Spybot and HiJackThis things

Well Spybot S&D keeps finidng the same thigns voer and over again, even after I delete them with it and then check again and it finds it right away... It's 5 DSO exploits and then some Z-Demon error...

And when I checked with HiJackThis it found too many things and from what I heard having a lot is not a good thing.

 

Welcome

We ask that you first try to do ALL the TUTORIAL listed below.

This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure someone will help you. Everyone is quite busy, as you can see by the number of posts, so hang in there.
Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

Well I've done all of that and it seems that Spybot doesn't find anythign anymore, which is good, but I'm still a bit skeptical of my huge HiJackThis list.

 

Go ahead and attach it and TheOldThug or I will have a look when time permits. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

PP

 

OK, since I couldn't exactly close all my items in the systray I scanned from safe mode to make it easier on myself >D... Anyways, the file is attached.

 

First, please make sure you have "System Restore" disable temporarily per the tutorial.

Run HJT again and have it fix the below entries.
Do NOT fix anything with HJT until ALL browsers are closed including the one you are reading from now.



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=...065769200000&D=1065855600000&I=7.NQ3&N=PL&O=I

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dmitriy Vaynshteyn\Application Data\Mozilla\Profiles\default\10ifvrrq.slt\prefs.js)

After fixing these entries, reset web settings and reboot. Post new HJT log and tell us how things are running. Thanks Bj

 

OK, deleted as per your post and here is the new log attached.

 

Right now your log looks pretty clean, the only thing that concerns me is the line below. This is installed usually with Verizon DSL accounts. However if you do NOT use Verizon DSL then you do not need this. Let me know how things are running.

O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

 

Well... it was installed during the installation of SBC Yahoo! DSL, so I'm thinking that maybe SBC also uses it.

 

Ok, Then I would leave that alone. Overall how are things running? Are you still experiencing any problems? If you are still having problems with SpyBot finding the DSO Exploit. Just download the Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX. This should take care of that problem.

 

Things are running perfectly now... Ad-Aware, SpyBot, my AV, none of them are picking anything up.

Thanks for all the help.

 

Your Welcome! Now that you are clean you can re-enable "System Restore".
To prevent reinfection, please see Chaslang's article on How to Protect yourself from malware!

Thanks Bj