Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

W32.Sinnaka.A@mm?

Started by rokenrol4ohio , Nov 06 2005 10:55 PM

  • Please log in to reply

#1
rokenrol4ohio
Posted 06 November 2005 - 10:55 PM

rokenrol4ohio

    New Member

  • Member
  • Pip
  • 4 posts
Yea every time I get onto my Internet explorer My home page is Jacked with some warning saying W32.Sinnaka.A@mm has all of my personal information. Would someone be nice enough to help me?

I have the following loaded for cases like this:
Hijack This
Killbox
fixware
spybot
spyware blaster
  • 0

Advertisements

#2
OwNt
Posted 06 November 2005 - 11:02 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, rokenrol4ohio.

Please DELETE your current HJT program from its present location.

Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident

Run HijackThis

Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')
  • 0

#3
rokenrol4ohio
Posted 06 November 2005 - 11:07 PM

rokenrol4ohio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:06:49 AM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp7D40.tmp
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092418036727
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD Architectural 2\AcPreview.ocx
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#4
OwNt
Posted 06 November 2005 - 11:39 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, rokenrol4ohio.

I see you have some symantec stuff on your computer, what does it relate too?

Please open Hijackthis, scan, and place a checkmark by the following entries:

O2 - BHO: HomepageBHO - {e9ccf15d-4c68-4b5a-9e9a-8e12e4bd39bd} - C:\WINDOWS\system32\hp7D40.tmp
O4 - HKLM\..\Run: [windows auto update] msblast.exe

Close ALL open windows/browsers and click Fix Checked.

Please boot into Safe Mode by tapping F8 as your computer starts up.

Once in safe mode please show Hidden Files and Folders

Please search for msblast.exe and delete all instances found.
(Start > Search > For Files or Folders)

Please also delete the following files:

C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe

Reboot into Normal Mode

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back the log from Kaspersky, and a new Hijackthis log.

Edited by OwNt, 06 November 2005 - 11:40 PM.

  • 0

#5
rokenrol4ohio
Posted 06 November 2005 - 11:47 PM

rokenrol4ohio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I go to Miami Valley Career Tech Center and this is a school issued laptop. They all have symantec on it...im not exactly sure what it is.
  • 0

#6
rokenrol4ohio
Posted 07 November 2005 - 12:09 AM

rokenrol4ohio

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The Kaspersky thing says that it cant run with my browser?
  • 0

#7
OwNt
Posted 07 November 2005 - 12:10 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Please use Internet Explorer to scan with it.

I know FireFox is alot better. :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP