MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: hijacked browser/pop ups...please help
October 20, 2019, 07:00:37 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
October 20, 2019, 07:00:37 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: hijacked browser/pop ups...please help  (Read 3920 times)
cheetrowe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« on: July 22, 2004, 03:29:47 AM »

My browser has been hijacked and I am getting pop ups as well. I visited various tech sites and followed their instructions (ran latest version of spybot & Hijack This, fixed reccomended files). However The problem has continued (reinstalled itself?). If anyone could be of help as to how to permanently get rid of the browser hijack/pop up problem that would be greatly appreciated. Here is my Hijack This log...

Logfile of HijackThis v1.97.7
Scan saved at 10:51:48 PM, on 7/21/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSQF32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\WEB STUFF\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jnpof.dll/sp.html#10213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jnpof.dll/index.html#10213
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jnpof.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jnpof.dll/sp.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jnpof.dll/index.html#10213
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jnpof.dll/sp.html#10213
O2 - BHO: (no name) - {E565738F-00B5-BD54-344E-CE29CDEF3F6F} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {AFF492DC-92FE-A8BE-9DAA-4064CB7626F7} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {401DD4FB-9DB2-E059-2FBB-F86B9CF00285} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {1A9B5A19-B6C9-41A0-B7BB-109087277B94} - C:\WINDOWS\IPFA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SYSQF32.EXE] C:\WINDOWS\SYSQF32.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com...ex/HMAtchmt.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8004.4561574074
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = resnet.rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.6.216.19,128.6.224.114

Thanks for any time and assistance you can give!
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: July 22, 2004, 04:05:15 AM »

You may want to print this out. Let's see how it goes
Ensure that spybot is up to date (Search for updates)

Download the tool about:Buster created by Rubber Ducky. http://www.downloads.subratam.org/AboutBuster.zip

Unzip it to the desktop, DON'T run it yet

Disconnect from the NET completely

Restart your computer in safe mode

Do another Scan with Hijackthis and put a check next to these entries and then FIX CHECKED when ALL other windows are closed

O2 - BHO: (no name) - {E565738F-00B5-BD54-344E-CE29CDEF3F6F} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {AFF492DC-92FE-A8BE-9DAA-4064CB7626F7} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {401DD4FB-9DB2-E059-2FBB-F86B9CF00285} - C:\WINDOWS\IPFA.DLL
O2 - BHO: (no name) - {1A9B5A19-B6C9-41A0-B7BB-109087277B94} - C:\WINDOWS\IPFA.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SYSQF32.EXE] C:\WINDOWS\SYSQF32.EXE

Close hijackthis after Fix Checked

Double click aboutbuster, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.
Save the log

Run aboutbuster again--save log

Navigate to your temp folder and delete the whole contents
C:\Windows\Temp <---delete entire contents

RESTART back in Normal Mode---Stay offline
Run another Scan with spybot and Fix everything in RED
RESTART your computer again

Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back with a fresh hijackthis log and about:buster logs
Logged

 
cheetrowe
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: July 22, 2004, 06:52:07 AM »

Thanks for the advice.  I followed all of your instructions, although I accidentally deleted the R0's & R1's from the Hijack This log before I ran the AboutBuster program.  Hopefully that won't cause it to come back, although if it does I'll do it correctly next time.  Here are the fresh logs...

New Hijack This Log
Logfile of HijackThis v1.97.7
Scan saved at 2:30:02 AM, on 7/22/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_SICN03.EXE
C:\WINDOWS\DESKTOP\WEB STUFF\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38004.4561574074
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = resnet.rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = rutgers.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.6.216.19,128.6.224.114


AboutBuster Logs...(I stopped Scan 2 so it went to Scan 3 automatically the next time.  Also, I know you only said to scan twice, but it seemed to be getting a couple more files each time, so I scanned until they were all removed successfully).  

