• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
puserERC

4counter and other computer problems

2 posts in this topic

I have been unable to remove 4counter from my homepage for quit some time. I have also just loaded windows xp to my computer and had problems with the sasser worm. I went through the suggest steps to get rid of the worm and it seemed to work but I am still having other computer problems. The webpage anglefire comes up without warning and my cd drive will not read any discs. I am not sure if these are connected or not but both problems started today. I ran hijackthis and will post the results. I am hoping to eliminate most if not all of my problems with your help.

 

Thank you

puserERC

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\atievxx.exe

C:\WINDOWS\System32\gearsec.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\winsystem.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\unzipped\hijackthis\HijackThis.exe

C:\WINDOWS\System32\winsys32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2&b=megad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2&b=megad

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2&b=megad

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bright.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2&b=megad

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = bright.net

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bright.net

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.hotmail.com/

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe

O4 - HKLM\..\Run: [Windows System Manager] winsystem.exe

O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe

O4 - HKLM\..\RunServices: [Windows System Manager] winsystem.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe

O4 - HKCU\..\Run: [Windows System Manager] winsystem.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Dell Home (HKCU)

O16 - DPF: Win32 Classes -

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/contr...en/nsmp2inf.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?38116.4653125

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: Domain = uc.edu

O17 - HKLM\System\CCS\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: NameServer = 207.217.77.82,129.137.216.13,129.137.233.126

O17 - HKLM\System\CS1\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: Domain = uc.edu

O17 - HKLM\System\CS1\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: NameServer = 207.217.77.82,129.137.216.13,129.137.233.126

O17 - HKLM\System\CS2\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: Domain = uc.edu

O17 - HKLM\System\CS2\Services\Tcpip\..\{10F4C9C8-AB3E-4AC5-9CEB-A4F80DDEB18A}: NameServer = 207.217.77.82,129.137.216.13,129.137.233.126

Share this post


Link to post
Share on other sites

Hey

 

4-counter.com is a CWS variant, please download cwshredder here http://www.spywareinfo.com/~merijn/files/CWShredder.exe save it to your desktop.

 

Open it up, make sure it's version 1.59.1. Uncheck the box about the recycling bin. Then make sure no websites are open and click fix-->. When it's done restart your computer.

 

You have a variant of the Gaobot worm and a mass mailing worm called whitebait. Scan with hijackthis and fix the following:

 

O4 - HKLM\..\Run: [Microsoft Update] winsys32.exe

O4 - HKLM\..\Run: [Windows System Manager] winsystem.exe

O4 - HKLM\..\RunServices: [Microsoft Update] winsys32.exe

O4 - HKLM\..\RunServices: [Windows System Manager] winsystem.exe

O4 - HKCU\..\Run: [Microsoft Update] winsys32.exe

O4 - HKCU\..\Run: [Windows System Manager] winsystem.exe

 

Reboot your computer.

 

Find and delete the following files:

 

winsys32.exe

winsystem.exe

 

Empty your recycling bin.

 

Post a new log please, thanks.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0