• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
mayra23

"Updatenow.org" and porn windows

5 posts in this topic

I have two problems:

1)When I make a connection my IE opens automatically this: http://amateur.gayhost4free.com/levithian/Card-p1.html

 

2)Many times a window (obviouslly a non-microsoft window) opens and asks me to enter "www.updatenow.org" because some of my softwares are affected.

 

I followed the steps of the FAQ from this forum and some other programs like Bazooka, Spywareblaster and Cwshredder, but none of them worked for me.

 

In HijackThis I fixed some weird lines and deleted the *.exe files showed on them, but the last line (O17 - HKLM\System\CCS\Services\Tcpip\..\{C588ACEA-49A9-4BAB-91A1-3AD310486CE7}: NameServer = 200.175.5.133 200.175.89.139) comes back again every time I fix it.

 

The last log shows a new *.exe file: xqtlowg.exe and the problem continues...

 

I have a windows XP Professional, installed a week ago after a complete rebbot on the system due to some virus attack.

 

Thanks, if someone can help :thumbsup: ... this is the HijackThis log:

 

Logfile of HijackThis v1.98.0

Scan saved at 12:06:08, on 13/7/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\MSlti16.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\HijackThis\HijackThis.exe

C:\WINDOWS\System32\Mcafeescn.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\laars.exe

O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti16.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\Run: [Mcaffe Antivirus] Mcafeescn.exe

O4 - HKLM\..\Run: [system Update] C:\WINDOWS\System32\xqtlowg.exe

O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti16.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O4 - HKLM\..\RunServices: [Mcaffe Antivirus] Mcafeescn.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft AUT Update] MSlti16.exe

O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe

O4 - HKCU\..\Run: [Mcaffe Antivirus] Mcafeescn.exe

O4 - HKCU\..\Run: [Yahoo! Acesso Gratis] "C:\Arquivos de programas\Yahoo! Acesso Gratis\autoupdate.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C588ACEA-49A9-4BAB-91A1-3AD310486CE7}: NameServer = 200.175.5.133 200.175.89.139

Share this post


Link to post
Share on other sites

Hi there!

 

Could you go back into HijackThis and restore all of the items you removed? The problem with removing "weird" items is that they may be legit or they may give clues as to what infected your computer.

 

After restoring the items, post a new log.

 

-- LB

Share this post


Link to post
Share on other sites

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0