-- Scan 1 --------
About:Buster Version 1.31
Error Removing! : C:\WINDOWS\mghnqk.dat
Removed! : C:\WINDOWS\scanregw.exe
Error Removing! : C:\WINDOWS\p_981116.exe
Removed! : C:\WINDOWS\gcfeou.dat
Removed! : C:\WINDOWS\iebm.exe
Removed! : C:\WINDOWS\netev32.exe
Removed! : C:\WINDOWS\sysqf32.exe
Removed! : C:\WINDOWS\n_fpfhps.dat
Removed! : C:\WINDOWS\taskmon.exe.$$$
Removed! : C:\WINDOWS\ojajd.dat
Removed! : C:\WINDOWS\msek.exe
Removed! : C:\WINDOWS\apirs.exe
Removed! : C:\WINDOWS\sdkmm.exe
Error Removing! : C:\WINDOWS\n_emmldl.dat
Removed! : C:\WINDOWS\ieau.exe
Removed! : C:\WINDOWS\ntzc.exe
Removed! : C:\WINDOWS\ipfa.exe
Removed! : C:\WINDOWS\winkw32.exe
Removed! : C:\WINDOWS\ntjq32.exe
Removed! : C:\WINDOWS\atlgz32.exe
Removed! : C:\WINDOWS\ietc32.exe
Removed! : C:\WINDOWS\iepj.exe
Removed! : C:\WINDOWS\mfcsv32.exe
Removed! : C:\WINDOWS\apioq.exe
Removed! : C:\WINDOWS\sdkia32.exe
Removed! : C:\WINDOWS\d3zy32.exe
Removed! : C:\WINDOWS\ipio32.exe
Removed! : C:\WINDOWS\addxo.exe
Removed! : C:\WINDOWS\sdkch.exe
Removed! : C:\WINDOWS\mseh.exe
Error Removing! : C:\WINDOWS\n_leuljt.dat
Removed! : C:\WINDOWS\javanv.exe
Removed! : C:\WINDOWS\mfcss.exe
Removed! : C:\WINDOWS\iemp.exe
Removed! : C:\WINDOWS\nettq.exe
Removed! : C:\WINDOWS\apibl32.exe
Removed! : C:\WINDOWS\apptl32.exe
Removed! : C:\WINDOWS\ntgm32.exe
Removed! : C:\WINDOWS\winqm32.exe
Removed! : C:\WINDOWS\ipid.exe
Removed! : C:\WINDOWS\sdkcu.exe
Removed! : C:\WINDOWS\atlyp.exe
Removed! : C:\WINDOWS\ntjm32.exe
Removed! : C:\WINDOWS\appmr.exe
Removed! : C:\WINDOWS\sysrh32.exe
Removed! : C:\WINDOWS\atlij.exe
Removed! : C:\WINDOWS\ipzz32.exe
Removed! : C:\WINDOWS\ntiy.exe
Removed! : C:\WINDOWS\netdz.exe
Removed! : C:\WINDOWS\netov32.exe
Removed! : C:\WINDOWS\atlzz32.exe
Removed! : C:\WINDOWS\javawp.exe
Removed! : C:\WINDOWS\atlhc.exe
Removed! : C:\WINDOWS\addtk.exe
Removed! : C:\WINDOWS\ieel32.exe
Removed! : C:\WINDOWS\wingy32.exe
Removed! : C:\WINDOWS\sysni32.exe
Removed! : C:\WINDOWS\ntax32.exe
Removed! : C:\WINDOWS\msij32.exe
Removed! : C:\WINDOWS\mfcfl32.exe
Removed! : C:\WINDOWS\atlen.exe
Removed! : C:\WINDOWS\addmh32.exe
Removed! : C:\WINDOWS\winui32.exe
Removed! : C:\WINDOWS\ievi32.exe
Removed! : C:\WINDOWS\sdklz.exe
Removed! : C:\WINDOWS\crif.exe
Removed! : C:\WINDOWS\sdkdh.exe
Removed! : C:\WINDOWS\javazj32.exe
Removed! : C:\WINDOWS\iepr.exe
Removed! : C:\WINDOWS\syshy.exe
Removed! : C:\WINDOWS\apprg32.exe
Removed! : C:\WINDOWS\apipn32.exe
Removed! : C:\WINDOWS\iemg.exe
Removed! : C:\WINDOWS\netyj.exe
Removed! : C:\WINDOWS\beoqi.dat
Removed! : C:\WINDOWS\cxust.dat
Removed! : C:\WINDOWS\wtsjq.dat
Removed! : C:\WINDOWS\crab32.exe
Removed! : C:\WINDOWS\atlej.exe
Removed! : C:\WINDOWS\msmh32.exe
Removed! : C:\WINDOWS\winwe.exe
Removed! : C:\WINDOWS\javabs32.exe
Removed! : C:\WINDOWS\iptt.exe
Removed! : C:\WINDOWS\ipzi32.exe
Removed! : C:\WINDOWS\appfu.exe
Removed! : C:\WINDOWS\atlhz32.exe
Removed! : C:\WINDOWS\atllm.exe
Removed! : C:\WINDOWS\ipdd.exe
Removed! : C:\WINDOWS\iedi32.exe
Removed! : C:\WINDOWS\winxa32.exe
Removed! : C:\WINDOWS\appoj.exe
Removed! : C:\WINDOWS\ntls32.exe
Removed! : C:\WINDOWS\netgm32.exe
Removed! : C:\WINDOWS\javaje.exe
Removed! : C:\WINDOWS\apphi32.exe
Removed! : C:\WINDOWS\mswm.exe
Removed! : C:\WINDOWS\apprc32.exe
Removed! : C:\WINDOWS\d3js.exe
Removed! : C:\WINDOWS\winnu.exe
Removed! : C:\WINDOWS\crqp.exe
Removed! : C:\WINDOWS\atlgf32.exe
Removed! : C:\WINDOWS\sysqi32.exe
Removed! : C:\WINDOWS\winyq.exe
Removed! : C:\WINDOWS\mswt32.exe
Error Removing! : C:\WINDOWS\n_aifvdh.dat
Removed! : C:\WINDOWS\ipbj32.exe
Removed! : C:\WINDOWS\crfl32.exe
Removed! : C:\WINDOWS\netxr.exe
Removed! : C:\WINDOWS\d3eo.exe
Removed! : C:\WINDOWS\SYSTEM\vabil.dat
Removed! : C:\WINDOWS\SYSTEM\nzvhb.dat
Removed! : C:\WINDOWS\SYSTEM\javaef.exe
Removed! : C:\WINDOWS\SYSTEM\netgj.exe
Removed! : C:\WINDOWS\SYSTEM\msyz.exe
Removed! : C:\WINDOWS\SYSTEM\d3to.exe
Removed! : C:\WINDOWS\SYSTEM\d3vc32.exe
Removed! : C:\WINDOWS\SYSTEM\msbi.exe
Removed! : C:\WINDOWS\SYSTEM\appup.exe
Removed! : C:\WINDOWS\SYSTEM\apimv32.exe
Removed! : C:\WINDOWS\SYSTEM\iedc.exe
Removed! : C:\WINDOWS\SYSTEM\apptj32.exe
Removed! : C:\WINDOWS\SYSTEM\javaqc.exe
Removed! : C:\WINDOWS\SYSTEM\ipul32.exe
Removed! : C:\WINDOWS\SYSTEM\d3cx.exe
Removed! : C:\WINDOWS\SYSTEM\sysfs.exe
Removed! : C:\WINDOWS\SYSTEM\atlhe32.exe
Removed! : C:\WINDOWS\SYSTEM\javaae.exe
Removed! : C:\WINDOWS\SYSTEM\msbv.exe
Removed! : C:\WINDOWS\SYSTEM\iezf.exe
Removed! : C:\WINDOWS\SYSTEM\msha32.exe
Removed! : C:\WINDOWS\SYSTEM\crij.exe
Removed! : C:\WINDOWS\SYSTEM\iejw32.exe
Removed! : C:\WINDOWS\SYSTEM\d3yd.exe
Removed! : C:\WINDOWS\SYSTEM\netoh.exe
Removed! : C:\WINDOWS\SYSTEM\appiz32.exe
Removed! : C:\WINDOWS\SYSTEM\addea32.exe
Removed! : C:\WINDOWS\SYSTEM\ipev32.exe
Removed! : C:\WINDOWS\SYSTEM\atlcb32.exe
Removed! : C:\WINDOWS\SYSTEM\apilu32.exe
Removed! : C:\WINDOWS\SYSTEM\d3bq32.exe
Removed! : C:\WINDOWS\SYSTEM\sysia.exe
Removed! : C:\WINDOWS\SYSTEM\javasq32.exe
Removed! : C:\WINDOWS\SYSTEM\javawg32.exe
Removed! : C:\WINDOWS\SYSTEM\mslj32.exe
Removed! : C:\WINDOWS\SYSTEM\crna.exe
Removed! : C:\WINDOWS\SYSTEM\lhqyw.dat
Removed! : C:\WINDOWS\SYSTEM\iesv32.exe
Removed! : C:\WINDOWS\SYSTEM\d3ny.exe
Removed! : C:\WINDOWS\SYSTEM\atldu.exe
Removed! : C:\WINDOWS\SYSTEM\crrc32.exe
Removed! : C:\WINDOWS\SYSTEM\msbp.exe
Removed! : C:\WINDOWS\SYSTEM\javaen.exe
Removed! : C:\WINDOWS\SYSTEM\atlli32.exe
Removed! : C:\WINDOWS\SYSTEM\mslp32.exe
Removed! : C:\WINDOWS\SYSTEM\apisz32.exe
Removed! : C:\WINDOWS\SYSTEM\mfcga.exe
Removed! : C:\WINDOWS\SYSTEM\ntms.exe
Removed! : C:\WINDOWS\SYSTEM\netuf32.exe
Removed! : C:\WINDOWS\SYSTEM\addfw32.exe
Removed! : C:\WINDOWS\SYSTEM\crdh32.exe
Removed! : C:\WINDOWS\SYSTEM\ipec.exe
Removed! : C:\WINDOWS\SYSTEM\msgf32.exe
Removed! : C:\WINDOWS\SYSTEM\crdf32.exe
Removed! : C:\WINDOWS\SYSTEM\addjt32.exe
Removed! : C:\WINDOWS\SYSTEM\sysnu.exe
Removed! : C:\WINDOWS\SYSTEM\mski.exe
Removed! : C:\WINDOWS\SYSTEM\crti.exe
Removed! : C:\WINDOWS\SYSTEM\sysdn32.exe
Removed! : C:\WINDOWS\SYSTEM\netvc32.exe
Removed! : C:\WINDOWS\SYSTEM\netlq32.exe
Removed! : C:\WINDOWS\SYSTEM\atlbu.exe
Removed! : C:\WINDOWS\SYSTEM\ipcx.exe
Removed! : C:\WINDOWS\SYSTEM\jnpof.dat
Removed! : C:\WINDOWS\SYSTEM\javaif32.exe
Removed! : C:\WINDOWS\SYSTEM\addud32.exe
Removed! : C:\WINDOWS\SYSTEM\addqs.exe
Removed! : C:\WINDOWS\SYSTEM\ntlt32.exe
Removed! : C:\WINDOWS\SYSTEM\sysrm32.exe
Removed! : C:\WINDOWS\SYSTEM\winzk32.exe
Removed! : C:\WINDOWS\SYSTEM\appdk.exe
Removed! : C:\WINDOWS\SYSTEM\appwh.exe
Removed! : C:\WINDOWS\SYSTEM\atlpq.exe
Removed! : C:\WINDOWS\SYSTEM\ieoz.exe
Removed! : C:\WINDOWS\SYSTEM\d3gy.exe
Removed! : C:\WINDOWS\SYSTEM\apimk32.exe
Removed! : C:\WINDOWS\SYSTEM\winxg32.exe
Removed! : C:\WINDOWS\SYSTEM\winsc.exe
Removed! : C:\WINDOWS\SYSTEM\mshz.exe
Removed! : C:\WINDOWS\SYSTEM\d3tf32.exe
Removed! : C:\WINDOWS\SYSTEM\crht32.exe
Removed! : C:\WINDOWS\SYSTEM\sdkdv.exe
Removed! : C:\WINDOWS\SYSTEM\iecp.exe
Removed! : C:\WINDOWS\SYSTEM\crua32.exe
Removed! : C:\WINDOWS\SYSTEM\systr.exe
Removed! : C:\WINDOWS\SYSTEM\sysmt.exe
Removed! : C:\WINDOWS\SYSTEM\ntvx.exe
Removed! : C:\WINDOWS\SYSTEM\sdkvn.exe
Removed! : C:\WINDOWS\SYSTEM\appum32.exe
Removed! : C:\WINDOWS\SYSTEM\netjb.exe
Removed! : C:\WINDOWS\SYSTEM\ipuy.exe
Removed! : C:\WINDOWS\SYSTEM\addnp32.exe
Removed! : C:\WINDOWS\SYSTEM\javaie32.exe
Removed! : C:\WINDOWS\SYSTEM\apidz.exe
Removed! : C:\WINDOWS\SYSTEM\appov.exe
Removed! : C:\WINDOWS\SYSTEM\addtg.exe
Removed! : C:\WINDOWS\SYSTEM\addsc.exe
Removed! : C:\WINDOWS\SYSTEM\winyo.exe
Removed! : C:\WINDOWS\SYSTEM\javagm32.exe
Removed! : C:\WINDOWS\SYSTEM\msuf32.exe
Removed! : C:\WINDOWS\SYSTEM\d3ft.exe
Removed! : C:\WINDOWS\SYSTEM\winfm32.exe
Removed! : C:\WINDOWS\SYSTEM\apila.exe
Removed! : C:\WINDOWS\SYSTEM\javacn.exe
Removed! : C:\WINDOWS\SYSTEM\winpy.exe
Removed! : C:\WINDOWS\SYSTEM\crjw32.exe
Removed! : C:\WINDOWS\SYSTEM\winsj.exe
Removed! : C:\WINDOWS\SYSTEM\mfcha32.exe
Removed! : C:\WINDOWS\SYSTEM\sysfv32.exe
Removed! : C:\WINDOWS\SYSTEM\msnp.exe
Removed! : C:\WINDOWS\SYSTEM\mfcpn32.exe
Removed! : C:\WINDOWS\SYSTEM\windt.exe
Removed! : C:\WINDOWS\SYSTEM\mfcsu.exe
Removed! : C:\WINDOWS\SYSTEM\netrx32.exe
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 3 --------
About:Buster Version 1.31
Error Removing! : C:\WINDOWS\mghnqk.dat
Removed! : C:\WINDOWS\p_981116.exe
Error Removing! : C:\WINDOWS\n_emmldl.dat
Error Removing! : C:\WINDOWS\n_leuljt.dat
Error Removing! : C:\WINDOWS\n_aifvdh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 4 --------
About:Buster Version 1.31
Error Removing! : C:\WINDOWS\mghnqk.dat
Removed! : C:\WINDOWS\n_emmldl.dat
Removed! : C:\WINDOWS\n_leuljt.dat
Removed! : C:\WINDOWS\n_aifvdh.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 5 --------
About:Buster Version 1.31
Removed! : C:\WINDOWS\mghnqk.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

Thank you again for your time.  It seems that it may have worked.  In any case the computer is running faster already.  If you have any other suggestions that you think need to be pursued to prevent the virus from coming back, please let me know.  Thanks again.
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: July 22, 2004, 11:02:01 PM »

It looks good cheetrowe

Since you asked
Smiley

You should install these 2 apps., they add extra security while
silently protecting you, without running in the background
 
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

With both---Check for updates every couple of weeks

READ THIS
How did I get Infected

I'll leave this topic open for a day or so, if the infection reappears
please post back
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page May 16, 2019, 11:20:04 PM