1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.


Discussion in 'Malware Removal' started by ave292, Aug 4, 2006.

  1. ave292

    ave292 Private E-2

    Hi my browser has being hijacked by this: http[//]xn--3zo1864a/
    I need help please.

    Attached Files:

    Last edited by a moderator: Aug 4, 2006
  2. matt.chugg

    matt.chugg MajorGeek

    Welcome to MajorGeeks

    If you have a malware problem please post in the malware forum which restricts who can answer ensuring you get only qualified advice. I will have an admin/mod move this thread for you.

    What about the other logs ? Bitdefender, Activescan, Hijackthis. DId you run windows defender ?
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome to Majorgeeks!

    Moved to Malware part of forum........

    Do please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

      • [*]runkeys.txt - the log from GetRunKey.bat
        [*]newfiles.txt - the log from ShowNew.bat
      • CounterSpy - ONLY IF you were not able to run Windows Defender
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • HijackThis

    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
  4. ave292

    ave292 Private E-2

    Hi thanks for the prompt anwer,
    I have followed the instructions on the how to page some of the logs I have attached allready the two first ones.
    here is the rest of them, I continue to have the same problem should I run hijackthis now?:)

    Attached Files:

  5. ave292

    ave292 Private E-2

    Hi yes I run bitdefender & all the other tools you told me to run and it worked! my browser is like it supose to be, sorry I am new to computers & slow to understand, I apreciate all your help every one a BIG thankyou to you all. :)
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your first to logs are empty which is a typical sign that you did not extract all the files from the ZIP files as instructed. Try again.

    Also you did not post the Bitdefender log as requested. You need to follow the directions to get a correct log. All you posted was a log summary which is not useful. Don't run it again. It is unnecessary now.

    And yes the directions Matt gave you already requested a HijackThis log.
  7. ave292

    ave292 Private E-2

    Hi thank you for your quik response, I did xtract the ziped files as instructed and that's the result don't ask me what it means I know little about computers,
    In some my broser is beack to normal after doing everything as instructed so I must have done something wright.
    Thanks to all of you for all the help you are great..
    chears. :)
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying you are no longer having any problems that you need help with?

    Something is wrong that is stopping GetRunKey and ShowNew form getting logs. If you are sure you extracted all the files from the ZIP file, then you need to run the other step from the download link. It says:

    So run the one from above for your Windows Version and then get new logs from GetRunKey and ShowNew and attach them.
  9. ave292

    ave292 Private E-2

    Hi the answer to your question is "yes" my browser is normal again like it was before, but I got warried that I could not get the files you mentioned so I downloaded XPHomeFix & run the Bat files again tthis is what I got see att,
    Thanks to you all.
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach anything!
  11. ave292

    ave292 Private E-2

    Sory they did not upload properly I will do it again.:)
    Sory Ihave uploaded them but they did not appear on the post!
  12. ave292

    ave292 Private E-2

    Hi I will try again.
    Can not attach anything Attachments didn not work.:confused:
    Last edited: Aug 8, 2006
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have you read and are you following the directions in the below link:

    HOW TO: Attach Items To Your Post

    Make sure you look at response in the Manage Attachments window. Error messages do appear there but they are not real obvious.
  14. ave292

    ave292 Private E-2

    Hi yes I read all the instructions and did everything you asked I still get the same result. Now what? I will try again now.:confused:
    This is the error I get now newfiles.txt.txt:
    You have already attached this file in thread : Browserhijaked
    You have already attached this file in thread : Browserhijaked
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That means you are trying to attach the exact same files with the exact same contents. Thus it means the you still have not gotten GetRunKey and ShowNew to run properly or completety.

    Where did you download the two ZIP files too? Give me the complete path name.
    Then also tell me where you extracted the ZIP files too. And tell me all the filenames that appear in the folder with GetRunKey.bat and with ShowNew.bat

    Also note you are not supposed to be unload any of the temp file froms running GetRunKey. The temp files are all things beginning with x or xr. The only file we want uploaded from GetRunKey is the final output as stated in the directions. And that is runkeys.txt.

    From ShowNew, the output file is newfiles.txt not newfiles.txt.txt
  16. ave292

    ave292 Private E-2

    That's right I extracted them to a dir called C:\Pc Cleanup Tools and Extracted them to C:\Pc Cleanup Tools and\CMGTools then run from there and this is the result, the files that appear on that folder are (1) GetRunKey (2) grep (3) locate (4) ShowNew that is all.
    I have renamed the files to see if it would upload but it did not.
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure I understand your message! What is the full folder path? Is it:

    C:\Pc Cleanup Tools and\CMGTools

    or is it

    C:\Pc Cleanup Tools\CMGTools

    And don't you mean you see: GetRunKey.bat, grep.exe, locate.exe, and shownew.bat

    Open a command prompt window by clicking Start, Run, and enter cmd and click OK.

    In the command prompt window enter the below command to change to the folder where you extracted the files. Just replace it by the correct path if I have the name wrong.

    cd C:\Pc Cleanup Tools\CMGTools

    Now run GetRunkeys.bat by entering the below in the command prompt window:


    Tell me what happens! Do you see any error messages? If so, tell me the exact word for word error message seen.
  18. ave292

    ave292 Private E-2

    Hi OK Maybe I wasen't so calear the DIR that I downladed the progs is this one C:\Pc Cleanup Tools, and the were I xtracted the files is
    C:\Pc Cleanup Tools\CMGTools, I run form there & I got the same result as I got now wich says C:\Pc Cleanup Tools\GMGTools>GetRunkey 'regedit' is not recognized as an internal command, operable program or batch file, & repeats 40 times.
    I hope this helps:)
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay this is new information and is more useful. This means that your PC does not have a valid registry editor file (regedit.exe) or that you may have a malware file named regedit.com intercepting the commands. A .com file will run before a .exe file of the same name.

    Make sure you have enabled viewing of hidden & system files per the READ ME and then run Windows Explorer. Look in C:\windows\system32 and also in C:\windows for regedit.com and if found, delete it. DO NOT delete regedit.exe

    Let me know what you find. If you do find and delete regedit.com, now try to run GetRunKey and ShowNew.

    If the above still does not work, please attach a HijackThis log after following the directions in step 7 of the READ ME.
  20. ave292

    ave292 Private E-2

    Hi Here are the Regedit files & where they reside C:\windows regedit.exe,
    & In C:\windows\system32 there are 1 reg.exe, 2 regedt32.exe, 3 regini.exe, 4 REGPLIB.EXE, 5 regsvc.dll, 6 regsvr32.exe, 7 regwiz.exe, 8 regwizc.dll,
    Plus in C:\WINDOWS\ServicePackFiles\i386 there is one regedit.exe
    That is all I can find see if this helps:)
    Ps I found something else in C:\windows this Updreg.EXE
    Last edited: Aug 11, 2006

Share This Page

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds