Hijack.regedit -taskmanager!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by HiJack, Jul 4, 2009.

  1. HiJack

    HiJack Private E-2

    Hi!

    I am very new here, and want first of all, thank you for this great site, and even apologize for my bad english, but Ill do my best :p

    My comp. is a bit "sick", and it has been like this a while now. Ive reinstalled my comp. many times, but the same problem finds its way in to the system again :cry I dont know how or why. Ive tried many spyware, firewalls and anti-virus software(s), but without any good results.
    The thing is that every little dirty "spayware" virus disappears after a scan, but hijack.regedit and hijack.taskmanager (hijack.tskmgr) is still in the system. I even found out that these two make many things crash, and that is true. Many applications dont work anymore, and I cant even delete them from my PC. Been in many forums, but no one could out, so Ill try your help. Plz help! :cry

    Now Ive reinstalled the system ones more. Just so I can follow "READ & RUN ME FIRST. Malware Removal Guide". Ive done everything there, and here are the logs.
     

    Attached Files:

  2. HiJack

    HiJack Private E-2

    And heres the last Log.

    Everything is fine with my computer, apart from these two "infections". Plz, what do I have to do, to get rid of them?

    Again, am sorry for my english, and hope ull understand what am asking for...

    Thanx a lot...
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Why are you running your PC with no protection software installed?


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Jul 8, 2009
  4. HiJack

    HiJack Private E-2

    Hi, and thx!

    Who told u that I dont use any protection software m8?
    Like I told u before... Many protection softwares, just stopped, and why, I dont know, but I guess it has something with the hijack.- files to do?!
    I have SuperAS and MBAM in my system right now, but like u know by now, they just stopped working after the first reboot. (Many other suffers the same)

    Now Ive done exactly like uve told me. Did everything, but when I ran CCleaner, a "regedit inactive by admin" or something wondow pops up (sorry for my english). When I start the CC it pops up immediately and then... the CCleaner is gone... At last I was a bit faster and pressed the "Run Cleaner"...
    When it scanned and was finished, it showed me "100%" of the sanning process, and without finding anything. A secund later the the CCleaner was gone, like the first 5 times.

    Then I started with the "C:\MGtools\GetLogs.bat" -step. The CMD appairs and everything seems to be fine, but then the same "regedit inactive by admin" pops up. But this time, it didnt close the CMD window, so the CMD "scan" goes on. I followed some things the CMD showed, and many times it didnt find some files, in the C:\MGtools\- directory.
    At last the CMD tells me, to press any key to end it. And so I did, and here is the logs...

    Thx for ur help, and time... and again, Sorry for my english!
     

    Attached Files:

    Last edited: Jul 6, 2009
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs clearly show it. You have no antivirus, no realtime antispyware, and are relying on the less then adequate Windows firewall. The free versions of SAS and MBAM that you have do not provide protection. Thus as I stated, you have no protection installed.

    You did not create the CFScript.txt file properly. I can see that from your ComboFix log which shows it did not attempt to fix what we wanted to fix. Please try the fix again and make sure you create the CFScript.txt file properly. Make sure you recreate the file since I also added one more file to it (winsohvd.exe) that is new.

    Then attach the new ComboFix log and also run the GetLogs.bat program again and attach the new MGlogs.zip file too.

    What is the below startup program for?
    c:\documents and settings\All Users\Start-meny\Program\Autostart\
    BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-7-5 939536]
     
    Last edited: Jul 8, 2009
  6. HiJack

    HiJack Private E-2

    Hi again.

    Like Ive told u before m8, the hijack.-things makes every software stopp working. My logs maybe show u that am not using any protecion at all, but becuz every firewall, spayware- and other protection software, just stopp working after maybe, one or two reboots. Ive even used software, with was more then "free versions".

    I did create a new notepad, and named it CFScript (.txt) on the desktop. I copied the text that started from: "KILLALL::" to ""DisableRegistryTools"=-" and pasted it in the CFScript, and saved it. With the mouse I moved the CFScript.txt, and dropped it on the ComboFix.exe file, on the desktop. A small loeading window pops up over the ComboFix icon, and then its moves on. I guess Ive done the right things?!

    Here are the ComboFix- and the MG-logs. There is also a third log, procdll.txt, whitch is created every time i run ComboFix. Dont know what it is, but u maybe want to take a look in it?!

    Thx for ur help!
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds