Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-spy.html.smitfraud.c [RESOLVED]

Started by Tori63063 , Jul 19 2005 10:30 PM

  • This topic is locked This topic is locked

#1
Tori63063
Posted 19 July 2005 - 10:30 PM

Tori63063

    New Member

  • Member
  • Pip
  • 8 posts
Help!! I have the dreaded Trojan-spy.html.snitfraud.c!!

I have tried all the prior steps with no luck and proceeded to the HijackThis program....ran a scan...when it came time to save the logfile...page came up that says: Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

...so when I open it to try to c/p my logfile that is what I get. I can't figure out another way to c/p it so I can get help for my problem...Help?

This is how I'm feeling now ;) :tazz:
  • 0

Advertisements

#2
kool808
Posted 29 July 2005 - 08:19 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Welcome to Geeks to Go!. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved?

Please let me know and if you still require assistance, please post a fresh HJT log.

In the event you cannot download it then you have to use another computer then transfer it to your PC.  If you are not able to run it through desktop or C:\HJT then you have to use the Task Manager, available through CTRL+ALT+DELETE then choose New Task.


Regards,

kool808
  • 0

#3
Tori63063
Posted 30 July 2005 - 08:46 AM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm sorry but I don't know much about computers...I can get the log where I can see it....but when it is saved and I reopen it to c/p it...I get a blank page that says Action cancelled message.

When I run my HijackThis program...I also get a note that says it is in a Temporary file and that I need to change it...I don't know how to do this. :tazz:

Also when using CTRL+ALT+DELETE there is nowhere to choose New Task?? I have AOL 7.0 if that makes a difference.
  • 0

#4
Tori63063
Posted 30 July 2005 - 10:50 AM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok....I figured out how to get my log another way....Here is my Hijack This log...Hope you can help me!!


Logfile of HijackThis v1.99.1
Scan saved at 9:36:33 AM, on 7/30/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\OUTPOSTUPDATE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTEL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\DESKTOP\CARLY MUSIC\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\SYSTEM\intel32.exe
O4 - HKLM\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#5
kool808
Posted 30 July 2005 - 11:14 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts

You have a lot of malwares but we can take them down one at a time. They will feel the bullets through them.


Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
+++++++++++++++++++++++++++++++++++++++++++++++

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Do NOT run it yet.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Do NOT run the scan yet!

Please download [ Spybot Search & Destroy 1.4 ].

1. Install Spybot S&D, accepting the Default Settings
2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
3. Close ALL windows except Spybot S&D
4. Click the button to ‘Search for Updates’ then download and install the Updates.
5. Once the update is complete, do NOT run the scans yet.
6. Close Spybot S&D

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
(How to boot in Safe Mode...)
===================================================
We will now fix the remaining problems with HijackThis. Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\Run: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe
O4 - HKCU\..\RunServices: [outpostupdate] C:\WINDOWS\SYSTEM\outpostupdate.exe

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresear...ia/OTXMedia.dll

Make sure to double check the items you have selected,then click Fix Checked.
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.

1. Open Spybot, next click the button ‘Check for Problems'
2. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' Entries and ‘GREEN’ entries in the window
3. Make certain there is a check mark beside all of the RED entries ONLY.
4. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

Next go to Control Panel click Display. Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINDOWS\SYSTEM\outpostupdate.exe
Finally, Empty Recycle Bin

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!

Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#6
Tori63063
Posted 31 July 2005 - 08:04 PM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK...I tried to do everything you asked...Here are the logfiles I have. I really do appreciate you trying to help me. :tazz:



Logfile of HijackThis v1.99.1
Scan saved at 8:49:22 PM, on 7/31/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\DESKTOP\CARLY MUSIC\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {171CC616-9DE6-4549-93D8-FB719AC8C7C6} - C:\WINDOWS\SYSTEM\JAGH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {1558850F-1F08-46D9-B89F-6DD8F4CA99F8} - C:\WINDOWS\SYSTEM\JAGH.DLL
O18 - Filter: text/plain - {1558850F-1F08-46D9-B89F-6DD8F4CA99F8} - C:\WINDOWS\SYSTEM\JAGH.DLL





Panda ActiveScan

Adware:Adware/SearchExe No disinfected C:\WINDOWS\SYSTEM\JAGH.DLL
Adware:adware/cws No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Q330995.exe
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\BIINI.INF
Adware:adware/searchexe No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHASSISTANT UNINSTALL
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RUNMSC.LOADER.1
Adware:adware/cws.aboutblank No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\HOMEOLDSP
Spyware:spyware/istbar No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\BIINI.INF
Adware:Adware/SearchExe.gen No disinfected C:\WINDOWS\SYSTEM\FKDN.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
Adware:Adware/SearchExe No disinfected C:\WINDOWS\SYSTEM\JAGH.DLL
Adware:Adware/SearchExe.gen No disinfected C:\WINDOWS\SYSTEM\ojmb.dll
Adware:Adware/SearchExe No disinfected C:\WINDOWS\SYSTEM\fanm.dll
Adware:Adware/SearchExe No disinfected C:\WINDOWS\TEMP\pav81A0.TMP
Adware:Adware/SearchExe No disinfected C:\WINDOWS\TEMP\pav33B6.TMP
Adware:Adware/SearchExe.gen No disinfected C:\WINDOWS\Desktop\Carly music\hijackthis\backups\backup-20050719-125926-165.dll
Virus:Trj/Reboot.F Disinfected C:\HP\bin\Rebooter.exe
Virus:Trj/Clicker.AH Disinfected C:\Program Files\Internet Explorer\nbecwssc.exe
Virus:Trj/Clicker.AH Disinfected C:\web.exe





smitRem log file
version 2.2

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!!
  • 0

#7
Tori63063
Posted 31 July 2005 - 08:17 PM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
BTW...I'm still getting spyware popups (6 at a time) and I keep getting Virus Detected c:\windows\temp\se.dll and a box that says Access Denied Run.dll...3 times each time I start up my computer and again when I go to websites...I delete the file each time...

Also when I sign on I get Spool32 has caused an error in <unknown> Spool32 will now close.



<sigh>
  • 0

#8
kool808
Posted 01 August 2005 - 02:09 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

++++++++ STEP 1 ++++++++
Open up NOTEPAD, then copy & paste the follwing codes (starting from REGEDIT4). Save it on desktop as fixme.reg. Choose file types as ALL FILES.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHASSISTANT UNINSTALL]

[-HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\RUNMSC.LOADER.1]

[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\HOMEOLDSP]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page]

Now double-click fixme.reg then allow it to merge to the system.

++++++++ STEP 2 ++++++++
This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Please read the instructions for About:Buster then download it to a safe location where you can easily remember it.
Please Download the stand-alone version of CoolWebShredder
Download SpSeHjfix HERE
Download Cleanup.
Click HERE to download Pocket Killbox by Option^Explicit. Extract it from the zip file then place it on the desktop but do NOT run it yet. We will run it later.

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Reboot in SAFE MODE. (How to boot in Safe Mode...)

++++++++ STEP 3 ++++++++
Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
In the event you get an error message then do the following: (NOTE: If the error persist please continue with the rest of the procedures)
Start > Run then paste this in the dialog box

regsvr32 C:\Windows\System\COMCTL32.OCX

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

++++++++ STEP 4 ++++++++
Now double-click Killbox.exe to run it.

Select "Delete on Reboot".

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C


C:\WINDOWS\SYSTEM\JAGH.DLL
C:\WINDOWS\DOWNLOADED PROGRAM FILES\Q330995.exe
C:\WINDOWS\INF\BIINI.INF
C:\WINDOWS\SYSTEM\FKDN.DLL
C:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll
C:\WINDOWS\SYSTEM\ojmb.dll
C:\WINDOWS\SYSTEM\fanm.dll
C:\WINDOWS\TEMP\pav81A0.TMP
C:\WINDOWS\TEMP\pav33B6.TMP
C:\WINDOWS\Desktop\Carly music\hijackthis\backups\backup-20050719-125926-165.dll
C:\HP\bin\Rebooter.exe
C:\Program Files\Internet Explorer\nbecwssc.exe
C:\web.exe



Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Restart in SAFE MODE and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

++++++++ STEP 5 ++++++++
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {171CC616-9DE6-4549-93D8-FB719AC8C7C6} - C:\WINDOWS\SYSTEM\JAGH.DLL
O18 - Filter: text/html - {1558850F-1F08-46D9-B89F-6DD8F4CA99F8} - C:\WINDOWS\SYSTEM\JAGH.DLL
O18 - Filter: text/plain - {1558850F-1F08-46D9-B89F-6DD8F4CA99F8} - C:\WINDOWS\SYSTEM\JAGH.DLL

Make sure to double check the items you have selected, then click Fix Checked.

++++++++ STEP 6 ++++++++
Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files. Reboot your computer into normal windows.

++++++++ STEP 7 ++++++++
Please run an on-line virus scan again at Kaspersky Online Scan or if that doesnt work, you can have an On-line scan at this sites:
Trend Micro or Panda Scan or BitDefender.
(Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck!
  • 0

#9
Tori63063
Posted 01 August 2005 - 09:10 AM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK here goes...just so you know..this is like trying to ask for directions in a country where you don't speak the language!!! I appreciate your patience. ;)


Panda Activescan Log

Incident Status Location

Adware:adware/searchexe No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SEARCHASSISTANT UNINSTALL
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/cws.aboutblank No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\HOMEOLDSP
Spyware:spyware/istbar No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page
Adware:Adware/SearchExe No disinfected C:\WINDOWS\SYSTEM\fanm.dll
Adware:Adware/SearchExe.gen No disinfected C:\WINDOWS\Desktop\Carly music\hijackthis\backups\backup-20050801-092518-464.dll
Spyware:Spyware/BetterInet No disinfected C:\!Submit\BIINI.INF
Adware:Adware/SearchExe.gen No disinfected C:\!Submit\FKDN.DLL
Adware:Adware/SearchExe.gen No disinfected C:\!Submit\ojmb.dll
Adware:Adware/SearchExe No disinfected C:\!Submit\fanm.dll
Adware:Adware/SearchExe No disinfected C:\!Submit\pav81A0.TMP
Adware:Adware/SearchExe No disinfected C:\!Submit\pav33B6.TMP
Adware:Adware/SearchExe.gen No disinfected C:\!Submit\backup-20050719-125926-165.dll





About Buster Log

AboutBuster 5.0 reference file 28
Scan started on [8/1/2005] at [8:48:09 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:48:09 AM



(8/1/05 9:01:32 AM) SPSeHjFix started v1.1.2
(8/1/05 9:01:32 AM) OS: WinME (4.90.3000)
(8/1/05 9:01:32 AM) Language: english
(8/1/05 9:01:32 AM) Win-Path: C:\WINDOWS
(8/1/05 9:01:32 AM) System-Path: C:\WINDOWS\SYSTEM
(8/1/05 9:01:32 AM) Temp-Path: C:\WINDOWS\TEMP\
(8/1/05 9:01:48 AM) Disinfection started
(8/1/05 9:01:48 AM) Bad-Dll(IEP): c:\windows\temp\se.dll
(8/1/05 9:01:48 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\JAGH.DLL
(8/1/05 9:01:48 AM) Searchassistant Uninstaller - Keys Deleted
(8/1/05 9:01:48 AM) UBF: 4 - UBB: 0 - UBR: 5
(8/1/05 9:01:48 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(8/1/05 9:01:48 AM) UBF: 4 - UBB: 0 - UBR: 4
(8/1/05 9:01:48 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/space.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(8/1/05 9:01:48 AM) Stealth-String not found
(8/1/05 9:01:48 AM) File added to delete: c:\windows\system\jagh.dll
(8/1/05 9:01:48 AM) File added to delete: c:\windows\temp\se.dll
(8/1/05 9:01:48 AM) Reboot
(8/1/05 9:14:31 AM) SPSeHjFix 2nd Step
(8/1/05 9:14:32 AM) Stealth-String not present. Disinfection succesfully
(8/1/05 9:14:38 AM) Cleaned


Using Killbox...I was unable to get rid of c:\windows\system\ojmb.dll
or c:\windows\system\fanm.dll......




