Help with a Hijacker

To whomever is willing to help,

I am having malware problems and have performed the steps outlined in http://forums.majorgeeks.com/showthread.php?t=35407. I run Microsoft XP and use Internet Explorer for a web browser. The steps I performed have identified and fixed several hijackers and adware, but I am still having some problems. Most noticably, I am being redirected to random websites whenever I attempt to open a link from yahoo search results (by using the back arrow and going through 2 of these false sites, I am able to access the site I am actually requesting on the third try of clicking on the yahoo search link). I'm sure I still have other problems as my system seems to be running slower and crashes more often than it did when new, but the yahoo problem is the only one whose symptoms I can identify completely. I have attatched all of the requested logs to this post as well as hijackthis. Thank you for any help you can give.

Thanks,
Chicago

 

A few more attatchments to add.

 

You have (possibly amongst other things) a wareout infection.

Please follow the steps here and post new logs once complete.

WareOut Removal

 

Thanks for the quick reply and I'm sorry that I took so long to respond (had to go out of town on business). I ran the program and my problem with yahoo seems to be fixed. Thank you very much for all of your help. Is there anything else you see in here that needs fixing? I have attatched the wareout log file and a new hijackthis. Thanks again.

-Chicago

 

You still have some problems

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)


Run HijackThis. Click the 'Do a system scan only' button.


Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process
NOTE: This may not be present but we need to check

Click back to return to the scan results.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

OK, all steps complete. There wasn't any reference to My Way Search Assistant (one of my spyware programs may have taken care of it in the interim between posts) and dmdqg was present in some instances and not others (took care of it when it was there). The computer seems to be running fine now, thanks again for all of your help. If I ever make it to Birmingham, make sure you let me buy you a beer.

- Chicago

 

Sure I LOVE beer

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
3. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and enable System Restore to create a new clean Restore Point.
4. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!