Jump to content


Photo

HOTXXX Removal Please!


  • Please log in to reply
6 replies to this topic

#1 mak1989

mak1989

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 04 July 2004 - 01:55 PM

O.k firstly i'm sorry if i wasnts supposed to name this thread HotXXX and apologies for my bad spelling. About 2 - 3 weeks ago i got these pop ups HotXXX and Nasty sex on my comp although iv'e never been on these sites! i also get pop ups when connected to the net saying free pholoyphonic ringtones. im a newbie to the comp and dont know much. i read a couple of threads stating the same problem but the replier said they needed a log.............what does that mean? suddenly today my MY Documents icon shriveled up and changed i need to sought that out as well.................some please help me fast!!! :weep: and please include clear step by step instrucions!!

#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 04 July 2004 - 04:47 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 mak1989

mak1989

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 05 July 2004 - 12:43 PM

I've done what was asked and this is the lof file that i have recieced please check it quickly and tell me what i need to do..................THANK YOU SO MUCH!

Logfile of HijackThis v1.98.0
Scan saved at 18:40:59, on 05/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\zswozg.exe
C:\WINDOWS\qservice.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zaman\My Documents\MAK Documents\Hijack This\HijackThis.exe

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [nmitjbzdr] C:\WINDOWS\System32\zswozg.exe
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\qservice.exe /i
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B1ACB84-9DE7-4B50-8A81-4D451D825EF9}: NameServer = 195.92.195.95 195.92.195.94

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 05 July 2004 - 04:14 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\WINDOWS\System32\SWin32.dll
O2 - BHO: E.HH - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [nmitjbzdr] C:\WINDOWS\System32\zswozg.exe
O4 - HKLM\..\Run: [NAVCheck] C:\WINDOWS\qservice.exe /i
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

Reboot and delete

files
C:\WINDOWS\System32\automove.exe
C:\WINDOWS\System32\zswozg.exe
C:\WINDOWS\qservice.exe

folders
C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 mak1989

mak1989

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 07 July 2004 - 12:07 PM

I have done as you asked but I can’t delete C:\WINDOWS\System32\zswozg.exe because it keeps saying that another program maybe using it…………………………… and I can’t find this folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1 but I’ve done all the rest and so far no pop-ups or HotXXX although they might come back (hope they don't) …………….keep you posted if anything comes again. Here’s my log file as you asked…………….and THANKS A LOT! :D

Logfile of HijackThis v1.98.0
Scan saved at 18:06:58, on 07/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\zswozg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
F:\Volume[01]\Hijack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nzocbchv] C:\WINDOWS\System32\zswozg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 07 July 2004 - 02:57 PM

You still need to fix this entry

O4 - HKLM\..\Run: [nzocbchv] C:\WINDOWS\System32\zswozg.exe

Fix it with Hijack this, reboot, and delete the file C:\WINDOWS\System32\zswozg.exe.

If you still get an error when deleteing the file, reboot into safe mode, (tap the F8 key as the computer boots, and choose safe mode from the menu,), run Hijack this again and fix the entry, then WITHOUT rebooting, delete the file.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 mak1989

mak1989

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 08 July 2004 - 02:42 PM

yeh i deleted it now....................thers been no popups ot hotxxx now for a couple days......................thanx alot! :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button