MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: hijack this log PLEASE HELP
October 22, 2019, 01:19:37 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 22, 2019, 01:19:37 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: hijack this log PLEASE HELP  (Read 1953 times)
Juan
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« on: May 21, 2004, 10:52:29 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: windows 2000
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



Hi I'm new in here

I had problems with riviera.cc and tried to fix it with spybot + adware reading previous posts, but I think the problem is not completely solved. Could somebody please check the below hijack this log and advice if I'm clean or if I need to do something else ?

I.E. when I start my computer it will give an error " BSIE.exe is not a valid WIN32.... "

Many thanks

Logfile of HijackThis v1.97.7
Scan saved at 12:15:03, on 21/05/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Canon\VDC\AuVdc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\internat.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\docume~1\aguilera\datosd~1\webcheck.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\Symantec\WinFax\WFXCTL32.EXE
C:\WINNT\system32\wuauclt.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\ARCHIV~1\MICROS~2\Office\OUTLOOK.EXE
C:\Archivos de programa\Microsoft Office\Office\EXCEL.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\aguilera\Configuraci
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: May 21, 2004, 11:31:04 PM »

Let's try this: riviera.cc is a cool web infection, to ensure it's removal please download the latest version of CWShredder
http://www.spywareinfo.com/~merijn/files/CWShredder.exe

Save it to desktop------With All other windows closed open CW and let it FIX all problems
RESTART your computer

Your AV didn't pick up on some files....
To ensure removal could you also visit Trend Micro's, do an online virus
scan....... Let Housecalls fix ( set to autoclean) everything it can
find.... Whatever it can't fix, enter your task manager---(CTRL-ALT-DEL)
and end the process on what you recognize as infection---find and delete whatever Housecalls can't fix
http://housecall.trendmicro.com/

Post back with a Fresh hijackthis log afterwards

P.S. We'll try and deal with the error message after you are done the above
Logged

 
Juan
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: May 24, 2004, 08:02:35 AM »

Hi Benditup

Many thanks for your reply.

Done CWShredder scan and said computer is clean,

Done the housecall scan and it found and cleaned

- TROJ HAZZER B
- TROJ MUSS A
- MALWARE. something

All that housecall found it was able to delete / fix it. However I went to my task manager and found the following that for me ( being so clueless about viruses ) is suspicious: Internat.exe, webcheck.exe and svchost.exe. Let me know if I should do something with this ones.

This is my new HJT log

 Logfile of HijackThis v1.97.7
Scan saved at 9:52:30, on 24/05/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Canon\VDC\AuVdc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\internat.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\docume~1\aguilera\datosd~1\webcheck.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\Symantec\WinFax\WFXCTL32.EXE
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\ARCHIV~1\MICROS~2\Office\OUTLOOK.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\aguilera\Configuraci
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: May 24, 2004, 08:34:14 PM »

This is important:
Would you please move hijackthis to a Permanent folder or redownload it to a permanent folder (this is where backups will be stored)
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, don't just open the link
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Enter your task manager and end the process on this entry
webcheck.exe

Coud you do another SCAN with hijackthis and put a check next to these entries and then FIX CKECKED after ALL other windows are closed

O4 - HKCU\..\Run: [System Update4] c:\docume~1\aguilera\datosd~1\webcheck.exe

O4 - Global Startup: BSIE.EXE
I'm not sure what BSIE.EXE is, could you do me a favor and search for it and right click on it and select properties.....Can you find
any info on it?
If it looks bad delete it, we'll empty the recycle bin later
The same goes to this entry, if you don't know what it is have hijackthis fix it too, we can restore it later, or delete it also..
Unless you know what it is, then leave it alone
O4 - HKLM\..\Run: [drvdatelend] C:\WINNT\System32\diagrkhexon.exe

RESTART your computer in Safe Mode
link will explain how
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=3#_Section3

Find and delete these files or folders

c:\docume~1\aguilera\datosd~1\webcheck.exe <----the webcheck.exe file

Also delete these if you suspect them to be bad or unknown
BSIE.EXE
C:\WINNT\System32\diagrkhexon.exe <---this file

Restart back in Normal mode and post back with a Fresh Hijackthis log, thanx...
Logged

 
Juan
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: May 25, 2004, 07:36:11 AM »

Hi Benditup

I have proceeded as you recomended

I was able to delete webcheck.exe succesfully.

BSIE.EXE, properties showed no info. HJT was not able to fix it so I deleted the file when in safe mode. Error message at start has dissapeared and it seems it didn't affected anything else.

diagrkhexon.exe, I was not able to find the subject file in my computer ( not in the search mode nor in the system administrator ) and it is not showed on the HJT log anymore.

Here the fresh HJT log

Logfile of HijackThis v1.97.7
Scan saved at 9:19:59, on 25/05/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Canon\VDC\AuVdc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wfxsnt40.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\internat.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Archivos de programa\Symantec\WinFax\WFXCTL32.EXE
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\Documents and Settings\aguilera\Mis documentos\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 24, 2018, 06:08:03 PM