Logfile of HijackThis v1.99.1
Scan saved at 9:23:13 AM, on 8/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\CARLY MUSIC\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {775B48B8-74B3-4706-9B0B-69F9CB99CDB7} - C:\WINDOWS\SYSTEM\OJMB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {23609D96-61D2-4375-8ECF-B0E6109C6AFA} - C:\WINDOWS\SYSTEM\OJMB.DLL
O18 - Filter: text/plain - {23609D96-61D2-4375-8ECF-B0E6109C6AFA} - C:\WINDOWS\SYSTEM\OJMB.DLL





Am I getting anywhere???? :tazz:
  • 0

#10
kool808
Posted 01 August 2005 - 04:54 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts

We need to do this again! The infection is not budging off.


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Reboot in SAFE MODE. (How to boot in Safe Mode...)

Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
In the event you get an error message then do the following:
Start > Run then paste this in the dialog box

regsvr32 C:\Windows\System\COMCTL32.OCX

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINDOWS\SYSTEM\OJMB.DLL
  • C:\WINDOWS\TEMP\SE.DLL
Finally, Empty Recycle Bin

Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {775B48B8-74B3-4706-9B0B-69F9CB99CDB7} - C:\WINDOWS\SYSTEM\OJMB.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

O18 - Filter: text/html - {23609D96-61D2-4375-8ECF-B0E6109C6AFA} - C:\WINDOWS\SYSTEM\OJMB.DLL
O18 - Filter: text/plain - {23609D96-61D2-4375-8ECF-B0E6109C6AFA} - C:\WINDOWS\SYSTEM\OJMB.DLL

Make sure to double check the items you have selected, then click Fix Checked.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files. Reboot your computer into normal windows.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck!
  • 0

#11
Tori63063
Posted 02 August 2005 - 10:03 AM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
How's it lookin' Boss??? :tazz:



AboutBuster 5.0 reference file 28
Scan started on [8/2/2005] at [10:35:48 AM]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:35:49 AM


(8/2/05 10:38:06 AM) SPSeHjFix started v1.1.2
(8/2/05 10:38:06 AM) OS: WinME (4.90.3000)
(8/2/05 10:38:06 AM) Language: english
(8/2/05 10:38:06 AM) Win-Path: C:\WINDOWS
(8/2/05 10:38:06 AM) System-Path: C:\WINDOWS\SYSTEM
(8/2/05 10:38:06 AM) Temp-Path: C:\WINDOWS\TEMP\
(8/2/05 10:38:18 AM) Disinfection started
(8/2/05 10:38:18 AM) Bad-Dll(IEP): c:\windows\temp\se.dll
(8/2/05 10:38:18 AM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\OJMB.DLL
(8/2/05 10:38:18 AM) Searchassistant Uninstaller - Keys Deleted
(8/2/05 10:38:18 AM) UBF: 4 - UBB: 0 - UBR: 5
(8/2/05 10:38:18 AM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(8/2/05 10:38:18 AM) UBF: 4 - UBB: 0 - UBR: 4
(8/2/05 10:38:18 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/spage.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(8/2/05 10:38:18 AM) Stealth-String not found
(8/2/05 10:38:19 AM) File added to delete: c:\windows\system\ojmb.dll
(8/2/05 10:38:19 AM) File added to delete: c:\windows\temp\se.dll
(8/2/05 10:38:19 AM) Reboot
(8/2/05 10:49:26 AM) SPSeHjFix 2nd Step
(8/2/05 10:49:26 AM) Stealth-String not present. Disinfection succesfully
(8/2/05 10:49:37 AM) Cleaned

Logfile of HijackThis v1.99.1
Scan saved at 10:44:39 AM, on 8/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\CARLY MUSIC\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunOnce: [sphjfix] C:\WINDOWS\DESKTOP\SPSEHJ~1.EXE
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
  • 0

#12
kool808
Posted 02 August 2005 - 04:14 PM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
You did a very good job, nicely done!

You can now uninstall / remove these programs:

smitrem
fixme.reg
killbox
SpSeHjfix
HijackThis
About buster

If you intend to keep them then place them in one folder where you can easily remember in the future.

:yes: :) :tazz: :( :woot: :tazz: :huh: :( :wub: :hug: :woot:


Congratulations! ;) your system is CLEAN!

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?
  • 0

#13
Tori63063
Posted 02 August 2005 - 06:14 PM

Tori63063

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you, thank you...I couldn't have done it without you...You are DA' MAN and I'm feelin' all warm and fuzzy inside....<sigh> :tazz:
  • 0

#14
kool808
Posted 03 August 2005 - 01:29 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP