• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
memart

So many softwares, but nothing

4 posts in this topic

Dear fellows,

 

As I am here for the first I am not sure how all this work.

I will start as a dilettante/amateur in all this wars with PC

pests and I want to stay as that one.

Why?

Because nobody can explain me that two spies are more

clever than all next famous SWs:

- Norton Antivirus,

- Ad-Aware,

- Trojan Hunter,

- AVG,

- HijackThis,

- Spyware Detection,

- +various net instructions.

I´ve got "Thenewsearch" and "UGO20.exe" inside (I have

a son, too) and after all that (SW before and cleannings

after) stil that www.thenewsearch.com is there

 

Will you, somebody, comment or explain this?

What is the point of all that payments, downloadings and

somebody work when that pests are nowmaly working?

 

With best regards,

 

Markov

Share this post


Link to post
Share on other sites

Memart

 

This trojan can be removed.

 

Could you please post the log of a Hijack This scan?

 

Regards

_______

Wiskonst

Share this post


Link to post
Share on other sites

[HJT log by e-mail]

 

Memart

 

First disable System Restore.

If the trojan has settled itself in the System Restore, it cannot be removed by any scanner.

 

Please go to Task Manager and end these processes:

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\XSIDET.EXE

C:\WINDOWS\SYSTEM\winupd.exe

C:\WINDOWS\SYSTEM\HPFSTSC0.EXE

C:\WINDOWS\SYSTEM\HPZSTATX.EXE

Also if you see processes called

REGCPM32.EXE,

windfind.exe, or

msosa.exe, end them.

 

Also disable Webwasher temporarily.

 

Then fix from Hijack This:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html <http://207.68.162.250:80/cgi-bin/linkrd?_lang=NL&lah=72171c5a3797ec0fd5cf8784ebbd0708&lat=1088003689&hm___action=http%3a%2f%2fthenewsearch%2ecom%2fsearch%2ehtml>

O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe <-- this is the trojan

 

Do this by closing all browser windows, placing a checkmark in front of the above items and clicking the Fix-button.

 

Set Explorer to display hidden files and delete this file:

C:\WINDOWS\SYSTEM\winupd.exe

If the file cannot be deleted because it is in use delete it in Safe Mode (reboot, hit F8 and choose 'Start in Safe Mode').

 

Reboot and please post a fresh log here.

 

Regards

_______

Wiskonst

Share this post


Link to post
Share on other sites

Memart

 

Your log is clean now.

 

To prevent further problems in the future:

 

Install a firewall. Kerio Personal Firewall is free.

Apart from virus- and trojan scanners a spyware scanner is also advisable.

A good one is Ad Aware.

Real time protection against hijacking is offered by Spywareguard and Spywareblaster (both free).

_______

Wiskonst

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0