MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Newgenlook Removal
November 14, 2019, 08:50:18 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 14, 2019, 08:50:18 AM

Login with username, password and session length
 Featured Sites:
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Newgenlook Removal  (Read 3460 times)
georgeg
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« on: May 05, 2005, 03:09:35 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP SP1
Problem Application Name & Version:
Problem Hardware Make & Model:
Error Messages:



I am having trouble removing the newgenlook browser hijack.  It has been adding pop-ups in my system tray and a ton of icons on my desktop.  Any help would be greatly appreciated.

I have run Spybot & Ad-Aware and fixed a few things, but this problem just won' go away.

Thanks,
George

Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:43 AM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0058/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11b23154752addc92202/netzip/RdxIE601.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Logged

 
camrodz
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 2


Bookmark and Share

View Profile
« Reply #1 on: May 05, 2005, 04:11:12 PM »

I owe this tip to another poster only I can't find that original post anymore... 3 hrs of painful attempts... the fix is to delete the param32.dll file from c:\windows\system32.  kudos to the original poster whoever and wherever he is.
Logged

 
freedom
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: May 05, 2005, 04:39:03 PM »

I am a computer novice don't know how to do a lot of things other than to click icons, tried to delete the param32.dll file from search and get a message, access is denied and to make sure that the disk is not full or write protected or in use.....someone please help,this is really causing a lot of personal problems due to the jenna jameson popups and funky desktop icons

Help:(
Here is my hjack file...I have run pleny of spyware sweeps like spybot, adware and others and keep getting nailed by popups and this little red circle with this white x in the middle, again I say help!

Sad
Logged

 
georgeg
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« Reply #3 on: May 05, 2005, 05:55:51 PM »

camrodz,

I tried to delete the file you recommended and got an access denied message.  I even tried to delete via safe mode and still no luck.

George
Logged

 
jubeininja69
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« Reply #4 on: May 05, 2005, 06:43:35 PM »

quote:
Originally posted by georgeg

camrodz,

I tried to delete the file you recommended and got an access denied message.  I even tried to delete via safe mode and still no luck.

George


Yea i need help removing that to Sad. this virus is dangerous it wiped out my dsl connection for some reason and is a bigger threat than people make it out to be. i think this is a new variant of the globosearch virus or trojan.
Logged

 
broodingartist
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #5 on: May 05, 2005, 06:44:20 PM »

my computer go infected with newgenlook as well.  Every attempt to delete the above mentioned file has failed.  Please Help!!

Logged

 
broodingartist
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: May 06, 2005, 12:17:49 AM »

My work PC got infected with newgenlook.... my boss will love the Jenna Jameson popups when she gets back on Monday.  I tried the solutions I found on other posts, but when I try to boot from DOS, I can't access my C drive.  I made the windows boot disk and it boots to the a: prompt... but when I type c: is says "Invalid drive specification."  I need to get this cleared up by tomorrow.  Any suggestions???
Logged

 
Cactus
Security & Virus Specialist
Global Moderator
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 4327


Bookmark and Share

View Profile
« Reply #7 on: May 06, 2005, 12:54:17 AM »


Goto START>RUN
Type or Copy/Paste the line below into the Run Box:

regsvr32 /u param32.dll

Then goto START>ALL PROGRAMS>ACCESSORIES>WINDOWS EXPLORER

Browse to c:\windows\system32\param32.dll << DELETE THIS FILE


Now Download CCLEANER
http://www.ccleaner.com/

Under Windows tab check Internet Explorer, Windows Explorer, and System.
Then click Run Cleaner.

Let me know if it's gone .. Smiley

Cactus  
Logged

**PLEASE**.....do not post your hijack log in someone else's thread. Start a separate thread HERE! Thank you.

cactus@mytechsupport.ca

My System Specs

Avg Antivirus::Ad-Aware::Spybot::Windows Update::Recuva
Malwarebytes::SUPERAntiSpywareFREE
georgeg
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« Reply #8 on: May 06, 2005, 03:14:23 PM »

Cactus,

Tried your solution as well and this is what I got:

Parem32.dll was found but the dllunregisterserver entry point was not found,  This file cannot be deleted.

George
Logged

 
broodingartist
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 5


Bookmark and Share

View Profile
« Reply #9 on: May 06, 2005, 04:13:49 PM »

Cactus,

Finally removed the newgenlook hijack.  Everything is back to normal, with the exception of my desktop background.  It has a blue screen that says "Error was caused by Trojan-Spy.html.smitfraud." And it says my system cannot function in normal mode.  I'm using XP and have already deleted all the necessary files.  How can I recover my orignal desktop??  Thanks in advance.

Smiley
Logged

 
georgeg
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 14


Bookmark and Share

View Profile
« Reply #10 on: May 06, 2005, 05:07:50 PM »

Just got rid of my problem.  I downloaded a program called "Killbox" and it did the trick for me.

Thanks for the help,
George
Logged

 
jnaso
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


Bookmark and Share

View Profile
« Reply #11 on: May 07, 2005, 02:39:04 AM »

kill box worked for me but how do change my homepage.  I have tried tools and internet options but it still goes back to newgenlook  can you help
John
Logged

 
Toff
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 1


Bookmark and Share

View Profile
« Reply #12 on: May 07, 2005, 08:58:49 PM »

Hi have you tried putting your hard drive in another machine( used as a second hard drive) and removing the file. It should be easier
I tried to delete the file you recommended and got an access denied message.  I even tried to delete via safe mode and still no luck.

George
[/quote]
Logged

 
Transword
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #13 on: May 08, 2005, 04:37:15 AM »

Quote
Originally posted by georgeg

camrodz,

<I tried to delete the file you recommended and got an access denied message.  I even tried to delete via safe mode and still no luck.
>

Had the same problem. I found that if you boot into straight dos mode (not safe mode) that it will allow you to delete the file.

On Windows 98 (I know antiquated but I hope it works on a later version also), hold down the control key when you boot up (same as in Safe mode). Then select boot into dos (I am not exactly sure what the exact wording is as I am not using an English language system), then do

cd windows
cd system32
del param.32

That worked for me.

Am not a computer expert and this is my first post on the forum. So I would be happy if anyone needs to correct me.

Regards,

Logged

 
Transword
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 2


Bookmark and Share

View Profile
« Reply #14 on: May 08, 2005, 04:41:30 AM »


Correction

<del param.32>

That should be

del param32.dll


Hope this helps
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 04, 2018, 06:27:01 AM