Jump to content


Photo

So many softwares, but nothing


  • Please log in to reply
3 replies to this topic

#1 memart

memart

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 03:19 AM

Dear fellows,

As I am here for the first I am not sure how all this work.
I will start as a dilettante/amateur in all this wars with PC
pests and I want to stay as that one.
Why?
Because nobody can explain me that two spies are more
clever than all next famous SWs:
- Norton Antivirus,
- Ad-Aware,
- Trojan Hunter,
- AVG,
- HijackThis,
- Spyware Detection,
- +various net instructions.
Ive got "Thenewsearch" and "UGO20.exe" inside (I have
a son, too) and after all that (SW before and cleannings
after) stil that www.thenewsearch.com is there

Will you, somebody, comment or explain this?
What is the point of all that payments, downloadings and
somebody work when that pests are nowmaly working?


With best regards,

Markov

#2 Wiskonst

Wiskonst

    Advanced Member

  • Helper
  • PipPipPip
  • 152 posts

Posted 23 June 2004 - 09:55 AM

Memart

This trojan can be removed.

Could you please post the log of a Hijack This scan?

Regards
_______
Wiskonst

#3 Wiskonst

Wiskonst

    Advanced Member

  • Helper
  • PipPipPip
  • 152 posts

Posted 23 June 2004 - 12:01 PM

[HJT log by e-mail]

Memart

First disable System Restore.
If the trojan has settled itself in the System Restore, it cannot be removed by any scanner.

Please go to Task Manager and end these processes:
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\XSIDET.EXE
C:\WINDOWS\SYSTEM\winupd.exe
C:\WINDOWS\SYSTEM\HPFSTSC0.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
Also if you see processes called
REGCPM32.EXE,
windfind.exe, or
msosa.exe, end them.

Also disable Webwasher temporarily.

Then fix from Hijack This:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html <http://207.68.162.25...om/search.html>
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe <-- this is the trojan

Do this by closing all browser windows, placing a checkmark in front of the above items and clicking the Fix-button.

Set Explorer to display hidden files and delete this file:
C:\WINDOWS\SYSTEM\winupd.exe
If the file cannot be deleted because it is in use delete it in Safe Mode (reboot, hit F8 and choose 'Start in Safe Mode').

Reboot and please post a fresh log here.

Regards
_______
Wiskonst

#4 Wiskonst

Wiskonst

    Advanced Member

  • Helper
  • PipPipPip
  • 152 posts

Posted 23 June 2004 - 05:07 PM

Memart

Your log is clean now.

To prevent further problems in the future:

Install a firewall. Kerio Personal Firewall is free.
Apart from virus- and trojan scanners a spyware scanner is also advisable.
A good one is Ad Aware.
Real time protection against hijacking is offered by Spywareguard and Spywareblaster (both free).
_______
Wiskonst




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button