Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

This is probably the biggest challenge ever!


  • Please log in to reply

#1
daniej1

daniej1

    New Member

  • Member
  • Pip
  • 1 posts
Where do I start with my problem? Ok, I installed some software which infected me. My internet runs really slow with constant egg timers meaning browsing the internet is a nightmare! A lot of text is highlighted with links to a search engine that is useless! I have 3 items in my add/remove called 'Search Assistant', 'Shopping Wizard' and 'Offer Optimizer'. These can't be deleted at all! When I try to uninstall them I am taken to a www.buckstoolbar.com website with no information on it. My AVG antivirus is picking up endless virus warnings. Ad-aware, Spybot, Spy Ferret can't delete any Spyware, when I run them again after deleting, their still there. My hijackthis log is:

Logfile of HijackThis v1.99.1
Scan saved at 18:21:34, on 20/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ntlw.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jon Daniels\My Documents\Various Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe


I am getting constant popups coming from the internet temps folder.

My virus vault log file:

;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\ieni32.dll";"20/06/2005 17:52:54";"ieni32.dll";"122 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\ntlw.exe";"20/06/2005 17:52:57";"ntlw.exe";"16.24 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\zdqax.dll";"14/06/2005 18:35:43";"zdqax.dll";"65 KB"
;"";"Trojan horse Downloader.Agent.HE";"C:\WINDOWS\apigm.dll";"20/06/2005 17:53:37";"apigm.dll";"75.1 KB"
;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\system32\mscx32.dll";"20/06/2005 17:55:48";"mscx32.dll";"122 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addcg32.dll";"20/06/2005 17:56:12";"addcg32.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HE";"C:\WINDOWS\adddi.dll";"20/06/2005 17:56:37";"adddi.dll";"75.1 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addqn.dll";"20/06/2005 17:56:50";"addqn.dll";"110.27 KB"
;"";"Trojan horse Downloader.Agent.HV";"C:\WINDOWS\addrb32.exe";"20/06/2005 17:57:04";"addrb32.exe";"11 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\addrj32.dll";"20/06/2005 17:57:06";"addrj32.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HW";"C:\WINDOWS\appej32.dll";"20/06/2005 17:58:03";"appej32.dll";"122 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\xrnyh.dll";"15/06/2005 08:02:45";"xrnyh.dll";"65 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\crce.dll";"20/06/2005 18:00:33";"crce.dll";"110 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\crcy.exe";"20/06/2005 18:00:35";"crcy.exe";"16 KB"
;"";"Trojan horse Downloader.Agent.HU";"C:\WINDOWS\crhx32.exe";"20/06/2005 18:00:37";"crhx32.exe";"16.89 KB"
;"";"Trojan horse Downloader.Agent.HO";"C:\WINDOWS\crkz.dll";"20/06/2005 18:00:38";"crkz.dll";"110 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\pcexe.dll";"14/06/2005 18:51:49";"pcexe.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\pcexe.dll";"14/06/2005 18:53:13";"pcexe.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\mhins.dll";"14/06/2005 18:55:50";"mhins.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\ihhfs.dll";"13/06/2005 19:51:48";"ihhfs.dll";"65 KB"
;"";"Trojan horse Startpage.19.AO";"C:\WINDOWS\system32\cqvwn.dll";"14/06/2005 22:13:28";"cqvwn.dll";"65 KB"


Ad-Aware list of critical objects:

Ad-Aware SE Scanning Result, 20-06-2005 18:39:06
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Name Type Category Object Comment
CoolWebSearch Regkey Malware HKEY_CLASSES_ROOT:clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\
Tracking Cookie IECache Entry Data Miner Cookie:jon daniels@doubleclick.net/ Hits:4
CoolWebSearch File Malware C:\WINDOWS\ktkfl.txt
CoolWebSearch File Malware C:\WINDOWS\system32\cyrmj.log
CoolWebSearch File Malware C:\WINDOWS\system32\hdxry.txt
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Only sex website.url Problematic URL discovered: http://www.onlysex.ws/
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Search the web.url Problematic URL discovered: http://www.lookfor.cc/
Possible Browser Hijack attempt File Misc C:\Documents and Settings\Jon Daniels\Favorites\Seven days of free [bleep].url Problematic URL discovered: http://www.7days.ws/
CoolWebSearch Regkey Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\urlsearchhooks\
CoolWebSearch RegValue Malware HKEY_LOCAL_MACHINE:software\microsoft "set"
CoolWebSearch RegValue Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\main "Use Search Asst"
CoolWebSearch RegData Malware HKEY_CURRENT_USER:software\microsoft\internet explorer\main"Use Search Asst" (no)
CoolWebSearch RegData Malware HKEY_LOCAL_MACHINE:software\microsoft\internet explorer\main"Use Search Asst" (no)
CoolWebSearch File Malware C:\WINDOWS\system32\wbem\logs\wbemess.log

Someone please help!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP