Hello...Persistent problem...

Ok...Ive been lookin for help on another site but just been given the run-around. Looking for some help here. Originally had a problem with Heretofind hijack but now have been taken over by some "super-spider/Search" hijack. Tried to delete certain DLL files but they keep reinstalling themselves. Here's my HJT log file. Thanx for ur time.

Logfile of HijackThis v1.98.2
Scan saved at 7:43:10 PM, on 10/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\progra~1\valve\steam\steam.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Laurence\Downloads\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\M4IY3O~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - AppInit_DLLs: d8cgl6p8en1l.dll

Mosaic1 has created a bat file that should help us, download it from here.
http://www.geekstogo...=download&id=34

A few setup items first we need to do, make sure you can view all hidden files and folders, use this link for help.
http://www.xtra.co.n...1916458,00.html

Next, review this article How to take ownership of a file or folder in Windows XP

Sign Off the Internet and Stay Off Until All Steps Are Finished

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box. Double click on the batch to run it. After a reboot the super hidden nasty file will no longer be loaded and will be visible.

Restart into Safe mode and find this file:
C:\WINDOWS\System32\nameofdll.dll

Right click on the file and choose properties.
Use the security tab on .dll and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
Example:
ctl.dll>bleh.txt
bleh.txt > badfile.111

Once you have successfully deleted the file restart into Regular Windows mode.

Run CWShredder immediately. Press the 'Fix' button to clean.

Run Ad-aware
Restart.

Report back if you're successful or not.

#1
psilocybevibe

Posted 20 October 2004 - 05:43 PM

Advertisements

#2
admin

Posted 22 October 2004 - 02:29 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us