can help me remove the all_ru from my computer. I cannot reset my homepage. I am posting the hijackthis log file here. Help ASAP.


--Start Of Log FIle--

Logfile of HijackThis v1.99.1
Scan saved at 9:19:51 AM, on 5/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\WINLOGON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\REPAIR\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rl.webtracer.cc/---/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\winlogon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download with &DAP - E:\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - E:\Programs\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm344YYNP
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\DAP\DAP.EXE
O9 - Extra button: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NOCS.DLL
O9 - Extra 'Tools' menuitem: Nocs Bar - {9F772CA3-F464-4654-9073-C18749E197E4} - C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\NOCS.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - E:\Programs\NeoTracePro\NTXtoolbar.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O19 - User stylesheet: C:\WINDOWS\inf\info.dat
O21 - SSODL: User Stylesheet - C:\WINDOWS\inf\info.dat - (no file)
O21 - SSODL: Use My Stylesheet -  - (no file)
  • 0

Advertisements


#2
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,272 posts
Hello unconsciousmind and welcome to the GTG forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Download About:Buster.zip and unzip it to its own directory. Start AboutBuster and click the Ok button. Now click the Update button and then the Check for Update button. If an update is available click the Download Update button. When the updates have been downloaded close AboutBuster (do not run it yet).

Step #2

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rl.webtracer.cc/---/?bayzm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rl.webtracer.cc/--/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rl.webtracer.cc/-/?bayzm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - HKLM\..\Run: [winlogon.exe] C:\WINDOWS\winlogon.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZCxdm344YYNP
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O19 - User stylesheet: C:\WINDOWS\inf\info.dat
O21 - SSODL: User Stylesheet - C:\WINDOWS\inf\info.dat - (no file)
O21 - SSODL: Use My Stylesheet -  - (no file)

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section select Show all files.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\winlogon.exe
C:\WINDOWS\inf\info.dat

Step #5

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Run AboutBuster and save the logs:
  • Browse to where you saved AboutBuster and run AboutBuster.exe.
  • Click "OK" at the directions Read: Important! prompt.
  • Click the Update button to check for updates and install any that are available.
  • Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
  • Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
  • Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
  • Click "Exit" and "Exit" again to exit AboutBuster.
Step #7

Reboot normally and run at least 2 of the following on-line virus scans:Trend Micro Housecall
BitDefender On-Line Virus Scan
Panda ActiveScan
eTrust Antivirus Web Scanner
Make sure that you choose "fix" or "clean".

Step #8

AdAware SE v1.06

Download, install, update, configure and run a scan with Ad-aware SE v1.06:
  • Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to be changed before your first scan.
  • Close ALL windows except Ad-Aware SE.
  • Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
  • Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
    • In the ‘General’ window make sure the following are selected in green:
      • Under Safety:
        • Automatically save log-file
      • Automatically quarantine objects prior to removal
      • Safe Mode (always request confirmation)
    • Under Definitions:
      • Prompt to update outdated definitions - set the number of days
  • Click on the ‘Scanning’ button on the left and select in green:
    • Under Driver, Folders & Files:
      • Scan Within Archives
    • Under Select drives & folders to scan:
      • choose all hard drives
    • Under Memory & Registry: all green
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
  • Click on the ‘Advanced’ button on the left and select in green:
    • Under Shell Integration:
      • Move deleted files to recycle bin
    • Under Logfile Detail Level: all green
      • include addtional object information
      • DESELECT - include negligible objects information
      • include environment information
    • Under Alternate Data Streams:
      • Don't log streams smaller than 0 bytes
      • Don't log ADS with the following names: CA_INOCULATEIT
  • Click the ‘Tweak’ button and select in green:
    • Under ‘Scanning Engine’:
      • Unload recognized processes during scanning
      • Scan registry for all users instead of current user only
    • Under ‘Cleaning Engine’:
      • Let Windows remove files in use at next reboot
    • Under Log Files:
      • Include basic Ad-aware SE settings in logfile
      • Include additional Ad-aware SE settings in logfile
      • Please do not check: Include Module list in logfile
  • Click on ‘Proceed’ to save the settings.
  • Click ‘Start’
  • Choose 'Perform Full System Scan'
  • DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
  • Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
  • If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
  • Right-click on the list and choose Select All
  • Click the Next button to finish removing the items that were found
  • When finished, REBOOT to complete the removal of what Ad-Aware SE found
Step #9

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP