Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Illegal shortcuts and randomly exe files

Started by perco754 , Oct 25 2004 08:23 AM

  • Please log in to reply

#1
perco754
Posted 25 October 2004 - 08:23 AM

perco754

    New Member

  • Member
  • Pip
  • 6 posts
Hi,

I've had some problem with illegal shortcuts on my desktop as internet shortcuts to different gambling zones etc. Each time I run 'procexp.exe' to manually remove some handles linked to the process ('iexplore.exe') and then kill the process itself. There are always 2 'iexplore.exe' that runs by the way. After this I can delete a folder that's been added without my permission called 'dvd 64 book lies dumb' that includes a system file and a .exe file with a random name. The folder places itself in c:\documents and settings\all users\applicatopn data\. I also delete a folder with a different name in c:\documents and settings\per\application data\ including a exe file that gets the same name each time this happens 'multi~noun.exe'. Finally I reboot.
Still, once in a while (sometimes several times a day) this problem comes back.
I'm desperate in getting help on how to get rid of this hijack once and for all.

I also add my latest hijack this log below. The log was generated AFTER doing the things described above.

All the best,
Per

Logfile of HijackThis v1.97.7
Scan saved at 16:03:05, on 2004-10-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Norton Internet Security\IAMAPP.EXE
C:\Program\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Palm\HOTSYNC.EXE
C:\Program\SpywareGuard\sgmain.exe
C:\Program\SpywareGuard\sgbhp.exe
C:\Program\Norton Internet Security\SymProxySvc.exe
C:\Program\Norton Internet Security\NISSERV.EXE
C:\Program\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Per\Skrivbord\hijackthis\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\System32\BLSTAPP.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://www.aftonbladet.se
O15 - Trusted Zone: http://www.ams.se
O15 - Trusted Zone: www.analog.com
O15 - Trusted Zone: http://www.comviq.se
O15 - Trusted Zone: www.expressen.se
O15 - Trusted Zone: http://www.miniclip.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.softube.se
O15 - Trusted Zone: www.svenskfotboll.se
O15 - Trusted Zone: www.telia.com
O15 - Trusted Zone: *.www.nt.se
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f46b8ac2d5414a6
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.micro...b?1098637600328
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
  • 0

Advertisements

#2
-=jonnyrotten=-
Posted 26 October 2004 - 01:24 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Please download the latest version of Hijack This from the "Hijack This Guide" link in my signature and post new log.

<_< -=jonnyrotten=-
  • 0

#3
perco754
Posted 26 October 2004 - 12:40 PM

perco754

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Please download the latest version of Hijack This from the "Hijack This Guide" link in my signature and post new log. 

<_< -=jonnyrotten=-

View Post



Ok, here it is with the spyware running.

Logfile of HijackThis v1.98.2
Scan saved at 20:45:28, on 2004-10-26
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Norton Internet Security\SymProxySvc.exe
C:\Program\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\Norton Internet Security\IAMAPP.EXE
C:\Program\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Palm\HOTSYNC.EXE
C:\Program\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program\SpywareGuard\sgmain.exe
C:\Program\SpywareGuard\sgbhp.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Microsoft Office\Office\OUTLOOK.EXE
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {B27CE7EE-C63A-913C-F648-C610AE2DFF64} - C:\DOCUME~1\Ninna\APPLIC~1\CREATI~1\Showwindow.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\System32\BLSTAPP.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Cool aim date team] C:\Documents and Settings\All Users\Application Data\dvd 64 cool aim\ActiveBrowse.exe
O4 - HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 - HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 - HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 - HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 - HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 - HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 - HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://www.aftonbladet.se
O15 - Trusted Zone: http://www.ams.se
O15 - Trusted Zone: www.analog.com
O15 - Trusted Zone: http://www.comviq.se
O15 - Trusted Zone: www.expressen.se
O15 - Trusted Zone: http://www.miniclip.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.softube.se
O15 - Trusted Zone: www.svenskfotboll.se
O15 - Trusted Zone: www.telia.com
O15 - Trusted Zone: *.www.nt.se
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f46b8ac2d5414a6

Cheers, Per
  • 0

#4
-=jonnyrotten=-
Posted 26 October 2004 - 01:29 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Scan with Hijack This and check the boxes next to the following entries. Then click "Fix Checked"

O4 - HKLM\..\Run: [Cool aim date team] C:\Documents and Settings\All Users\Application Data\dvd 64 cool aim\ActiveBrowse.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...f46b8ac2d5414a6

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\Documents and Settings\All Users\Application Data\dvd 64 cool aim
Try to uninstall it from "Control Panel", "Add/Remove Programs" first (if it is in there) then delete the folder in bold. If it is not in add/remove programs delete the folder anyway.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Please post a new hijack log with any new information on your system.

