Jump to content


Photo

Malware Hell Over & Over


  • Please log in to reply
4 replies to this topic

#1 pixiewing

pixiewing

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2004 - 06:54 PM

Please help, i have been battling a reoccuring Malware for days, I have loaded CWshredder, HT, AdWare6, Remove.exe and AboutBuster. This thing keeps coming back with another name. I have followed all the directions i can find, tried it in and out of Safe Mode.. I'm ready to get the hammer. PLease help, here is my HT log:

Logfile of HijackThis v1.98.0
Scan saved at 7:50:13 PM, on 7/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sdkkg32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\apitu.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Traci\My Documents\Antisoyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://guavv.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://guavv.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://guavv.dll/index.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - C:\WINDOWS\system32\atlck32.dll
O4 - HKLM\..\Run: [apitu.exe] C:\WINDOWS\apitu.exe

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 19 July 2004 - 07:02 PM

This look like an incomplete log, run hijack this again and post new log please.

#3 pixiewing

pixiewing

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2004 - 07:05 PM

This is all that it offers

Logfile of HijackThis v1.98.0
Scan saved at 8:04:52 PM, on 7/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sdkkg32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\apitu.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Traci\My Documents\Antisoyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://guavv.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://guavv.dll/index.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\guavv.dll/sp.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://guavv.dll/index.html#20635
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C88E18E6-5C3C-F769-DC70-D84B6F21ECCE} - C:\WINDOWS\system32\atlck32.dll
O4 - HKLM\..\Run: [apitu.exe] C:\WINDOWS\apitu.exe

#4 pixiewing

pixiewing

    Member

  • New Member
  • Pip
  • 3 posts

Posted 19 July 2004 - 09:23 PM

:bounce:
I followed the directions in the later part of this string, found a weird file in registry, so i deleted it. it resembled snoopy cussing. caused me to repair windows upon reboot, but its gone!

#5 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 20 July 2004 - 10:42 AM

Sorry I donīt understand.
What is gone? your problem? because your log still shows problems




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button