MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: ABOUT BANK
May 29, 2020, 04:07:14 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 29, 2020, 04:07:14 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: ABOUT BANK  (Read 1062 times)
ferguson
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 3


Bookmark and Share

View Profile
« on: August 09, 2005, 12:45:57 PM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows 98
Problem Application Name & Version: about blank
Problem Hardware Make & Model:
Error Messages:



Hi,  I am back after posting a Startpage problem and Trojan Startpage in March 2005 under the name Janski -  cactus was able tohelp and cure the problem for me.  
NOW something similar has hit again.   Firstly when I start my computer at the back of the desktop is a notice that says System Error caused by HTMl.Smitfraud.C.   I run some spyware and this recognised it and said it was deleted.  However this notice is still on my desktop.   Then I noticed that I am having difficulty getting onto the interenet - it has deleted my Dial up connection box and changed my home page to aboutblank.  I had this before but after a while when CACTUS helped me it eventually went.   Please see my Hijakthis log file posted below.   HOPE YOU CAN HELP.
Logfile of HijackThis v1.99.1
Scan saved at 1:23:07 PM, on 8/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\OLDCANDD\IMPORTANT SOFTWARE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {83127E3A-59EA-4CAB-AAA3-6259B83DD4CE} - C:\WINDOWS\SYSTEM\PJEK.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O7 "EPUSB1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\RunServices: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office.lnk = C:\OLDCANDD\Access\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

Regards  ferguson.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: August 09, 2005, 06:36:12 PM »

Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

Please save the following instructions in Notepad.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any open browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs.  Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

smitRem.zip - extract it to it's own folder.

CleanUp! - Install

Mwav Virus Checker

Hoster    

DelO15Domains.inf - Right click & choose "Save As..." DelO15Domains.inf.

If you have not already installed Ad-Aware SE 1.06, download and update Ad-Aware SE


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO SAFE MODE
1. Restart the computer. The computer begins processing a set of instructions known as BIOS.
2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
3. Continue to do so until the 'Windows Advanced Options' menu appears.
4. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

DelO15Domains.inf - Right-click on & choose Install. It will run immediately (you won't be able to see anything happen).

Hoster.exe - Choose the 'Restore Original Hosts' button and press OK.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {83127E3A-59EA-4CAB-AAA3-6259B83DD4CE} - C:\WINDOWS\SYSTEM\PJEK.DLL (file missing)            



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files
1. Double-click on the My Computer icon.
2. Select the View menu and then click Folder Options.
3. After the new window appears select the View tab.
4. Scroll down until you see the Show all files radio button and select it.
5. Press the Apply button and then the OK button and close the My Computer window.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Locate and delete the following file(s), if present:
    C:\WINDOWS\SYSTEM\PJEK.DLL          

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! with the following configuration:
Click Options...
  1. Move the arrow down to Custom CleanUp!
  2. select - Empty Recycle Bins  
  3. select - Delete Cookies  
  4. select - Delete Prefetch files (Windows XP only)
  5. select - Cleanup! All Users
  6. Deselect - Scan local drives for temporary files
 
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will delete all the files in your temp folders without making a backup

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Close all other windows & launch Ad-Aware.
Click on the
Logged

 
ferguson
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 3


Bookmark and Share

View Profile
« Reply #2 on: August 10, 2005, 03:15:35 PM »

Thanks for that.   I will get someone with a bit more knowledge to help with doing all this.
But before I do can you tell me if the following is connected to the same issue.

Everytime my computer wants to connect to the internet my AVG anti virus box pops up with a virus warning which says :

C:\WINDOWS\SYSTEM\intel32.exe
TROJAN HORSE AGENT.CM

is this connected to my current problem or something different ??
I have spoken to AVG who advise it is a Spyware problem and they have told me how to tick a box which stops it saving to my hard drive.  However I still get the message and have to delete it everytime it pops up.  I would like the damn thing gone !!

jan ferguson.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #3 on: August 10, 2005, 03:26:57 PM »

intel32.exe is part of the infection that we're fixing. It's part of the desktop hijacker you have.

Logged

 
ferguson
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 3


Bookmark and Share

View Profile
« Reply #4 on: August 11, 2005, 01:06:41 PM »

Hi,
We spent sometime trying to get rid of the above but alas no joy.  We did manage to get the warning in the background of the desktop off though.

Thanks for your help.   The situation is that I now have a brand new compuer and am getting rid of this Windows 98 and replacing it with the latest gear.
I will now be using the internet from a different source so I am now not really bothered about this trojan - its just annoying as it pops up all the time.

My hard drive will be joining many other in Computer Heaven !
I hope I never have to use mytech in the future.  But you have a great site and are all great help.
jan ferguson

Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page March 16, 2017, 09:29:14 PM