Hello Geeks

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by newmant, Mar 15, 2005.

  1. newmant

    newmant Private E-2

    I hope I am doing this right. I needdddddddd Help. I have a ie hijacker, on may start page comes up-http://www.hotoffers.info/a0002/. I have went into the registry in hkey local machine and hkey users and I will delete it and it just comes right back. Then I have a microsoft security warning about port 8080 and I forget the other one. I have my microsoft internet explorer page just opens on its own and my computer tries to connect on its own. I am running Norton System Works, AVG Free Antivirus, Ad-Aware SE Personal Addition and Microsoft Antispy Ware. I dont know what else to do except maybe throw my computer away. Can you help.
    Thanks Tammy
     
  2. newmant

    newmant Private E-2

    If I am not doing this right please let me know. Tammy
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I cannot vouch for the authenticity of this but did you see the thread a couple links down:

    hotoffer.info

    This user said it fixed his problem. If you feel comfortable with trying this at your own risk, do so. Otherwise see my next message.
     
    Last edited: Mar 15, 2005
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If that does not help you, follow the steps below.

    To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENTto your next message. (Do NOT copy/paste the log into your post).
     
  5. newmant

    newmant Private E-2

    newmant

    Helppppppppppppp............................ I have even tried spy killer 2005 and this ie highjacker just keep coming back and my computer is trying to connect all by itself, almost like its possessed.
    newmant
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: newmant

    Why are you posting a new thread for this? We already gave a procedure to follow. You need to follow it if you want help.

    I'm merging you back to your other thread!

    Did you purchase SpyKiller?
     
  7. newmant

    newmant Private E-2

    Re: newmant

    Sorry I am finding out how to work sending messages, I hope this is the right way to reply. I found it know and will follow all steps. I did purchase the spykiller. But no luck yet. But I am going to follow the steps and see if it will help. Thank You So Much I was about to pull my hair out or maybe sling my computer.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: newmant

    Okay just follow the cleanup procedures I gave to you and if you still have a problem when finished with them, post the HijackThis log as requested (make sure you follow the steps correctly to avoid an additional delay).

    The reason I asked about SpyKiller is that it used to be on a list of rogue/suspect spyware removal tools. It recently was taken off the list, but I don't believe anyone thinks to highly of it. What we have here for free will work just as well.
     
  9. newmant

    newmant Private E-2

    Re: chaslang

    Okay I will remove the spy killer, I am not able to down load fast we only have dial up here I live so all my downloads are slow, I have a couple done. And am on the spybot now. I will probly be tommorrow with my reply. Thank You So Much newmant
     
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: chaslang

    Okay! I know it can be time consuming but it will be worth it when you are done. You will have a lot of useful tools and will learn something. You do not need to uninstall SpyKiller if you like it. That is your decision. I just don't think it is worth the money. Perhaps you can get a refund!

    Note you will not be able to run the online scans in safe mode since you are on dial-up. So try running them in normal boot mode. This can take quite awhile. He it becomes a problem. Just skip the two online scanners and continue.
     
  11. newmant

    newmant Private E-2

    Okay I will follow step by step and if I have any questions when I get to the remove microsoft java part can I post reply's with my questions to you? I will just tell everybody that normally calls to call my cell all day Ha Ha Cause it will probly take this dial up that long.. Thanks again
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Don't worry about doing the removal of MS Java and install of Sun Java right now. Just do the 4 steps of the Getting Prepare section and the first 4 steps of the clean up. The next step would be to post the HijackThis log as I requested (that is if you still have a problem).
     
  13. newmant

    newmant Private E-2

    okay will do.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I know this will take a while to do an while running these scans you will be offline (in safe mode). So just complete everything as best as you can and note what you find and clean and do not clean. Tell us the results when you come back.
     
  15. newmant

    newmant Private E-2

    Re: Hello Chaslang

    I am clean of all...... Thanks to you. I dont need the hijack this file. I only had trouble running the online virus and security scans it came up that my active x was not ready and it just kept saying that? But, the downloads and the other items took care of my problems. Below I will list what they showed.
    Spybot:
    Double Click 1 entry; Avenue A,Inc 1 entry; Dso Exploit 5 entries; MediaPlex 1 entry

    Stinger:
    Number of cleaned files 54757

    Kill2me: look to me I think was the name it removed

    CCcleaner: 27.6 mb removed

    Ad Aware vx2 cleaner: system clean

    Ad Aware SE: 2 registry keys cleaned and corrected.

    HS Remove: 8 items removed

    and the other thread with hotoffers worked to fix my reappearing ie highjacker.

    I had one question though I am running Avg free addition and Norton System Works that I bought a month and 1/2 ago. Should I have both or would you go with just one of them. I think they maybe a conflict between the 2???

    Thank You Again
    newmant
     
  16. TheOldThug

    TheOldThug First Sergeant

    Newmant

    Chas will probably want you to submit a HJT log anyway. He will want to make sure you are clean.

    Please try to turn OFF any applications that are not needed It makes it much easier to look at the HJT log.
    Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

    Good Luck :)
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! I would still like to see the HJT log! And only one AV should be installed. Take your pick!
     
  18. newmant

    newmant Private E-2

    I dont see where to go advanced, I want to make sure I send the log file the right way... can you help me find the go advanced
     
  19. newmant

    newmant Private E-2

    okay found it, I am sending the log file as a word file, is that ok?? I dont want mess anything up.
     

    Attached Files:

  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should just be attaching the .log file that HJT creates. You should not be creating a Word Document. Log files are easier for us to deal with and smaller in size.
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You still have both AVG and Symantec installed. You must uninstall one of them.

    Are you sure you bought SpyKiller? The two below items look like the free versions of SpyKiller and BestPopUpKiller:

    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup

    Actually both of the above should be uninstalled they are still on a list of rogue/suspect Spyware removal tools.
    See: http://www.spywarewarrior.com/rogue_anti-spyware.htm



    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)


    After clicking Fix, exit HJT.
     
  22. newmant

    newmant Private E-2

    I uninstalled the spykiller and it brought me to their web page for why I uninstalled and I uninstalled AVG Free I hope Norton is the better if not I will switch. I am gonna go off for a while to following your instructions. Talk to ya then.
     
  23. newmant

    newmant Private E-2

    2 Quick questions before I do this did I need to resend the actual log file, Im sorry I did it wrong. And how do I delete these O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
    do I fix these in highjack this to delete?
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No do not resend the log now.
    So I guess their uninstall does not work???

    Hijackthis can delete the entries you see in your log.

    Then you can boot to safe mode and delete the two folders:
    C:\Program Files\SpyKiller
    C:\Program Files\BestPopUpKiller
     
  25. newmant

    newmant Private E-2

    ok logging off now, I will send a thread to let you know. I just wish I had heard about you guys about 3 months ago, I was so stupid I've spent probly $200.00 on needless stuff trying to fix this and you helped in 1 day and I have learned alot from you. All I can say is thank god for Major Geeks.... Will talk to in a little. newmant
     
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     
  27. newmant

    newmant Private E-2

    I got it done, that makes me agrivated with spykiller. They made me go through a 10 minute survey of why I was uninstalling their product and then can you believe when I went in safe there it was. I double checked and it is gone now. That agrivated me to no end, that I went all through the motions and it didnt even delete it before. Thank You so much now I just wish a magic fairy would give back my $200.00 dollars I blew on stuff that I bought and the stuff you suggested is twice as good and didnt cost a penny...
    Ha Ha I was such an idiot before..
    Can I ask though if it were you which of the avg would you use? newmant
     
  28. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

  29. newmant

    newmant Private E-2

    Okay I just did the update will check again. I am downloading the firefoxsetup. And, have checked fixed my active-x codes as in below. I have made sure I have the recommended downloads. I really cant thank you enough. newmant
     
  30. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds