Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help Please! Desktop Hijacked (I think)


  • Please log in to reply

#1
YoukaiHiei

YoukaiHiei

    New Member

  • Member
  • Pip
  • 7 posts
Hello there, I would greatly appreciate some help here. My PC is in pretty bad shape, I got the Trojan-Spy.HTML.Smitfraud.c and had followed a variety of tutorials on how to remove it, and now that I finally have (after about four days), I have this warning message on my desktop, saying:

Warning!
You're In Danger

All you do with computer is forever stored in harddisk. When you visit sites, send emails...all your action are logged. And it is impossible to remove with standard tools.
Your data is still avalible for foresics. And in some case, for your boss, your friends, your wife, your children.

Every site you or sombody or even somthing, like spyware, opend in your browser with all images, and all downloaded any maybe later removed movies or mp3 songs- ARE STILL THERE and could broke your life!

SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!

I had to type all of that, because my copy and paste does not seem to work...atleast, the ctrl+c and ctrl+v dont. And, my task bar (I think that is what its called, the menu with the start button, and minimized programs) is automaticly pulled all the way down at the start, and i cant pull it back up.

Here is my HijackThis log.


Logfile of HijackThis v1.99.1
Scan saved at 12:15:43 AM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesea...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesea...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: VM Homepage - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpEFE2.tmp (file missing)
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{33198E1C-5E73-4547-AAAC-082AF10CE22E}: NameServer = 4.2.2.4,4.2.2.5
O20 - Winlogon Notify: style2 - C:\WINDOWS\q258446686_disk.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

Edit: In my last log (Before I edited this), it said that the svchost.exe file was missing in my C:\WINDOWS\SYSTEM32 folder, so I found a backup of it and then put it in there. I can move files again now, and copy and paste is working, so I'm asuming I did good. If I dident, please correct me.

Thank you for your time.

Edited by YoukaiHiei, 20 June 2005 - 01:18 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP