MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Realsearch.cc dialer virus
April 19, 2019, 02:51:51 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
April 19, 2019, 02:51:51 AM

Login with username, password and session length
 
News
New  Got pics of your modded PC or want to show off your cool desktop, visit our new Show & Tell forum!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Realsearch.cc dialer virus  (Read 852 times)
chisoxinla
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« on: January 08, 2005, 09:26:28 PM »

I'm running Windows XP, and I have the realsearch.cc hijacker/dialer that I've been unable to shed.  The Trend Micro online scan turned up nothing, nor does Sophos which is running on my computer.  I've run Ad-Aware (which did find RegData and deleted it) and Spybot (which also found and deleted something).  When I reboot after all this the realsearch virus comes right back.  Here is the Ad-Aware log (at the end a possible virus is found) and a Hijack This log (after manually removing 11 realsearch.cc entries, although they always return after rebooting).  Thanks for the help.

Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :Saturday, January 08, 2005 12:16:49 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R298 20.04.2004
Internal build : 229
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1067557 Bytes
Signature data size : 1049356 Bytes
Reference data size : 18137 Bytes
Signatures total : 23569
Target categories : 10
Target families : 455
1-8-2005 11:38:25 AM Performing Webupdate...

Installing Update...
Reference file loaded:
Reference Number : 01R347 26.10.2004
Internal build : 281
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref
Total size : 1379284 Bytes
Signature data size : 1356739 Bytes
Reference data size : 22481 Bytes
Signatures total : 29961
Target categories : 10
Target families : 587

1-8-2005 11:40:28 AM Success.
Update successfully downlodaded and installed.


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:34 %
Total physical memory:261616 kb
Available physical memory:88764 kb
Total page file size:633564 kb
Available on page file:494736 kb
Total virtual memory:2097024 kb
Available virtual memory:2050932 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


1-8-2005 12:16:49 PM - Scan started. (Smart mode)

Listing running processes
Logged

 
TNT
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« Reply #1 on: January 08, 2005, 10:43:09 PM »

Hi, I had the same problem a few days ago.
Firts of all it helps to use the latest Hijackthis version (1.99 i think). When you post it a Moderator will look at it.

I cleaned my computer myself with help from Cactus BUT I'M NOT A MODERATOR!!!! so i can give you some advise but i'm not an expert!

First of all it helps to disable any virusscanner ( my scanner deleted the file, but it copied itself under another name) and don't make any adjustments to your system.

A moderator will tell you how to work but you'll have to post a file from v1.99.

I followed Cactus' "manual" and deleted several .exe files from my system32 (the hack is located there)
on top of that i also deleted all sorts of suspicious files that were installed on my PC the day it got hacked.
Most false files are 8,66kb and don't have a MS signature name if you place your cursor on them.

These are just tips, but i advise you to post a Hijackthis v.1.99 file here and wait for a moderator to reply

Good luck!!;D
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #2 on: January 09, 2005, 04:05:54 PM »

Your HJT version is outdated chisoxinla..

Download Hijackthis Version 1.99
---Important---Create a permanent folder
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT ---this is where you will want to save Hijackthis too, also, backups will be stored there.
Download from here
http://aumha.org/downloads/hijackthis.exe

Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----most entries are harmless and needed.

Cactus
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 14, 2017, 04:27:57 PM