Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Hello...Persistent problem...

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Ok...Ive been lookin for help on another site but just been given the run-around. Looking for some help here. Originally had a problem with Heretofind hijack but now have been taken over by some "super-spider/Search" hijack. Tried to delete certain DLL files but they keep reinstalling themselves. Here's my HJT log file. Thanx for ur time.

Logfile of HijackThis v1.98.2
Scan saved at 7:43:10 PM, on 10/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Webroot\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\M4IY3O~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O20 - AppInit_DLLs: d8cgl6p8en1l.dll
  • 0




    Founder Geek

  • Administrator
  • 24,490 posts
Mosaic1 has created a bat file that should help us, download it from here.

A few setup items first we need to do, make sure you can view all hidden files and folders, use this link for help.

Next, review this article How to take ownership of a file or folder in Windows XP

Sign Off the Internet and Stay Off Until All Steps Are Finished

Extract the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box. Double click on the batch to run it. After a reboot the super hidden nasty file will no longer be loaded and will be visible.

Restart into Safe mode and find this file:

Right click on the file and choose properties.
Use the security tab on .dll and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
bleh.txt > badfile.111

Once you have successfully deleted the file restart into Regular Windows mode.

Run CWShredder immediately. Press the 'Fix' button to clean.

Run Ad-aware

Report back if you're successful or not.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP