Jump to content


Browser Hijacked...Need Help

  • Please log in to reply
2 replies to this topic

#1 WelfareHigh



  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 09:37 PM

Okay, this has got me really, really pissed off. About 3 weeks ago my browser's homepage (I use the newest version of Internet explorer) was changed to some stupid search thing. It turns out it was CoolWebSearch. Now I've spent the last 2 hours trying to remove it. I've gone through CWShredder, it's found nothing, but Ad-aware tells me it's there. AboutBuster hasn't work. A friend who is very knowledgeable in this spent these 2 hours working with me. He said you guys could help me because you trained him. He said to post a log of HiJackThis so here you go.
Logfile of HijackThis v1.97.7
Scan saved at 11:35:31 PM, on 20/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kylie\Local Settings\Temporary Internet Files\Content.IE5\0SHCJ2U4\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dykgq.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dykgq.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dykgq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dykgq.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dykgq.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dykgq.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D626295-5E91-2B59-7E71-D5BE067A9719} - C:\WINDOWS\system32\atljx32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe

Any help would be amazing because this stuff isn't cool.

#2 WelfareHigh



  • New Member
  • Pip
  • 2 posts

Posted 22 July 2004 - 04:47 PM

Bump, I'd really like some help please!

#3 Fireflyer


    Spyware Scorcher

  • Retired Staff
  • PipPipPipPipPip
  • 571 posts

Posted 24 July 2004 - 06:08 PM

I'll be glad to help you, but the log you posted is incomplete. There's bound to be quite a bit more after that single O4 line.

Before you post a new log, you need to relocate HijackThis to a permanent folder. Use Windows Explorer to make a folder on your C: drive - like C:\HJT - and move HJT into it.

Also, you should update your HijackThis to the newest version (currently v1.98.0) by clicking the Config... button - then click the Misc Tools button - finally, click Check for update online.

If for some reason the update website is unavailable, just download a new copy from an alternate site like http://www.downloads.../hijackthis.zip and unzip it into the folder replacing the old one.

Also, make sure you have the latest version of About:Buster and be sure you have Ad-aware updated as well. See Using Ad-aware to remove Spyware for info on how to set up Ad-aware for a Full Scan so it will be most effective.

Next, make sure you have Windows Explorer configured to Show Hidden Files/Folders:

Open the Windows Explorer Folder Options - View [tab]:
Scroll down to the Files and Folders section.
Select: Display the contents of system folders.
Scroll down to the Hidden Files and Folders section.
Select: Show hidden files and folders, Ok the prompt
Uncheck: Hide file extensions for known file types
Uncheck: Hide protected operating system files
Ok the Prompt, click Apply
Click the Apply to all Folders button.

After taking care of those preparations, post the new log, and we'll knock this infection out.
How did I get infected in the first place?
Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan
Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix
Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall
Help support this site! Click here to learn how.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button