• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Juiceloose

Desktop Hijack - Please help

4 posts in this topic

Hi,

 

Have had CWS previously and with help of these forums have successfully removed it. Have now got a version I have never seen before.

 

It redirects my explorer page to various porn sites and has taken over my desktop with a black screen and the following words on it:

 

 

"ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

 

Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!"

 

I have run cwshredder and it detected a version of CWS that was attempting to close down shredder. Shredder bypassed the attempt to close it and after running it it rest 6 explorer pages and advised me to reboot and run shredder again.

 

I did as intructed and on running sherdder again it rest a furhter five explore values.

 

This appears to have worked and my explorer page is back to about blank every time I open it.

 

I cannot however get rid of the black page and warning (see wording above) from my desktop screen.

 

I have attached a copy of my log file which from my very limited knowledge looks ok.

 

Any advice on how to get rid of the warning screen from my desktop would be very much appreciated.

 

Thank you in advance.

 

Juice.

 

Logfile of HijackThis v1.97.7

Scan saved at 11:01:52, on 16/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\PROGRA~1\NORTON~2\navapw32.exe

C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\ShareDLL\Mediadet.exe

C:\Program Files\Paltalk\pnetaware.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Steve\My Documents\My Installers\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe

O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Money Viewer (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: GetWebPics (HKCU)

O9 - Extra 'Tools' menuitem: Download pictires with GetWebPics (HKCU)

O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...38112.622337963

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

Share this post


Link to post
Share on other sites

Hi folks,

 

Have been playing around for most of day now trying to recover my desktop from the black screen with the warning words from my post above.

 

Unfortunately it has me beat !!!!

 

Does anybody out there have any ideas how I can get rid of this damn thing.

 

Many thanks,

 

Juice.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0