Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Spyware] HJTLOG Desktop Hijack
 
Search Topic:
  Share Topic:
RSS topic:
 
Posting
toggle:
flat / full
normal / watch
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
« [Vundo] Vundo removal  
AuthorAll Replies


bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs:
·Verizon Online DSL

reply to gStYLez
Re: [Spyware] HJTLOG Desktop Hijack

First Steps
:!: The following instructions are only for this Forum member. Please do not use these instructions on another computer system. You can seriously damage your system by following the instructions below without guided assistance. You assuredly will make a cleanup of your system more difficult.

DISABLE Spyware Doctor:
It is a good program, but ... it may hinder the removal of some HijackThis entries. You can re-enable it after you're clean.
From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

Please download ATF Cleaner
It does not require any installation.. It is set up to clean Windows TEMP folders, as well as IE, FireFox and Opera, Temporary Internet Files and Cookies.
• Double-click ATF-Cleaner.exe to run the program.

First Step:
• Under Main choose: Select All
• Click the Empty Selected button.
Next, if you use Firefox (and some Mozilla-based browsers)
• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
Next, if you use the Opera browser
• Click Opera at the top and choose: Select All
• Click the Empty Selected button. :!: Click Exit on the Main menu to close the program.

Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
• Close all programs so that you are at your desktop.
• Double-click on the My Computer icon.
• Select the Tools menu and click Folder Options.
• After the new window appears select the View tab.
• Put a checkmark in the checkbox labeled Display the contents of system folders.
• Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
• Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
• Remove the checkmark from the checkbox labeled Hide protected operating system files.
• Press the Apply button and then the OK button and exit My Computer.
• Now your computer is configured to show all hidden files.

Malware Removal Steps
1. Open HijackThis again, System scan only. Checkmark these items:

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (file missing)
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (file missing)
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (file missing)
O4 - HKCU\..\Run: [nyahpuca] C:\WINDOWS\system32\xuhwnklw.exe
O4 - HKLM\..\Policies\Explorer\Run: [AIlmq0YdBO] C:\Documents and Settings\All Users\Application Data\pqnynihe\tivyjwzs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll

Click "Fix checked" and when the log panel clears exit HijackThis.

2. Download -- but do not yet run -- ComboFix©

Download this file -- to your Desktop -- [/b]from any of these sources:

Right-click on the header of the Code box below, where on the right side it says: "Copy to clipboard":

Open a new Notepad session - (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

• Disconnect from the Internet.
• Disable your Antivirus. If the Antivirus software you use has any Script Blocking features, be certain to disable these as well.
Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• A window will open with a warning. Accept any Disclaimers to start the fix.
Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown in this little picture:


When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
!• A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

3. Please download MalwareBytes Anti-malware (MBAM) from one of the following links:

Once downloaded, close all programs and Windows on your computer (including this one.)

Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.

When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.

MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program.

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.

When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later.

4. Run HijackThis again, and save the log file.

Submit to the Forum:
• The contents of C:\Combofix.txt;
• The MBAM log results;
• The new HijackThis log.

--
============
MS-MVP 2004 - -2008, ASAP Member
Users Helping Users

to forum · permalink · · 2008-05-07 19:44:02 · Reply to this
Forums » Up and Running » Security » Security Cleanup« [Vundo] Vundo removal  

Most commented news this week
· [172] East Coast Verizon Workers Authorize Strike
· [165] Is AT&T Hinting At Usage-Based Pricing This Fall?
· [148] Time Warner Cable Using Fine Print To Foist Caps On Customers
· [125] Is Broadband A Civil Right?
· [111] The Great Landline Exodus Continues
· [97] Update Your Browser, Dummy
· [82] What's Your Favorite Newsgroup Provider?
· [73] Google's Cerf: Baby Bells Act Like Tots Having Tantrums
· [71] NY AG Will Sue Comcast If They Don't Pretend To Fight Child Porn
· [69] Comcast Hit With Another Throttling Lawsuit
Friday, 25-Jul
19:14:15 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.
page compression OFF