• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
NowhereMan

Browser takes me to super-spider.com

16 posts in this topic

Hello

 

My home page has been changed to super-spider.com and I can't change it because the option has been blocked. I tried to remove this hijack following the article but none of the options did work.

 

Also I couldn't find the hijack in any list. :scratchhead:

 

Any help will be greatly appreciated.

 

My HijackThis:

 

Logfile of HijackThis v1.97.7

Scan saved at 16:38:20, on 04/06/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Documents and Settings\Miguel\Mis documentos\HijackThis.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://solongas.com/sp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://solongas.com/sp.htm?id=9

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://solongas.com/sp.htm?id=9

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\agki.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\r9u647emcetx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [sCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [WebScan] C:\ARCHIV~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73C086-346A-41B6-A7C1-90578B77F0D7}: NameServer = 200.50.96.90 200.54.144.227

Share this post


Link to post
Share on other sites

Hi!

 

You have been infected by Coolwebsearch and some other things...

 

Please download the latest version of CWShredder from here or here

 

If you are unable to download that file because of the Hijack, please post back. If you are able to get the file follow the instructions below.

 

Run it.

Check for update, if it needs to update please allow it to do so.

 

Click fix/next. Let it fix all if finds.

Reboot

 

Run it again (to be sure it worked)

Click fix/next. Let it fix all if finds.

Reboot

 

Do a virus scan here.

If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.

 

Reboot

 

After that go to windows update and download all critical updates.

 

After installing go back and download some more and repeat that until all updates are done.

 

Reboot

 

Run a new HJT log and post it here as a reply to this topic since there will be more that needs fixing.

Share this post


Link to post
Share on other sites

Thank you very much, but now I have another big problem, something has been blocking my internet conection, all seems to work fine but sometimes the only thing that I can see is the super-spider start page. I supose that's the hijack.

 

I'll try to clean it with the CWShredder but maybe I won't be able to update it, does it works?.

 

I'll keep you inform about it and thanks again.

Edited by NowhereMan

Share this post


Link to post
Share on other sites

I will wait for your next reply then, if you cant update the CWShredder, run it as is.

Share this post


Link to post
Share on other sites

I was able to do everything you said (CWShredder updated, virus scan and windows update) with no problems. The HouseCall found 151 infected files and just 2 of them couldn’t be cleaned or deleted because they were currently in use during the scan:

 

Virus TROJ KREPPER.Q File C:\Documents and Settings\Miguel\Configuracion Local\Temp\2100860.tmp

 

Virus TROJ KREPPER.Q File C:\Documents and Settings\Miguel\Configuracion Local\Temp\194509.tmp

 

This is my new HijackThis:

 

Logfile of HijackThis v1.97.7

Scan saved at 11:40:46, on 10/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\Documents and Settings\Miguel\Mis documentos\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://solongas.com/sp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://solongas.com/sp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://solongas.com/sp.htm?id=9

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://solongas.com/sp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\r9u647emcetx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [sCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [WebScan] C:\ARCHIV~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e52972...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73C086-346A-41B6-A7C1-90578B77F0D7}: NameServer = 200.50.96.90 200.54.144.227

Share this post


Link to post
Share on other sites

Hi again NowhereMan, The CWS infection is still there :(

 

Please try to get rid of that and the Virus problem by doing this. It might not fix your problem but it's worth a try.

 

Check that you have the latest version (1.59.0 or later) of cwshredder from here

 

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, reboot into safe mode by tapping F8 after the BIOS has loaded

 

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example

C:\WINDOWS\Temp\

C:\Temp\

C:\Documents and Settings\username\Local Settings\Temp\

Also delete your Temporary Internet Files, be sure to also select delete all offline content.

 

Run cwshredder.

Click fix/next. Let it fix all if finds.

Reboot to Safe mode again

 

Run it again (to be sure it worked)

Click fix/next. Let it fix all if finds.

Reboot (normal)

 

Do a virus scan (again) here .

If you get report of files that can’t be cleaned / deleted please write down the filenames and locations and post that in your reply.

 

Run a new HJT log and post it here since there will be more that needs fixing.

Share this post


Link to post
Share on other sites

Hi Lappen

 

I did everything you said and I also searched for tmp files, I was able to delete all of them. I searched again and there were no tmp files. I did all in the safe mode.

