Jump to content


Photo

Need Good Advice


  • This topic is locked This topic is locked
15 replies to this topic

#1 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 28 July 2004 - 09:19 PM

Hi,

I have been plagued by a recurring browser, search, and popup hijacker... Probably the dreadful about:blank hijack... I am a member of three different posting sites like this, and I can't get rid of it, and I am not familiar with tweaking a computer... I was wondering if anyone else had this problem and if they would recomment replacing the hard drive and reinstalling the software. I also need to know if Opera or Mozzila will keep hijackers and spyware off your pc, and if not, are there any software programs that will?? Help and suggestions would be appreciated...


Thanks,
Chris

#2 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 28 July 2004 - 11:14 PM

Please follow these steps in order to clean your computer of Malware which can include Viruses, Trojans, Worms, Spyware, Hijackers and Dialers.

Step 1:
Download Spybot and Adaware from the following locations and install them. You should run both programs and clean up what it finds. This is to gaurantee that you find the most malware you can installed on your computer.

Before running the scans on both programs, it is mandatory that you update the programs. There are update options in each program when you run them.

Spybot

Ad-aware

If you would like to learn more about how to use these two programs with the proper settings you can read the tutorials below:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer.

Using Spybot - Search & Destroy to remove Spyware, Malware, & Hijackers from Your Computer.


When you scan with both programs, fix everything that it finds.

When you are done with the scan and fixing the items. Please continue with the next step.

Step 2:

It is important that you run Spybot and Adaware before you proceed with this step. Fixing enties with Hijackthis may leave behind unwanted files on your computer if the previous step was not done first.

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site #1

or

HijackThis Download Site #2

Save this file into the directory you made previously and then run the program. Click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here, and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial on using HijackThis you can click on the link below:

Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers
<b>Lawrence</b>

#3 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 29 July 2004 - 03:38 AM

Thanks Grinler but I have already tried all those steps countless times... They don't get rid of this one... Most of the people here and elsewhere have advised those exact same steps and many more... They haven't worked either. I just want to know if replacing the hard drive is advisable... Responses from people who have replaced the hard drive would be appreciated....Thank you...

#4 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 10:51 AM

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site #1

or

HijackThis Download Site #2


Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware
<b>Lawrence</b>

#5 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 29 July 2004 - 05:48 PM

HijackThis doesn't fix this version of the hijacker... Has anyone ever replaced the hard drive and is it a good solution?

#6 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 06:15 PM

Your right hijackthis does not fix any type of spyware actually. If you want us to help you clean it up without have to reinstall, then follow the instructions below.

If on the other hand you would like to reformat your hard drive, not replace it, and start afresh then that will definitely get rid of the malware.

Its your choice, but if I was you, I would take the first option.
<b>Lawrence</b>

#7 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 29 July 2004 - 07:06 PM

You mean HijackThis is making false claims? I was lead to believe that it was getting rid of the hijackers... I would rather not replace the hard drive, but I do want rid of these parasites.... If you can help me clean up my computer, I would certainly love that. That is what I thought I would find here.

#8 Soddy

Soddy

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 29 July 2004 - 07:11 PM

Chris, I am not an expert on Hijack This, but it is NOT making false claims. it helps the experts to clean your computer. It tells them what exactly is on your computer.

Replacing your hard drive to me, atleast, is a last resort. You only would want to do that if its totally fried.

Reformatting the hard drive deletes everything on your computer and it starts fresh as if you just got a new computer.

Right now your best bet is to follow what grinler is telling you to do. Just follow his direction, and if it doesen't work out, then reformat your drive. Although before you reformat, you may want to save all important files on a floppydisk.

#9 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 29 July 2004 - 07:23 PM

I do appreciate that advice, I really do... However, I have already tried all of those solutions. I already have AdAware, Spybot, HijackThis, CWShredder, About:Buster, FINDnFIX, APM, IE-Spyad and several others. I've been posting here for a week... People will come along and post solutions, and I will follow them and then a new person will come and post and I will follow them. Meanwhile, every time I reboot, this thing remains and mutates. I also have other spyware that I haven't even mentioned, such as Gator. None of the solutions have helped. I think it is time to seriously consider starting over, either by erasing the hard drive, or buying a new one.

#10 Soddy

Soddy

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 29 July 2004 - 07:26 PM

If you have tried everything you could, I reccomend you talk to your Computer Manufacturer techinical support, and if they can't do anything I would reformat your drive.

#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 29 July 2004 - 07:27 PM

You need to post a HijackThis log - we'll tell you what and how to fix.
Please do this.
Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 29 July 2004 - 07:38 PM

Noone can convince you to do something that you do not want to do, but I am fairly confident I can help you out here. Why not give it a try and see what happens. What do you have to lose. You always have the reformatting of your hard drive to fall back to.


As I said its up to you.
<b>Lawrence</b>

#13 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 29 July 2004 - 07:54 PM

OK--here is another HijackThis log:

Logfile of HijackThis v1.98.0
Scan saved at 8:52:34 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ieon32.exe
C:\Documents and Settings\Shaun Blankenship\Spybot - Search & Destroy\TeaTimer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\addyp32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ubmbg.dll/sp.html#26512
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ubmbg.dll/index.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ubmbg.dll/index.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ubmbg.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ubmbg.dll/sp.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ubmbg.dll/index.html#26512
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {26EB855E-8020-394A-64FD-DB123824DB35} - C:\WINDOWS\javapn.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Documents and Settings\Shaun Blankenship\Spybot - Search & Destroy\TeaTimer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2749E0A5-2ADD-4C0E-ACE4-35E22A9BF0F1}: NameServer = 12.150.146.200 12.150.144.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2749E0A5-2ADD-4C0E-ACE4-35E22A9BF0F1}: NameServer = 12.150.146.200 12.150.144.1

#14 grinler

grinler

    Bleeper

  • Expert
  • PipPipPipPipPip
  • 530 posts

Posted 30 July 2004 - 10:44 AM

Chris,

You are in luck. This can and will be removed.

First I need to get some info from you.

The first thing I need you to do is download the file from here:

Getservice.zip

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.
<b>Lawrence</b>

#15 ChrisB

ChrisB

    Member

  • Full Member
  • Pip
  • 72 posts

Posted 03 August 2004 - 09:35 AM

Grinler-Thanks for helping... I got into a really bad situation here and had to erase the hard drive anyway. The problems are all gone... Thanks.

#16 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 03 August 2004 - 11:14 AM

Sorry you had to do that - stay clean. :)

For future protection, download and install:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
https://netfiles.uiu...ww/resource.htm
Both are very small free programs that you run once, and then just occasionally to check for updates.

Also see
So how did I get infected in the first place?

And the best popup stopper I've used is the Google toolbar 2. http://toolbar.google.com/

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button