Jump to content


Photo

Nasty Bug Stopping Hijackthis & CWshredder !?!


  • Please log in to reply
5 replies to this topic

#1 phapster

phapster

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 July 2004 - 09:44 PM

Hello all. I'm really hoping you all can help me out! I'm at my wits end.

I have somehow download a NASTY bug of some sort. This bug does NOT let me run CWshredder, Spybot Search & Destroy, or Hijackthis! If I even open the file that I keep them in...I can quickly see that they are not even shown in the file (before the file is automatically closed on me). It's almost as if whatever nasty bug I have knows I have these programs on my computer, and doesn't want me to use them. So, it prevents me from even seeing them and closes them immediately.

I've also tried running these programs from a disc. NO LUCK... When I try, it seems the bug recognizes what I'm attempting and doesn't even show these programs on my disc! Thus, I can use these from discs.

ALSO...I've tried to re-download them again, but when I try I get a message like "Unable to download from a read only, something.." (sorry I forget the exact wording)

ALSO...I've run that coolwebsearch additional program from www.merijn.org, that supposedly scans your computer to check to see if you have a bug that shuts down Hijackthis and CWshredder. I've run this...and it says I don't have this problem.

ALSO...I am unable to now go to certian websites, like yahoo, google, msn, lycos...I am always redirected to the hijacked home page. It seems like this is only when I type in well known search pages.

Does anybody have any ideas for help? I've never encountered such a nasty bug. Anyone know of any items in the Registry I should be looking for to delete? And if so...where do I find them on the Registry.

I'm thinking that searching/deleting files from the Registry might be my only chance!

Thanks for reading...and for ANY help you can offer.

#2 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 02 July 2004 - 09:51 PM

Can you please post a hijackthis log for someone to review.. :)
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!

#3 phapster

phapster

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 03 July 2004 - 11:01 AM

Hello irelynnmisses! Thanks so much for replying.

I would LOVE to post a Hijackthis log, but...that's part of the problem. This bug is not even letting me open up the programs Hijackthis, CWshredder, and Spybot Search & Destroy. First, I click on the folder which these program are kept in, and I now can't even see these programs listed! They definitely were there, as I use them everyday.

But..it's like this nasty bug won't let me access the programs that might be able to get rid of it.

So, I'm unable to open Hijackthis and post a log. Any ideas as to how to get around this, and maybe delete some items from the Registry? I at the point where I'm thinking deleting from the Registry might be the only option...?

Thanks again so much for your help!

#4 phapster

phapster

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 04 July 2004 - 04:55 PM

OK...I am seeming to be getting somewhere with this. But, I still REALLY do need some help. Any help that you informed people can offer would be terrific! I thank you!

It seems that this problem has to do with something called "outhost.info".

I copied Hijackthis and CWshredder onto a disk, and I RENAMED them. Then, I booted in Safe Mode. And...I WAS able to run Hijackthis ! This is a HUGE step forward. I deleted a bunch of entries both in Safe Mode and on normal bootup.

BUT...I was still unable to run CWshredder or Spybot.

The home page has been corrected, but it seems like I can't access some sites still. I have been able to get to sites to download new versions of CWshredder and Spybot, BUT.... I can't download them!

I get this message:

"Error Copying File or Folder: Cannot copy file: Cannot read from the source file or disk"

With this added information....does anybody have some suggestions / advice as to what to do next?

THANK YOU!!!!!

#5 phapster

phapster

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 July 2004 - 12:33 PM

I have been able to culminate the information necessary to defeat this Hackerdefender / outhost bug! Hopefully, the great info presented in this thread can help out those unfortunate to have acquired this bug. I'm in no way a computer guy, just thought this might help.

This is the HackerDefender bug, and it is was a major pain to defeat. It doesn't let you access/use CWshredder, Hijackthis, or Spybot (nasty program). If you have these programs already installed, it won't let you even see them. It also won't let you access these programs from floppy or cd. You try to access the disks, and it looks as if nothing is on them!

It also hijacks you web browser, and changes your homepage to something like "xxxxx.outhost.info". As well, it does not allow you to surf to certain websites that might be able to help you defeat it. I could not access yahoo, google, and most other search pages, as well as most anti spyware sites to try to download new versions of CWshredder, Hijackthis, or Spybot.

I did manage to get to some pages to 'attempt' to download new versions of CWshredder and Hijackthis. But...no luck. You won't be able to download these. You will get the message: "Error Copying File or Folder: Cannot copy file: Cannot read from the source file or disk"

I have been able to culminate the information necessary to defeat this Hackerdefender / outhost bug! Hopefully, the great info presented in this thread can help out those unfortunate to have acquired this bug. I'm in no way a computer guy, just thought this might help. These are the steps I've taken to attack this. Not sure if the order is imperative, just how I went about it.

This procedure is for Windows XP.

PART 1:

From a non-infected computer: (Go to a friend's, etc). Download Hijackthis again. Here's a site to download it from:

http://www.spywarein.../downloads.html

Then, RENAME (any othe name than Hijackthis) this program and put it onto a disc (floppy or cd).

Start your computer in Safe Mode (press the 'F8" key when your computer is starting up).

Then load your disk, and you should be able to access your "hijackthis". Run this program, save the log, and post it to this forum. Someone will take a look at it and tell you what to remove.

PART 2:

(Credited to WinHelp2002 at spywareinfo.com, and Matrix420)

1.) In normal Windows running mode first, you're going to need to download a different registry editor as your default will not do the trick. Download RegLite from http://www.snapfiles...istrarlite.html

2) Restart in Safe Mode (see line below)

http://service1.syma...enDocument&src=

3) Enable Hidden Files (see link below)

http://service1.syma...&src=ent&docid=

4.) Run RegLite:

Open RegLiteand and search for
"HackerDefenderDrv100" (no quotes)
Click Find Now

Highlight and delete all references found.

Note: If you cannot delete the registry keys (Access Denied) then Right-click key and click Permissions.. Set Full Control to Allow everyone rights. Highlight each HKEY, then right click, Properties, then check the boxes for "full control" on any user listed.

Next, do the same steps for each of the below files. Locate and delete the following (search for each one in RegLite). Your computer may not have ALL of these below files. That's ok. Just search for and delete those you are able to find.

hxdefdrv.sys
inatjoy.dll
motkrtin.dll
witadr.dll
winunins.exe
winunins.ini
svhost.exe (not "svchost.exe")
trj4j6js.exe
ddd.exe

While still in Safe Mode: Run a full system scan with McAfee, or other virus scanners. Restart normally.

After doing this, you "should" be able to run another HijackThis. Run this and post your log to the forum, and I'll bet somebody will take a look at it to tell you what you can check and remove, or if you are ok.

Hope this help a little!

#6 irelynnmisses

irelynnmisses

    Forum Goddess

  • Retired Staff - Helper
  • PipPipPipPip
  • 282 posts

Posted 10 July 2004 - 06:26 PM

ok, sorry i didn't eman to forget about you but this forum moves fast and i found your post a minute ago.. lol without looking to :D


can you post a hijackthis log now?
FireFox is recommended over IE: http://www.mozilla.o...oducts/firefox/

Misses Loves Kisses

Also, Please don't PM me your hijack logs. I would you rather post them and PM me if you wish for me to look at them. A PM with a hijacklog will get ignored!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button