Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of viruses [CLOSED]


  • This topic is locked This topic is locked

#16
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
The message you got from Killbox means that the file did not delete. Also you system is still infected. I think this next step will help.

OK. Run HiJackThis and Do a system scan then follow the directions below.

Remember to close all browsers and windows when using HJT. In your HJT log please have HJT fix the following items by placing a check/x next to its name then clicking Fix Checked:

O2 - BHO: SDWin32 Class - {7EB20A25-F0A7-4BCF-BE7F-39FE84633F67} - C:\WINDOWS\System32\izhfh.dll
O2 - BHO: SDWin32 Class - {C30CF9C1-BA52-4E13-8525-9B1B7B25EA02} - C:\WINDOWS\System32\zlgbu.dll
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int302531.exe -auto
O4 - HKLM\..\Run: [VidiaDrivers] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe
O23 - Service: MMtask Engine (MMtaskEngine) - Unknown owner - C:\WINDOWS\System32\mmtask.exe (file missing)


Useing Explorer you need to delete the following folder.

C:\Program Files\websx\

Let the system reboot.

Post back a fresh HijackThis log and we will take another look. And let me know how your system is running.
  • 0

Advertisements


#17
donnadoula

donnadoula

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Heeeeeelp! Now I cannot even access the internet from home. What do I do?

I click on the internet icon and it acts like it's going to go to the web, but my address bar (and the restof the normal stuff at the top) pops up and then at the bottom, a blank white page.
  • 0

#18
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Since the last time we worked on your system is more than 1 week old I will need you to post a fresh HJT Log In the thread. And we can continue from there.

Thanks
Tom :tazz:

Edited by TomNJ, 20 June 2005 - 04:05 PM.

  • 0

#19
donnadoula

donnadoula

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
How can I do this if I don't have internet access at the computer where the problem is?

Will it allow me to run the HJT copy log to my email, email it to myself, access my email from the library computer, and send it to you from there?

Donna
  • 0

#20
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Please print out these instructions so you can use them in the fix.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

OK. Run HiJackThis and Do a system scan then follow the directions below.

Remember to close all browsers and windows when using HJT. In your HJT log please have HJT fix the following items by placing a check/x next to its name then clicking Fix Checked:

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: SDWin32 Class - {7EB20A25-F0A7-4BCF-BE7F-39FE84633F67} - C:\WINDOWS\System32\izhfh.dll
O2 - BHO: SDWin32 Class - {C30CF9C1-BA52-4E13-8525-9B1B7B25EA02} - C:\WINDOWS\System32\zlgbu.dll
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int302531.exe -auto
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe


Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\Program Files\DNS\Catcher.dll
C:\WINDOWS\System32\izhfh.dll
C:\WINDOWS\System32\zlgbu.dll
C:\Program Files\websx\int302531.exe


Reboot Normaly and rescan with HijackThis and post a fresh log in this same topic, and [b]let me know how your system's
  • 0

#21
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP