MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Need help, hijacked...nothing works..
May 28, 2020, 08:21:43 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 28, 2020, 08:21:43 PM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Need help, hijacked...nothing works..  (Read 1339 times)
Razorspur
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« on: January 19, 2005, 02:13:59 AM »



When i start up comp p*rn pops up and i have to alt/ctr/delete to get it off, wont click off....default hp is horseserver.net

Logfile of HijackThis v1.99.0
Scan saved at 9:04:16 PM, on 1/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\LMPDPUI.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\EVAAND~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://horseserver.net/redir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://horseserver.net/redir.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://horseserver.net/redir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://horseserver.net/redir.html
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: winupdate15809628[1].exe

Logged

 
Geekgirl
Global Moderator
Hero Member
*****

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175



Bookmark and Share

View Profile
« Reply #1 on: January 19, 2005, 03:35:15 AM »

Hi Razorspur
Are you sure thats the complete log?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Scan your pc with Housecall. Its a free online scanner. Be sure to put a check the box beside AutoClean.

Download / Install / Update / and Run:
Adaware SE
check for any updates before running it.
Get the plug-in for fixing VX2 variants. You can download it at this SITE
 To run this tool, install to the hard drive, then open Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

Also install SpyBot S&D 1.3.
Always Search for Updates before using.
Install any updates if they are available. Next click on the Check for Problems button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot.

Please download Index.dat Suite you will use it later.

(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders. A good place to make a folder would be in My Documents,
as this is where it will save the backup files needed if there's a problem.)

After you have placed HJT in a proper place follow these instructions.

Turn off System Restore by doing the following:

Click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

Please remember to close all other windows, including browsers then click Fix checked.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://horseserver.net/redir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://horseserver.net/redir.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://horseserver.net/redir.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://horseserver.net/redir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://horseserver.net/redir.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://horseserver.net/redir.html
O4 - Startup: winupdate15809628[1].exe

Empty all your TEMP Folders / Temporary Internet Files Folder using Index.dat Suite. This program allows you to delete the index.dat files, temporary internet files, temp files, cookies and history.
After running that empty your "Recycle Bin".


Reboot your system in normal mode.

Please post a fresh Hijack This log so that we can check if your system is clean.

« Last Edit: January 19, 2005, 03:37:39 AM by Geekgirl » Logged




Girlz Rule ...Boyz Drool
____________________________
ALWAYS BACKUP YOUR REGISTRY BEFORE EDITING
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 10, 2018, 10:07:33 AM