Jump to content


Photo

Nothing works


  • Please log in to reply
7 replies to this topic

#1 williamclark

williamclark

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 19 June 2004 - 09:17 PM

I'm getting redirected to an outhost.info site. I've gone to the hijack this website, but whenever I try to download it, or cwshredder, the download and internet explorer window (or windows if i have others open) shut off with no error message, just cut out. If I try to download the zipped version, it stops at 99% and said it couldn't find the file to copy, or something to that effect. I tried downloading from the other site it gave to download on the site (the one with the IP address in front), but the same thing happened. I also downloaded the smartkill removal tool it mentioned on the site, but when I ran it it said my computer wasn't infected with smartkill, so I guess that wasnt the reason. When I came to this site and tried to open the link to the post "hijacked people...start cleaning" or something close to that name, the explorer window cut off without any warning or error message. All adaware can catch (I've got all the latest updates) is four files that say "possible browser hijack", which every time I delete them just return. I then tried to have a friend send me cwshredder, but I couldn't even extract it. Then, after searching google, I came to a post on here about outhost (how I originally found this site), which gave a link to "The Cleaner" which I downloaded and installed, but when I try to run it it cuts off after about 19% without warning or error message. Also, I don't know if this is related, but when I try to open folder I've made recently to hold images I've cut up and processed in Photoshop, they'll load the icon images of about half of them, and then the folder will cut off and my taskbar will go blank then reload everything in it. Sorry this post has been so long, like a freaking world war two novel, but this is everything i've tried so far i think. It's been really frustrating, and any help you could give would be great. The last virus I had on my old computer wiped out all my music and graphic design projects, I had to start over from scratch, so I've been trying to be careful this time. Ah well. Thanks.

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 22 June 2004 - 09:02 AM

First thing to try ... Click on "Start" => "Run" and type in cmd and press "OK". This will bring up a command prompt window.

Assuming your windows is installed in c:\windows, type in:
ren c:\windows\system32\drivers\etc\hosts c:\windows\system32\drivers\etc\hosts.old

Let me know if you can now connect.

#3 williamclark

williamclark

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 June 2004 - 04:57 PM

i followed your steps, though i had to remove the file path from the second string, but i suppose it worked because there was no error message when i hit enter. however i'm not sure what you meant by connect. i can still connect to the internet and go to some pages, it's just most get redirected and some when i try to go into them, like certain posts on this forum, get shut off. i also tried downloading hijack this again but it didnt work. thanks.

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 22 June 2004 - 05:47 PM

What OS are you running, what service packs are installed, where is Windows installed i.e. c:\winnt or c:\windows etc. What brwoser version etc are you running?

#5 williamclark

williamclark

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 22 June 2004 - 06:40 PM

I'm running windows xp home edition, windows is installed in C:\windows, i'm using internet explorer v6.0.2800.1106. i'm not sure what service packs are. thanks again for your help.

#6 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 22 June 2004 - 09:38 PM

Can you check Symantecs Qhosts removal to see if that is what is ailing your system.

#7 Hammer

Hammer

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 02:00 AM

I just finished fixing my hijacked home page
that was going to***.outhost

I also had the same problem could not download
cwshredder or hijackthis

The way around this is to download an FTP program (cute ftp pro )
and paste the direct download link into the address bar
of the ftp program . This will allow you to download both
programs.

However i have discovered that not only does this hijacker prevent
you from d-loading removal tools within IE enviroment
If you do manage to get it downloaded and unzipped
the folder appears to be empty.. IT IS NOT EMPTY
so when you d-load make sure you d-load to a simple and easy to
find location like Example ( c:\hijt )

Then in safe mode go to start then click run

Then for the above example you would type

( c:\hijt\hijackthis.exe )

Some registry entries
I found along with this hijack

svhost.exe
system.exe

** This will stop the hijack of your home page
but if you still try to d-load removal tools
you will find you can't
everything else should work as normal
providing you remove the nasty registry
entries...

#8 williamclark

williamclark

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 09 July 2004 - 09:08 PM

Sorry it took so long to reply to this but I got called away on business. PGPhantom, I downloaded that and it couldn't find anything related on my computer. Hammer, that worked perfectly thank you. CWShredder found a few things but the problem still persists, so here is my hijack this log.


Logfile of HijackThis v1.97.7
Scan saved at 1:13:46 PM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.lib.pdx.edu:3128
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50167
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2\bin\jusched.exe
O4 - HKLM\..\Run: [VOjgFnaCi] C:\windows\temp\VOjgFnaCi.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [msdns] C:\WINDOWS\Downloaded Program Files\nnyhvdop.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [twain_32] C:\WINDOWS\twain_32.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O15 - Trusted Zone: *.greg-search.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E2D6979-AF6D-4B55-853B-9E519DB9964D}: NameServer = 207.69.188.187 207.69.188.186
O19 - User stylesheet: C:\WINDOWS\system32\ysyebf.ut2



Thanks again for all your help, and sorry again that my reply's been so belated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button