Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[email protected]


  • Please log in to reply

#1
schnay

schnay

    New Member

  • Member
  • Pip
  • 1 posts
When opening Internet Explorer it goes directly to securitycaution.com and says my computer has been taken over. I also keep getting inappropriate pop-up adds. I have tried to follow the instructions listed on your site but have been unable to fix the problem. Any help would be appreciated.

Log File

Logfile of HijackThis v1.99.1
Scan saved at 5:13:40 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sam.DF12YC61\Local Settings\Temporary Internet Files\Content.IE5\Y5CDKFAT\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp640F.tmp
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
  • 0

Advertisements


#2
FZWG

FZWG

    Visiting Staff

  • Member
  • PipPipPip
  • 145 posts
Apologies for the delay in responding.

The workload at this forum is intense, and sometimes it is not possible to respond to every inquiry.


You may want to copy of these instructions to NotePad, and save the on the Desktop, or print them, since you will not be able to connect to the Internet during most of this procedure.

Please download SmitRem.exe and save the file to the Desktop.
Double click on the file to extract it to it's own folder on the Desktop.

Download AdAware SE from the following link:
http://www.majorgeek...ownload506.html
Use Check for Updates Now option and download the latest reference files
Do not scan yet.

Download Ewido Anti-Malware:
http://www.ewido.net/en/download/
Press: Download Now
In the folder where EWIDO is located, double click the EWIDO Setup file
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Follow the prompts and reboot when done.

Now, go to Start>All Programs>EWIDO
Select: Security Suite

When the program starts, do an online update for the latest signature files
An Update Successful prompt appears when done
Do not use the scanner yet.

Now, reboot to Safe Mode:
-Restart your computer
-When the machine first starts again, tap the F8 key repeatedly until you are presented with
a Windows XP Advanced Options menu
-Select the option for Safe Mode using the arrow keys
-Press Enter to boot into Safe Mode

Next, open the SmitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
The Desktop and icons disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while.
When done, the log created by the smitRem tool is located at C:\smitfiles.txt

Next, run AdAware
-Use the Start button, and on the next window, select: Perform Full System Scan
-Press Next, and let Ad-aware scan the hard drive
-When finished, right-click the window with the entries, choose: Select All from the menu, and click Next.
-Once AdAware has removed the entries, close the program

Run EWIDO.
Click on the Scanner button in the left menu
Next, click on: Complete System Scan

The scan may find malware entries and request action to clean up. Agree.
However, if EWIDO finds something that you know is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), do not check: Perform action with all infections. If you are unsure of an entry, select None as the action for the time being.

Once the scan has completed, click: Save Report
Save the report to the EWIDO folder

Go to Control Panel > Internet Options
Click on the Programs tab
Click: Reset Web Settings
Click Apply then OK.

Next, go to Start > Run, and enter: desk.cpl
Go to Desktop tab and press Customize Desktop
Select the Web tab

Under Web Pages, is there an entry C:\WINDOWS\Web\desktop.html there, or, "smart-security.com", or something similar? If so, uncheck it, right click, and delete it

Restart the computer normally.

Next, run Panda’s online ActiveScan:
http://www.pandasoft.../activescan.htm
On the top right go to: Free Use ActiveScan
Select: Free online virus scan

In the prompt that appears, select the green button: Check Now! At no cost.

Follow the prompts, provide the required info, select: Scan Now!
Allow the ActiveX download.

Select a device to scan: Local Disks

When the scan is done, select: See Report
Then select, Save Report and save to a location where you can find the report to provide in your response.


Finally, provide the following in your reply:
The log from the smitRem tool (located at C:\smitfiles.txt)
The EWIDO report
The results from the ActiveScan
A new HijackThis log**

**Please make sure HijackThis is in its own folder, and not in a temporary directory.
Create a folder like: C:\Program Files\HijackThis, or, if you want to keep it on the Desktop, right click an empty area, select New > Folder, name the folder HijackThis, and place the HijackThis.exe file in it. Then, run the program from there.

HijackThis makes backups of what is fixed/removed, and needs its own folder to create and keep these secure. Backups allow you to restore removed entries, and this option may be necessary when dealing with what is showing on your log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP