4bf65.ilxt.info desease

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jasson, Sep 14, 2004.

  1. jasson

    jasson Private E-2

    hi i have this parasite, makes my home page 'for search' opens pop up immediately called abf65.ilxt.info,
    have done all the scans major geeks told me...still have it(the bug)
    cwshredder cant run says it has generated errors and something about cws smartsearch.2.
    here is my saved hjt log
     

    Attached Files:

    jasson, Sep 14, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you have not. Go back to the sticky thread and complete ALL of the steps < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

    I can tell just by looking at your log (that no one asked you to post and it is not a .txt file attachment either) that you did not even run the requested online scans. I see some trojans.

    You should also download and run this:
    CoolWWWSearch.SmartKiller (v1/v2) MiniRemoval

    and also these:
    http://www.memorywatcher.com/uninst.exe
     
    chaslang, Sep 14, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After doing what I said in my first message run HijackThis and fix the following if still there (DO NOT CLICK FIX until all browser sessions, including this one, are closed):
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://mypoisk.com/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {5C1B6D34-28C0-45FE-97FF-161DA979A509} - C:\WINNT\System32\ecj.dll
    O4 - HKLM\..\Run: [etupwbvs] C:\WINNT\System32\etupwbvs.exe
    O4 - HKLM\..\Run: [atamtnkrch] C:\WINNT\System32\jkkkzf.exe
    O4 - HKCU\..\Run: [Wlce] C:\Documents and Settings\jason\Application Data\aacc.exe
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.windupdates.com
    O18 - Filter: text/html - {744704AC-653F-41D0-B011-CF86E5EDE1B0} - C:\WINNT\System32\ecj.dll
    O18 - Filter: text/plain - {744704AC-653F-41D0-B011-CF86E5EDE1B0} - C:\WINNT\System32\ecj.dll

    The reboot in safe mode and delete:
    C:\Documents and Settings\jason\Application Data\aacc.exe
    C:\WINNT\System32\etupwbvs.exe
    C:\WINNT\System32\jkkkzf.exe
    C:\WINNT\System32\ecj.dll
     
    chaslang, Sep 15, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds