Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CoolWWWSearch variants + Common hijacker + IGetNet

Started by Guig0 , Jan 13 2005 11:43 AM

  • This topic is locked This topic is locked

#1
Guig0
Posted 13 January 2005 - 11:43 AM

Guig0

    Member

  • Member
  • PipPip
  • 13 posts
Hi, i´ve followed all the instructions on the You Must Read This Before Posting A Hijackthis Log, Required steps before posting your log., and i´m still getting the following problems:

Error on Startup:
- ""c:\windows\system32\nbrszht.dll",Umonitor"

------------------------------------------
Problems that keep coming back in 'SPYBOT' Scan:
- Common hijacker
- CoolWWWSearch.bootconf
- CoolWWWSearch.Loadbat
- CoolWWWSearch.Msconfd
- CoolWWWSearch.Oslogo
- CoolWWWSearch.Tapicfg
- CoolWWWSearch.Xmlmimefielter
- IGetNet

------------------------------------------
Problems that keep coming back in 'Ad-Aware se' Scan:
- VX2 (3 Objects total)
- Redirected hostfile entry (3 Objects total)

------------------------------------------
And finally: 'HijackThis' Log:
Logfile of HijackThis v1.99.0
Scan saved at 15:08:12, on 13/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Spyware Doctor\swdoctor.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Sleepy\service.exe
C:\Arquivos de programas\Sleepy\slptask.exe
C:\Arquivos de programas\Sleepy\slptray.exe
C:\Documents and Settings\adm\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AdmTask] C:\Arquivos de programas\AdmTask\admtask.exe /m
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Arquivos de programas\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105559405116
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sleepy - www.sleepysoftware.com - C:\Arquivos de programas\Sleepy\service.exe
------------------------------------------



Help me please! ;)

Oh... and: Thanks a lot for your time guys! :tazz:
  • 0

Advertisements

#2
irealityworldi
Posted 13 January 2005 - 09:43 PM

irealityworldi

    Member

  • Member
  • PipPip
  • 61 posts
Well, you seem to be infected with BOTH CWS and VX2. :tazz: dandy. But it's okay - we'll get it cleaned up. ;)

Are you sure you did everything it said on that section? CWShredder should have gotten rid of the CoolWebSearch you're getting. Try running that again. If you need the link to the download, click here. Extract it & run the program. Click the Next Button & let it scan. Make sure you let it fix all CWS Remnants.

Next for the VX2, we're going to need more than just the Hijack Log. Please follow the instructions carefully and post again. :thumbsup:
  • Download finditnt2000xp.zip.
  • Unzip the contents of finditnt2000xp.zip to a convenient location.
  • Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
  • A command prompt will open and it will search your computer for malicious files.
  • Once it has finished a Notepad window will pop up with output.txt.
  • Copy the entire contents of output.txt into your next post.

  • 0

#3
Guig0
Posted 14 January 2005 - 01:42 PM

Guig0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
dude, very sorry for taking your time for a 'lost case'...
...the virus that infected my pc had enough time to destroy important system files, before it was removed by avg. what gave me no choice but to format my HD. ;)

good thing is, that now i made all the precautions listed in the You Must Read This... section, and i´m sure i´ll have no problems for a long time.


thank you very much for your time and assistance! :tazz:
  • 0

#4
irealityworldi
Posted 14 January 2005 - 02:34 PM

irealityworldi

    Member

  • Member
  • PipPip
  • 61 posts
Well, I'm sorry to hear that you had to go through the trouble of reformatting your PC. :tazz: I'm glad to hear that you've looked at our You must read this... section carefully but I have some new spyware PREVENTION programs you should have in addition to the rest of the spyware DETECTION and DESTROYER programs, like Ad-aware and spybot.

1. SpywareBlaster << This is a free JavaCool programs. This one will detect spyware before they're even installed and will not take up any system resources. A very crucial program. Make sure you update periodically.

2. SpywareGuard << This program is like an anti-virus program only it's with spyware. It provides realtime protection from spyware and browser hijacks.

3. IE/Spyad << This places over 5,000 websites and domains in the IE Restricted list, some of which seem completely innocent when they're actually drenched with spyware. It prevents any downloads (Cookies etc) from the sites listed, but you should still be able to connect to the sites.

4. Be sure to also keep up with Windows and IE updates!!!

**I see that you have a Windows XP but just the Service Pack 1. Please visit the following websites and download Service Pack 2!! We believe it's a MUST to download this.

Windows security and critical updates

Internet Explorer security and critical updates.

5. BE SURE TO HAVE SOME TYPE OF ANTI-VIRUS PROGRAM!! for some good free anti-virus programs, visit the "Free Anti-Virus Tools" link in my signature.

6. Internet Browsers: Internet Explorer is NOT the safest web browser out there. I personally recommend Firefox (click on the link in my signature), which has very nice extra features AND a much better security system. A downside is the downloading of the plugins for the new firefox browser, but those are easily accessible at the firefox start page when you first download firefox.

If you do all of the following, you should be spyware-free for a long time to come. :thumbsup: Have a good day and thanks for using our forum!! ;)
  • 0

#5
Guig0
Posted 14 January 2005 - 04:38 PM

Guig0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i can´t believe... you´re great dude! :tazz:
those tips ´bout SpywareGuard, SpywareBlaster and IE/Spyad were awesome!!


can´t thank you enough... i´m really glad i found my way to these boards ;)
  • 0

#6
irealityworldi
Posted 14 January 2005 - 05:39 PM

irealityworldi

    Member

  • Member
  • PipPip
  • 61 posts
You're much welcome - good luck keeping your computer safe!! :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP