I need soooo much help with my PC!

Hi,

Can any one help me? My PC's riddled with spyware and so forth, and I have no idea how to get rid of it all. I have a HijackThis log, and have tried various other progs. but I don't understand half it.

When the other progs. say it's all gone my PC still won't work! It switches on and lets me do some basics and sometimes surf the net and then it's gone again and I have to reboot yet again.

I really need some help please!, I have Uni stuff due tomorrow! *desperate situation*

Thank you!!!!
Abi

 

Sorry if I'm being really annoying having only just joined...just very stessed!-but is no excuse.

Would really appreciate some help, my Anti-Virus says my PC doesn't have a Virus just riddled with ad-ware etc etc

Thank you, Abi

 

Hi Abi,

I suggest you take a quick spin through the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I will try to check back as time permits.

Best luck
PP

 

Hi,

sorry i didn't noitce that before posting. Apologies also for this reply taking so long, but my pc kept crashing and loosing my reply so needless to say rather than throw it out of the window i gave up.

Here's what i did and what worked, or rather didn't.

Getting Started:
step 1, i didn't seem to have available to me.
step 2, didn't seem to apply to me

 

continuation from previous post, my pc crashed again.

my OS is Win2000Pro, mayvbe that's why step 1 didn't seem available to me.

step3 completed successfully.

step4 i think i created the folder properly. all completed successfully.

Scanning and cleaning steps:

step1 b, Trend Micros scan said i had trojan Bibsy b??, it told me how to get rid of it but it made no sense!, sorry if things make things more difficult?!! I ran that tool before i started downloading and running progs. suggested in the step 4 mentioned above, and it didn't raise any issues...now it does?

Symantec Security check said i was at risk from hacker exposure, trojan horse(s) and that my anti-virus wasn't up to date. My anti-virus is norton 2004 but whatever's messing ith my pc has messed with norton so it can't work, norton's solution was to uninstall, reinstall....wouldn't reinstall though. Norton tech. support said it can't be fixed, until what sounds like ad/spyware is removed. Whatever is messing with my pc has also made windows tell me that 'files files required to run windows have been replaced by unrecognised versions' and my pc won't shut down or restart anymore....you have to hold the button in 'til it switches off.

McAfee stinger didn't raise any issues.

step 2, completed fine excpet i couldnt' find any checkbox for Index.dat so couldn't select that option obviously.

step3 completed, it brought up a whole list, so i immunised and removed what i knew it was safe too.

step4 completed and none of those prog.s raised any issues.

OPTIONAL step 5 i read through it and none of it seemed to apply.

step 6, i used the right version, and followed the rest of the instructions above putting the log in a safe folder and closed all progs. i knew how to.

Thank you, and sorry about all this hassle...
Abi

 

Hi Abi,

Very pressed for time and probably won't be able to check back until Sunday evening!

Are these expected settings?
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ntl:home

O14 - IERESET.INF: START_PAGE_URL=http://www.ntlworld.com/


O4 - HKCU\..\Run: [internat.exe] internat.exe ---> This one bothers me as well. Please locate internat.exe
and RightClick it and select Properties and Version Tab and let me know what it says. Also, tell me what directory you find it in.


For the rest:
Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure the Viewing of Hidden Files is Enabled as per the tutorial.

Look in Add or Remove Programs and see if you can Uninstall MyWebSearch, if found.

Then open Task Manager (Ctrl-alt-del) and end this running process if found: xhyzyu.exe

Now scan with HijackThis and Check the Boxes for the following:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>

O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: WebHlprObj Class - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - C:\Documents and Settings\Tracey\My Documents\WH5_1843010.dll

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [fonxlm] C:\WINNT\system32\xhyzyu.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\Documents and Settings\Tracey\My Documents\WH5_1843010.dll
C:\Program Files\MyWebSearch ---> The Folder
C:\WINNT\Belt.exe
C:\WINNT\satmat.exe
C:\WINNT\system32\xhyzyu.exe
C:\WINNT\BTGrab.dll

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits - Likely Sunday Night!

Best luck
PP

 

all the ntlworld bits, are normal settings.

As for the internat, it's version is 5.0.2920.0 and it's description is Keyboard Language Indicator Applet. It was found in C:\WINNT\system32

Am busy following the rest of the instructions.

THANK YOU.

Abi

 

You're Welcome - Happy to try to help

internat.exe is what I thought it would be and is OK

Will check back when I can.

Also, when we finish, remind me to hook you up with a good FREE AV program!

PP

 

whatever that is, I'll remind you!

thanks.

 

Well, it didn't sound like you were getting much joy from Norton, so I'll suggest a few Free (& BETTER) AntiVirus programs for you after we get you fixed up.

Let me know how you fare with the cleanup and don't forget to attach a fresh HJT Log.

PP

 

I ensured the viewing of hidden files was enabled. then I removed MyWebSearch as directed. xhyzyu.exe wasn't found.

I checked the boxes for everything except for O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL and O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
as they weren't present. the rest were fixed.

As for,
C:\Documents and Settings\Tracey\My Documents\WH5_1843010.dll it was present as .ini too, I didn't delete that part...although i probably should have...such is the case with most of the below.
C:\Program Files\MyWebSearch ---> The Folder it was present and deleted.
C:\WINNT\Belt.exe present and deleted, but it was also present in the following formats, .ini .inf .pnt and there was CosmicBelt.rpv...didn't know if that was anything?
C:\WINNT\satmat.exe present and deleted but also present as .ini .inf and .pnf
C:\WINNT\system32\xhyzyu.exe deleted
C:\WINNT\BTGrab.dll, deleted but also present as .inf

I can go back and delete all these other parts/formats if needed, just wasn't sure at the time.

ran CCleaner, had a huge list, but all fixed. Spybot had a small list of about 5items, but when it was seraching it came across all sorts of XXX and such like things, none of which I've ever found on my maching and none of which it listed...unless it was listed under another name.

cleanmgr was also run, with all the boxes you listed checked.

Attached is my new HijackThis log.

thank you,
Abi

Oh, also my pc seems to be working a little better, as in it works ok for longer than it did and it has shut down properly once, so far. Something it hasn't done for about 4days. I'm still missing windows files though and my anti-virus still won't reinstall.

 

i forgot to say that when i deleted mywebsearch and some of the others in safe mode, spybot found them again. and then again i find them when i do a search in normal mode...will they keep appearing??

abi

 

Hi Abi,

Go ahead and delete the various extensions for the bad files. Leave CosmicBelt.rpv alone, though.

Your HJT log looks OK.

When SpyBot searches, the files you see flashing along by the green bar are items it is looking for and not stuff on your machine.

Re the Windows files (Missing or corrupted) I do not know what to tell you there - Could be a number of different things.

As for the Norton - Uninstall it and go with AVG or AVAST. See this link for AV and Firewall ---> How to Protect yourself from malware!

How is your computer running now?
Sorry I seem rushed. . . . Really busy these days! I'll check back when I can.

PP

 

Hi,

My PC actually shuts down (although really fast!!). Thank you!!

haev deleted all those otehr file extensions.

good to know about the Spybot search! again


Norton I can't uninstall as when i last tried to reinstall it it had a 'fatal error' and couldn't so now I can't uninstall it because it had a 'fatal error' upon my attempt at installation!!

any ideas??

THANK YOU sooooooooooooo much for fixing my PC!!!!!

Abi

 

Happy to help!

Please attach a fresh HijackThis log for me to doublecheck!

Can you delete the remnants of Norton from Program Files? This thing can be a real pain!

Let me know if this link helps: Removing Norton AntiVirus 2004 from Windows XP/2000 after Add/Remove Programs does not work

We'll hook you up with AVG or AVAST & Spyware Blaster . . . . If you haven't done it already!

PP