Jump to content


Photo

Greatsearch.biz Hijack


  • Please log in to reply
3 replies to this topic

#1 Batman

Batman

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 June 2004 - 01:33 AM

I've run Spybot, Adaware, read the FAQ's but still can't get rid of this damned nuisance. Here is the HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 4:33:00 PM, on 6/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://greatsearch.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://greatsearch.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://greatsearch.biz/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

A thousand thank yous in anticipation.

#2 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 11 June 2004 - 03:43 AM

Download CWShredder from http://www.spywarein.../CWShredder.exe run it, reboot and post a new HJT log.

#3 Batman

Batman

    Member

  • New Member
  • Pip
  • 2 posts

Posted 11 June 2004 - 06:21 PM

I've run CWS and it has fixed it. I swear I had alredy done that but it seems the version I ran was slightly older than the current Here is the log anyway and again thank you very much.

Logfile of HijackThis v1.97.7
Scan saved at 9:18:38 AM, on 6/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe

Thanks again

#4 expertec

expertec

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 690 posts

Posted 12 June 2004 - 03:21 AM

Clean log, but it doesn't look like you're running any AV. You can get a good free one, AVG from http://www.grisoft.com/

I'd also recommend you get Ad-Aware and Spybot keep them up to date and scan regularly. Download Spywareblaster as well, update it and enable all protection. It should stop almost any spyware from installing.

Also I'd recommend you get yourself a good firewall, I use Sygate personal firewall which is free from http://soho.sygate.c...ownload_buy.htm

Edited by expertec, 13 June 2004 - 03:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button