Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan, desktophijack help [RESOLVED]


  • This topic is locked This topic is locked

#16
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, please be patient, i will confer with the creator of this fix
  • 0

Advertisements


#17
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
ok, let try something here,
Please download Firefox from here and put it on a floppy disk, Then install it on the machine with the problems. If you can then connect to the internet please run a online virus scan at http://uk.trendmicro...call_launch.php
Then do a fresh Hijack this log and let us know how things are working.
  • 0

#18
fuzzybear

fuzzybear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi, again, I've had a lot of trouble with Firefox and lost my internet connection. Today I decided to delete firefox and I did get my internet connection back (so I could do the scan you requested). The trendmicro scan found viruses, but then it failed to clean them. I guess you will see that I still have PSGuard and other viruses. I still can't connect to the internet when I'm in safe mode. Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 4:11:59 PM, on 8/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI ADAPTER\WMP54GV4.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y1XQFEDS\HIJACKTHIS[2].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geekstogo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Charter featuring MSN
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [WMP54Gv4] C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab

Edited by fuzzybear, 23 August 2005 - 02:17 PM.

  • 0

#19
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
alright, we need to take this a step further. I'm not seeing any signs of your infection anymore, so i have to take your word on it being there. so we need to do a more drastic reinstall.

You may want to print this out so that you have it for reference while doing the reinstall.

using the boot disk that you made previously, you need to reboo the computer with it, then type the following at the command prompt.

fdisk

the first screen you will see when you run the FDISK program will ask you if you wish to enable large disk support (Y/N).
Answering Yes to this prompt will enable the FAT32 file system.

On the next screen you get a menu. The first step is to select option 4 and view the existing partition info. Delete the existing partitions. Hit ESC to go back to the menu and choose option 3.

warning when deleting the partitions ALL information will be lost permanently.

When deleting partitions, to avoid problems it is a rule of thumb to start with NON-DOS partitions and work your way up deleting all logical, then the extended and finally the Primary DOS Partition(s). When you are finished, the next step is option 1, creating DOS partition or logical DOS drive.

You MUST set your primary DOS partition active (i.e. setting it as the "boot" drive), this will become your C: drive. Selecting option 1 to create a Primary DOS Partition, you will be asked if you wish to use the maximum available size for a primary DOS partition.

If you answer Yes to this question, it will use the entire fixed disk as your primary partition. This is fine if your hard drive is less than 2 Gb or you are using a FAT32 aware operating system and have said Yes to enabling large volume support.

When you are finished, and exit FDISK you will be prompted to restart your computer. I recommend you do that immediately. After restarting, you must format each and every partition you have created.

type from the A: prompt while booted with your startup disk:

Make bootable: FORMAT C: /S

change to your CD-ROM drive letter, and type SETUP.
Windows Setup will guide you through the rest of the process.

Edited by Efwis, 23 August 2005 - 04:39 PM.

  • 0

#20
fuzzybear

fuzzybear

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks - I did reformat. I'm working on getting an internet connection back. I'm on a wireless router and I downloaded the Belkin software and I still don't connect. Once I'm back up and running with no viruses I plan to make a donation through Paypal. I am going to call Belkin and hopefully they can walk me through -- I'll get back to you
  • 0

#21
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
if you have any further questions or concerns after reconnecting you wireless card, please don't hesitate to ask.

After we are certain that you are completely virus free, I will supply you with some helpful hints to help prevent this from happening in the future.
  • 0

#22
Dragon

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP