Browser Hijack and IE problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by razielle, Aug 11, 2007.

  1. razielle

    razielle Private E-2

    please can someone help? :(
    I've been trying for weeks to get my mother's system clean of malware, and this seems to be the last remaining problem - but i just cant get rid of it

    IE sometimes doesn't load pages, sometimes works fine, but very often redirects to ezanga, netster, adservices10.marchex ..etc.

    a little background on what ive cleaned up so far:
    - I first deleted a shady looking entry from a hijackthis run: 017 - HKLM\System\CCS\Services\VxD\MSTCP: Nameserver = 85.255.115.59,85.255.112.126
    - I also deleted weatherbug, yahoo and google toolbars,
    - I removed some Viewpoint Manager programs from Add/Remove programs
    - bitdefender found and deleted Trojan.Peed.Gen, Tojan.Lopad.P, Trojan.Mirchack.A and now runs clean when I scan.

    SuperAntiSpyware runs clean.

    Also, I'm not sure if I did something wrong along the way of trying to clean things, but I can't run the cmd from Start>Run. I get a pop-up: "Cannot find the file 'cmd' (or one of its components) ..."

    One other odd issue I'll note, is when I Immunize in SpyBot, it says "7182 bad products already blocked, 5 additional protections possible. Please Immunize."
    Then I Immunize and it says "7187 bad products are now blocked."
    BUT when I go back and re-immunize, it reverts to saying "7182...."

    I'll attach my logs
     

    Attached Files:

    Last edited by a moderator: Aug 11, 2007
    razielle, Aug 11, 2007
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First, you need to rename HijackThis.exe to something else such as "analyzethis.exe"

    Also, need a few more logs from the READ ME (below)...
    • CounterSpy Log
    • Bitdefender Log - from step 6
    • Panda Scan Log - from step 6
    • runkeys.txt - the log from GetRunKey.bat
    • New HijackThis Log

     
    bjgarrick, Aug 11, 2007
    #2
  3. razielle

    razielle Private E-2

    Ok, I renamed HiJackThis and am attaching the log from today.

    CounterSpy Log - The o/s is Windows 98SE so I used SuperAntiSpyware. I am attaching the Log from SuperAntiSpyware.

    Bitdefender Log - Already attached in first post.

    Panda Scan Log - I have tried but cannot get this to run the online scan.
    I have tried to allow ActiveX (I get the prompts, and say Yes to Allow) but PandaScan still does not work. I am attaching the error message I receive.

    runkeys.txt - Attaching

    New HijackThis Log - Attaching
     

    Attached Files:

    razielle, Aug 19, 2007
    #3
  4. razielle

    razielle Private E-2

    here's the last attachment
     

    Attached Files:

    razielle, Aug 19, 2007
    #4
  5. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Download, install and update CounterSpy 1.5 for Win9x.

    After you have updated CounterSpy, run a full scan and remove all found infections.

    Once the scan is complete, attach the log to your next post.
     
    bjgarrick, Aug 19, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds