Evil little thing kills hijack this and task manager

To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message.(Do NOT copy/paste the log into your post).

 

Try renaming hijackthis.exe to myhjt.com and then see if it runs.

 

Also download the below and follow the instructions below the link.

ProcessExplorer for Win NT/2K/XP

Unzip it and now run ProcessExplorer and lets configure some options first:
Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked. Now click on explorer.exe. Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
Now click on File and then Save As. And save the process list. Post it back here as an attachment. Also, from now on if I say to kill a process, use ProcessExplorer instead of Task Manager. Sometimes ProcessExplorer can kill things that Task Manager cannot.

 

The service you are referring to is for your modem and should be left alone.

You must remember to always exit ALL browsers before using HijackThis. You had the below running:
C:\Program Files\Internet Explorer\IEXPLORE.EXE

Do you recognize the below IP address to be part of your network or from your ISP:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4288365E-9CF3-4303-9738-4E59A3D7B707}: NameServer = 212.74.114.129 212.74.114.193

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\System32\javavm.exe
C:\WINDOWS\System32\msproc.exe


After killing all the above processes, click "Back".

Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Ms Processe Manager] msproc.exe
O4 - HKLM\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\RunServices: [Ms Processe Manager] msproc.exe
O4 - HKLM\..\RunServices: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKLM\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\Run: [Ms Processe Manager] msproc.exe
O4 - HKCU\..\Run: [Microsoft Java Virtual Machine] javavm.exe
O4 - HKCU\..\RunServices: [Ms Processe Manager] msproc.exe
O4 - HKCU\..\RunOnce: [Microsoft Java Virtual Machine] javavm.exe


After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\javavm.exe
C:\WINDOWS\System32\msproc.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.


Now run Ccleaner that you downloaded while running the initial READ ME FIRST.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

More than likely it is you ISP. You could call and ask but the below my give you the answer:

mk-cache-3.ns.uk.tiscali.com = [ 212.74.114.129 ]
Registrant:
Tiscali SpA (TISCALIS839)
Piazza del Carmine 22
09124 Cagliari
IT
Domain name: tiscali.com
Technical contact:
S.p.A. Tiscali (TS1029)
Viale Trento 39
Cagliari Cagliari
IT
techc@IT.TISCALI.COM

Your log is clean now. You should now be able to rename HijackThis to its correct name.
Rename myhjt.com back to hijackthis.com and makes sure it works. I do not need a log.

You now need to get your OS and IE versions updated. Please run the steps in the below link the first of which is Windows Update. If you are on a slow connection (like dial-up) this could be an issue since many file will be very large.

How to Protect yourself from malware!

 

Your HJT log still indicates you have not updated your system. So I'm not sure what it is that you are doing but you are definitely not installing your updates.

Running without a firewall is just about the most dangerous thing you can do. Without a firewall, you will almost always have some sort of malware problem.

What are your issues with a firewall?

Try downloading and installing Windows XP SP1A network version from the below link:
http://www.microsoft.com/windowsxp/downloads/updates/sp1/network.mspx

Note these are big files! If you are on dial-up, it will take a very long time to download this.

 

Okay! Now you have
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

That's better! I wonder why it does not show up as SP1a. I have seen this happen sometimes.

Sorry about the broken link. It did not paste in the full link. I'll edit and fix that link later, so that anyone else trying to use it does not have a problem.

How is everything working on your PC now?

Make sure you complete the equivalent of all the steps in the below link to help you avoid future problems:

How to Protect yourself from malware!

 

You're welcome! Happy I could help!

 

Re: Help required on Killing application..

Hari,

Why did you post in this thread? You should be starting your own thread and are you having a malware problem or are you asking us about writing a program?