 

Then I rebooted to normal and I did the virus scan. The HouseCall found 1 infected file and it couldn’t be cleaned or deleted because they were currently in use during the scan:

 

Virus TROJ KREPPER.Q File C:\Documents and Settings\Miguel\Configuracion Local\Temp\250970.tmp

 

This is my new HJT:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:07:39, on 15/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\cidaemon.exe

C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Documents and Settings\Miguel\Mis documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\r9u647emcetx.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE

O4 - HKLM\..\Run: [sCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [WebScan] C:\ARCHIV~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k

O4 - HKLM\..\Run: [z-wrdialer] C:\Archivos de programa\WinPoET Broadband Connection\WrDialer.exe

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73C086-346A-41B6-A7C1-90578B77F0D7}: NameServer = 200.50.96.90 200.54.144.227

Share this post


Link to post
Share on other sites

Hi guys, there is a random bho associated with this one that I want to check out further.

 

Click here, for instructions on how to enable hidden files and folders to be visible. After enabling, find, zip and send this file:

 

C:\WINDOWS\System32\r9u647emcetx.dll

 

to this e-mail address including a link to this thread in the body of the email.

 

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://solongas.com/hp.htm?id=9

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

O2 - BHO: (no name) - {A9A674BF-771F-42E5-A440-D20DDA85A862} - C:\WINDOWS\System32\r9u647emcetx.dll

O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - Trusted Zone: *.greg-search.com

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab

 

Reboot when done, rescan with HJT and post a new log here for a final check over.

Share this post


Link to post
Share on other sites

Hi Daemon

 

I sent you the e-mail with the file and I did what you said. For the first time I didn't see any super spider when I entered to the internet explorer. Thank you so much.

 

Here's the HJT:

 

Logfile of HijackThis v1.97.7

Scan saved at 18:23:17, on 15/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Documents and Settings\Miguel\Mis documentos\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [sCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [z-wrdialer] C:\Archivos de programa\WinPoET Broadband Connection\WrDialer.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab27571.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73C086-346A-41B6-A7C1-90578B77F0D7}: NameServer = 200.50.96.90 200.54.144.227

Share this post


Link to post
Share on other sites

Thanx for stepping in Daemon :thumbsup:

 

NowhereMan, the log looks clean now as far as I can tell.

 

How are your browser and computer behaving? Are you still having that file shoving up in Virus scans?

 

I would wait for Daemon to post back but while waiting please read this page

 

>> How Did I Get Infected In The First Place?

Share this post


Link to post
Share on other sites

My browser is working ok, no more internet shortcuts have been added to my favourites, no more super-spider pages have appeared, my internet options are no longer blocked and I could change my start-page. So far the computer has no problems.

 

Even though a new virus scan (from HouseCall) has found 18 infected files, the same virus (TROJ KREPPER.Q) in the same location (C:\Documents and Settings\Miguel\Configuracion Local\Temp\xxxxxx.tmp), but this time all of them could be deleted. What should I do? :wtf:

 

I would like to change IE and I’ll take any recommendation that could help me to prevent something like this happen again. Should I change my antivirus too?

 

Thank you both of you guys. Thanks for your help and understanding.

Share this post


Link to post
Share on other sites

I got the file - thanks :) Lappen is absolutely right - your log is clean now. Follow the recommendations in the link he provided to help stay clean.

 

See if this helps with the virus scan. Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so. Repeat for all log-in accounts on your computer.

Share this post


Link to post
Share on other sites

Hi Daemon

 

Thanks for the advise, I just have one question, do I have to check all boxes under Items to clear or just the Internet Explorer ones?.

Share this post


Link to post
Share on other sites

I do them all with the exception of cookies as I use something else to manage those.

Share this post


Link to post
Share on other sites

Thanks a lot Daemon, the virus scan did not found any viruses, System Security Suite solved the problem. I'll follow your recommendations.

 

You guys are the best.

Share this post


Link to post
Share on other sites

Glad we could help :D

 

As this problem has been resolved the topic will be closed. If you need this topic reopened, please click here to email the moderating team - be sure to include the address of the thread and the name you posted under.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0