-=jonnyrotten=- <_<
  • 0

#5
perco754
Posted 27 October 2004 - 06:44 AM

perco754

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Johnny!!! <_<

Here is the new log.
Question: How do I prevent this problem from coming back?

Regards, Per

Logfile of HijackThis v1.98.2
Scan saved at 14:41:05, on 2004-10-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Norton Internet Security\IAMAPP.EXE
C:\Program\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
C:\Program\Palm\HOTSYNC.EXE
C:\Program\SpywareGuard\sgmain.exe
C:\Program\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\Smartscaps.exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Norton Internet Security\SymProxySvc.exe
C:\Program\Norton Internet Security\NISSERV.EXE
C:\Program\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\The Cleaner\tca.exe
C:\Program\The Cleaner\tcm.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {B27CE7EE-C63A-913C-F648-C610AE2DFF64} - C:\DOCUME~1\Ninna\APPLIC~1\CREATI~1\Showwindow.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iamapp] C:\Program\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [BlstApp] C:\WINDOWS\System32\BLSTAPP.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [tcactive] C:\Program\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program\The Cleaner\tcm.exe
O4 - HKLM\..\RunServicesOnce: [1] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCHal.dll
O4 - HKLM\..\RunServicesOnce: [2] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BlstCtrl.dll
O4 - HKLM\..\RunServicesOnce: [3] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCInfo.dll
O4 - HKLM\..\RunServicesOnce: [4] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCMon.dll
O4 - HKLM\..\RunServicesOnce: [5] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCColor.dll
O4 - HKLM\..\RunServicesOnce: [6] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCDesk.dll
O4 - HKLM\..\RunServicesOnce: [20] C:\WINDOWS\System32\RegSvr32.exe /s C:\WINDOWS\System32\BCPref.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: HotSync Manager.lnk = C:\Program\Palm\HOTSYNC.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe
O4 - Global Startup: Certificate Mover.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://www.aftonbladet.se
O15 - Trusted Zone: http://www.ams.se
O15 - Trusted Zone: www.analog.com
O15 - Trusted Zone: http://www.comviq.se
O15 - Trusted Zone: www.expressen.se
O15 - Trusted Zone: http://www.miniclip.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://www.softube.se
O15 - Trusted Zone: www.svenskfotboll.se
O15 - Trusted Zone: www.telia.com
O15 - Trusted Zone: *.www.nt.se
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#6
-=jonnyrotten=-
Posted 27 October 2004 - 01:09 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Well if you don't know what these 2 websites are then use hijack this to remove these entries. Other than that you are clean! <_<

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

Reboot the computer.

Congratulations! Your system is CLEAN :D

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox Posted Image.
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :D

-=jonnyrotten=- :P
  • 0

#7
perco754
Posted 27 October 2004 - 01:48 PM

perco754

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ok, it's done. Thx again :D
Just for the record, I also downloaded the Ad-Aware program and had it scan my HD. It found 56!!! "threats" that I also removed.
Now I haven't felt this clean ever before <_<

Best,
Per
  • 0

#8
-=jonnyrotten=-
Posted 27 October 2004 - 01:49 PM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Make sure you check for updates at least once a week for Spyware Blaster, Spybot, and AdAware and scan with them at least once a week too. Well spyware blaster doesn't have a scan, but you still need to update it.

-=jonnyrotten=- <_<
  • 0

#9
perco754
Posted 28 October 2004 - 01:15 AM

perco754

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Jonny!

First, Sex Pistols "Never Mind The Bullocks" is one of my all-time-favorites <_<

Ok, I'll try to remember to do exactly that.
Another problem has occured. I can't do any windows update anymore. There is a fault each time I try do search for new updates. Been trying "the self solution thing" at win updates but without any luck.
Also, I followed your advice from yesterday and tried to install JVM from Sun but that didn't work either.
Any ideas on this, or should turn to another forum with these questions?

Thanks, Per
  • 0

#10
-=jonnyrotten=-
Posted 28 October 2004 - 10:54 AM

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
Make sure you are using Internet Explorer for windows updates. And for the Java, that page is a little hard to download from sometimes, I'm not sure on how to fix it. I just had to keep trying and then it worked. I'll try to find out some info and post back. "God Save The Queen!" <_<

-=jonnyrotten=-
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP