dont know what to delete

I downloaded hijack this and ran it. But at the top of the page it says to ask some knowledgeable folk to help me know what to delete. Can you guys help me out?

 

I attached the log. thanks

 

I read another thread and found out that I dont have the latest version of hijack this so I downloaded a newer version and attached the log.

 

Hi Vaulter98,

You are running HJT Improperly from a TEMP folder. I did, however, see a number of Malware issues.

Here is the canned speech:

Generally, it is a good idea to start with the Cleanup Tutorial HERE:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been pretty busy with work lately, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Ok thank you for your help philliephan. I did the steps that you sent me. I went through steps 1-4 and 6. Nothing has changed with my computer and I seem to have picked up another virus over the weekend. Ok here is what is going on. I cant use my internet explorer, I keep going to some easy-biz page. I also keep getting pop-ups that say "Spyware detected on your PC do you want to delete it?" Thats the new one. Where to next?

 

oh yeah and sometimes internet explorer goes to worldtracker.biz. Thanks

 

sorry to post so much but I forgot the log

 

Hi Vaulter98,

You certainly hit the jackpot with EasySearch!! I strongly suggest that you dump ARES and WeatherBug. . . . Or, you will probably be back in the same boat soon.

ALSO NOTE: The files I will have you remove look VERY SIMILAR to legitimate ones. Please doublecheck the spelling before deleting!!


Please look in Add or Remove Programs for the following and Uninstall them if found:

WEATHERBUG
ARES

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them if possible:

IAU.EXE
STISVSQ.EXE ---> Not to be confused with stisvc.exe
SVSHOST.EXE ---> Not to be confused with svchost.exe
MSQDEVL.EXE
LSSAS.EXE ---> Not to be confused with lsass.exe
MSERVICE.EXE ---> Not to be confused with services.exe
WEATHER.EXE
ARES.EXE

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe --->Easy Search

O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe ---> Easy Search

O4 - HKLM\..\Run: [Games Acceleration] svshost.exe ---> Easy Search

O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe ---> Easy Search

O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe ---> Easy Search

O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe ---> Easy Search

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -h

O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe --->Easy Search

O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe --->Easy Search

O4 - HKCU\..\Run: [Games Acceleration] svshost.exe --->Easy Search

O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe ---> Easy Search

O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe ---> Easy Search

O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe ---> Easy Search

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode and navigate to and DELETE the following if they should remain:

C:\WINDOWS\IAU.EXE
C:\WINDOWS\STISVSQ.EXE ---> Not to be confused with stisvc.exe
C:\WINDOWS\SVSHOST.EXE ---> Not to be confused with svchost.exe
C:\WINDOWS\MSQDEVL.EXE
C:\WINDOWS\LSSAS.EXE ---> Not to be confused with lsass.exe
C:\WINDOWS\MSERVICE.EXE ---> Not to be confused with services.exe
C:\PROGRAM FILES\AWS ---> The Folder
C:\PROGRAM FILES\ARES ---> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Alright I did everything you said in your last post. All the pop ups are gone and I dont get directed to the easy-biz.com any more but the only problem is I cant use the Internet explorer at all anymore. I attached the log. The internet connection is ok because I can get on using AOL but not Internet Explorer. Thank you so much for your help.

 

Hi Vaulter98,

Let's run through this one more time. This ought to clean up all of the remnants. Same formula as before:

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode and navigate to and DELETE the following if they should remain – AGAIN, Pay Attention To The Spelling:

C:\WINDOWS\IAU.EXE
C:\WINDOWS\STISVSQ.EXE ---> Not to be confused with stisvc.exe
C:\WINDOWS\SVSHOST.EXE ---> Not to be confused with svchost.exe
C:\WINDOWS\MSQDEVL.EXE
C:\WINDOWS\LSSAS.EXE ---> Not to be confused with lsass.exe
C:\WINDOWS\MSERVICE.EXE ---> Not to be confused with services.exe


NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

I did it all again and everything is working great except for the internet explorer. I appreciate all your help. do you have any suggestions for what to do next?

 

i just downloaded firefox and that works. should i just forget about the internet explorer? to much hassle or can it be fixed easily? again thanks for all your help

 

Hi V98,

Firefox is faster and less prone to being attacked by malware than IE. Normally, people should keep IE viable so they can get Windows Updates, etc... But, with Windows 98, that is probably moot. So, I would definitely keep using Firefox. Still, it bugs me when things are not operating properly!

You could look in Add/Remove and see if there is an option to "Repair" IE, or reinstall it.

I assume you were very careful removing the similarly named malware - Though, even a mistake there probably would not kill IE. What sort of error message do you get, if any? What exactly happens when you try to use IE?

PP