Hotoffers Hijacker, etc..

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by neo1, Apr 30, 2005.

  1. neo1

    neo1 Private E-2

    As asked, I started new thread and attach Hijack This! log file at end. I followed all applicable steps in the How To: Spyware, Trojan and Virus Removal Thread up to installing Hijack This!. Trend Micro's Free Online Virus Scan ran clean. Symantec Security Check and Virus Scan revealed: No viruses detected in memory, however, C:\Windows\SYSTEM32\systr.dll is infected with Download.dialer. McAfee AVERT Stinger found the W32/Klez.eml virus in C:\America Online 6.0\download\TARGET\TARGET.mim which it deleted, however, it also found the W32/Klez.eml virus in C:\America Online 6.0\download\TARGET.zip\TARGET.mim. Spybot found no immediate threats. However, Ad Aware found 3 critical objects:
    IEHijacker.Hotoffers Object recognized
    Type: RegKey
    Category: Malware
    Rootkey: HKEY_CLASSES_ROOT
    Object: clsid\{12345678-0000-0010-8000-00aaff6d2ea4}
    Type: RegValue
    Category: Malware
    Comment: {12345678-0000-0010-8000-00AAFF6DEA4}
    Rootkey: HKEY_LOCAL_MACHINE
    software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
    Value: {12345678-000-0010-8000-00AAFF6DEA4}
    Possible Browser Hijack attempt
    Type: RegData
    Data: "http://www.hotoffers.info/287/"
    Category: Malware
    Comment: Possible Browser Hijack attempt
    Rootkey: HKEY_USERS
    Object: .DEFAULT\Software\Microsoft\Internet Explorer\Main
    Value: Start Page
    I saved complete Ad Aware log in a text file. Other removal tools ran clean. Please help this neophyte using dial up with Windows 98 (all critical updates are done) clean this nasty Trojan off my system. Also, on the advice of a friend, I ran Microworld Antivirus Toolkit Utility. Virus log indicates:
    File C:\Windows\System32\systrl.dll infected by "Trojan-Downloader.Win32.Agent.Ko" Virus
    File System found infected by "IEHijacker.Hotoffers Spyware/Adware" Virus
    File System found infected by "cws.therealsearch Spyware/Adware" Virus
     

    Attached Files:

    neo1, Apr 30, 2005
    #1
  2. XspeedyX

    XspeedyX Private E-2

    Load and do a scan only find the file below and fix it. Then save the log.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/287/ - DELETE
     
    XspeedyX, Apr 30, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds