Jump to content


Photo

hijackthis hijacked?


  • Please log in to reply
6 replies to this topic

#1 lauraocal

lauraocal

    Lauraocal

  • Full Member
  • Pip
  • 16 posts

Posted 26 August 2007 - 11:34 AM

I have HijackThis.exe, and I ran a scan, I had some 010 entries with the following:c:\windows\system32\napinsp.dll & another with c:\windows\system32\nlaapi.
I ticked both boxes to be fixed and clicked on fix.
I then got a message box saying: "HijackThis cannot repair O10 Winsock LSP entries.

You should use LSPFix for that, which is available from http://www.cexx.org/lspfix.htm.



If the O10 item belongs to WebHancer, New.Net or CommonName, Spybot S&D can remove it automatically. Spybot S&D is available from http://www.spybot.info/.
---------------------------
OK
---------------------------

I went to the website and installed a program called xclean. I ran another scan with Hijackthis and had a 016 entry saying; DPF:{556DDE35-E955-11D0-A707-000000521957}HTTP://WWW.XBLOCK.COM/DOWNLOAD/XCLEAN_MICRO.EXE

Can anyone shed any light?
Laura

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 August 2007 - 11:42 AM

Why did you run XClean, instead of LSPFix or Spybot S&D? Nothing wrong with HijackThis.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 lauraocal

lauraocal

    Lauraocal

  • Full Member
  • Pip
  • 16 posts

Posted 26 August 2007 - 11:48 AM

was the message box and its contents ok then?
the lspfix was xclean! That is where it the link took me.
Laura

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 August 2007 - 11:57 AM

When I click on the link you put in your post, http://www.cexx.org/lspfix.htm, it takes me to LSP-Fix. So HijackThis gave you the correct link. Something evidently happened on your PC on the way to that site.

My first guess would be an entry in your hosts file.

Try the link again, and if you get the same strange result, read the FAQ and post a topic in the Malware Removal foum.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 lauraocal

lauraocal

    Lauraocal

  • Full Member
  • Pip
  • 16 posts

Posted 26 August 2007 - 12:21 PM

I just followed the link again and it is a completely different site.
Sorry.
Laura

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 August 2007 - 12:25 PM

I'm glad all is well. It still would be a good idea to post a topic in Malware Removal. People can give you detailed instructions about what to do with LSPFix once they see your HijackThis log.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 27 August 2007 - 04:09 AM

I have HijackThis.exe, and I ran a scan, I had some 010 entries with the following:c:\windows\system32\napinsp.dll & another with c:\windows\system32\nlaapi.
I ticked both boxes to be fixed and clicked on fix.

Nothing wrong with both entries... so not sure why you wanted to fix them.
Both are related with your Vista:
http://www.castlecops.com/lsp-234.html
http://www.castlecops.com/lsp-233.html

HijackThis does prevent O10 entries being fixed, since fixing them may break your Internet connection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button