[TomNJ]

The message you got from Killbox means that the file did not delete. Also you system is still infected. I think this next step will help.

OK. Run HiJackThis and Do a system scan then follow the directions below.

Remember to close all browsers and windows when using HJT. In your HJT log please have HJT fix the following items by placing a check/x next to its name then clicking Fix Checked:

O2 - BHO: SDWin32 Class - {7EB20A25-F0A7-4BCF-BE7F-39FE84633F67} - C:\WINDOWS\System32\izhfh.dll
O2 - BHO: SDWin32 Class - {C30CF9C1-BA52-4E13-8525-9B1B7B25EA02} - C:\WINDOWS\System32\zlgbu.dll
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int302531.exe -auto
O4 - HKLM\..\Run: [VidiaDrivers] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe
O23 - Service: MMtask Engine (MMtaskEngine) - Unknown owner - C:\WINDOWS\System32\mmtask.exe (file missing)

Useing Explorer you need to delete the following folder.

C:\Program Files\websx\

Let the system reboot.

Post back a fresh HijackThis log and we will take another look. And let me know how your system is running.

[Advertisements]

Heeeeeelp! Now I cannot even access the internet from home. What do I do?

I click on the internet icon and it acts like it's going to go to the web, but my address bar (and the restof the normal stuff at the top) pops up and then at the bottom, a blank white page.

[donnadoula]

Heeeeeelp! Now I cannot even access the internet from home. What do I do?

I click on the internet icon and it acts like it's going to go to the web, but my address bar (and the restof the normal stuff at the top) pops up and then at the bottom, a blank white page.

[TomNJ]

Since the last time we worked on your system is more than 1 week old I will need you to post a fresh HJT Log In the thread. And we can continue from there.

Thanks
Tom

Edited by TomNJ, 20 June 2005 - 04:05 PM.

[donnadoula]

How can I do this if I don't have internet access at the computer where the problem is?

Will it allow me to run the HJT copy log to my email, email it to myself, access my email from the library computer, and send it to you from there?

Donna

[TomNJ]

Please print out these instructions so you can use them in the fix.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

OK. Run HiJackThis and Do a system scan then follow the directions below.

Remember to close all browsers and windows when using HJT. In your HJT log please have HJT fix the following items by placing a check/x next to its name then clicking Fix Checked:

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: SDWin32 Class - {7EB20A25-F0A7-4BCF-BE7F-39FE84633F67} - C:\WINDOWS\System32\izhfh.dll
O2 - BHO: SDWin32 Class - {C30CF9C1-BA52-4E13-8525-9B1B7B25EA02} - C:\WINDOWS\System32\zlgbu.dll
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int302531.exe -auto
O23 - Service: htagyaa - Unknown owner - C:\WINDOWS\system32\htagyaa.exe

Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\Program Files\DNS\Catcher.dll
C:\WINDOWS\System32\izhfh.dll
C:\WINDOWS\System32\zlgbu.dll
C:\Program Files\websx\int302531.exe

Reboot Normaly and rescan with HijackThis and post a fresh log in this same topic, and [b]let me know how your system's

[TomNJ]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.