IE/yahoo msgr issues~coolwebsearch fallout?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rubyvroom, Sep 2, 2004.

  1. rubyvroom

    rubyvroom Private E-2

    *glaargle* I'm hoping someone can help me out with this, and I'm posting it here since it all began with the eeeevils of a CWS hijacking [kept directing to the windowws.cc site] that I (think) I cleared up yesterday.

    At any rate, IE is still experiencing issues. My homepage is set to google.com, but when I load the browser, I get "The page cannot be displayed". Same goes if I try to type in yahoo.com or gmail.google.com.

    Strangely, other sites seem to load fine. Additionally, I'm having wonkiness with my yahoo messenger, which I've reinstalled several times, but when I get it running, I cannot see the messages I send or receive; the screen's just blank.

    I've checked out the spyware, trojan and virus removal tutorial and have done/run the following in safe mode:

    [all programs were updated today before running]
    -scanned system with TrendMicro (all clean)
    -CCleaner
    -Spybot
    -Ad-Aware
    -a squared
    -HijackThis

    I'm running XP.

    Any ideas? Help is very much appreciated.
     
    rubyvroom, Sep 2, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you have any lines in your HijackThis log that look similar (or eactly like) to the below:

    O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
    O4 - HKLM\..\Run: [pnpsvc_lock] C:\WINDOWS\System32\8615164.exe
    O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
    O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll

    If so, you should read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File >

    Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

    Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

    And so now I'm asking you to post your HijackThis log as a .txt file attachment.
     
    chaslang, Sep 3, 2004
    #2
  3. rubyvroom

    rubyvroom Private E-2

    chaslang: nope. it's all program files in my O4 lines.

    attached is my HJT log. Thanks for taking a look!
     

    Attached Files:

    rubyvroom, Sep 3, 2004
    #3
  4. rubyvroom

    rubyvroom Private E-2

    Feh. long day and I can't figure out how to edit that last post. At any rate, about a minute after I posted, I opened TrendMicro to double-check my browser settings (maybe google, etc were getting blocked? they're not), when I went to close the program, computer spontaneously rebooted and then froze at the desktop.

    Had to hard boot, and nothing weird has happened in the last 5 minutes or so.
     
    rubyvroom, Sep 3, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This does not look like a complete log. Were you in safe mode when you made this log or normal mode?
     
    chaslang, Sep 3, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Also you did not do the first step of the READ ME FIRST. Windows update! You are not up to date with your Microsoft Updates. That is a bad idea!
     
    chaslang, Sep 3, 2004
    #6
  7. rubyvroom

    rubyvroom Private E-2

    ack! you're absolutely right, and I apologize for wasting your time with this. I did a Windows update today and things seem to be fine now. [at least IE is working again]

    I'd run HJT is safe mode; I was surprised it was so short as well, but it's a brand new hard drive and doesn't have a lot of extraneous stuff on it yet. (My friend just returned my computer on Sunday with the new formatted HD w/XP on it, which is also why I assumed [mrph] it was all updated.)

    Again, I'm so sorry to have not been on top of things; I'd spent so much time checking MG for how the heck to fix stuff and overlooked the most important step. :rolleyes:

    Thanks again for the help!
     
    rubyvroom, Sep 3, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
    Last edited: Sep 3, 2004
    chaslang, Sep 3, 2004
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds