FakeMSN8Beta

prince_will · Apr 23, 2006

this is a horrible thing. i can't go to sites such as Syamantec and McAfee and sites that look like they may help me immediately close down. i also have no access to my registry beacuse that immediatley closes down. my HijackThis thing doesn't scan for too long (for bout three seconds.) i'm going to include the log to see if yall find any info. Spybot detects it, and tries to get rid of it but it keeps coming back. Ad-aware notices registry changes, fixes it, but it immediataely comes back. i have "virushelpzone.com" which keeps appearing as my home page admist frequent manual changes to MSN.com. Windows Software Malicious Tool didn;t find anything in safe mode and Windows defender refuses to open

HELP!!!

prince_will · Apr 23, 2006

UPDATE!!!!!!
i have run the MSNVirrem tool on my computer and now everything seems better. I can acess previously unacessible sites such as Symantec. and my home page hasd not been changing and also, Spybot dtected no threats. i'm still concerened that AdAwate still detected a problem in the reigistry though. here are my logs after running MSNVirrem.

chaslang · Apr 23, 2006

Welcome to Majorgeeks!

You must stop posting new threads for your problem! You just need to wait your turn in the queue. MsnVirRem is what I would have told you to run. Do you still have the log from it. Please attach it here. And please remain in one thread. Your other thread is now closed.

Please do not post HijackThis logs without having run the READ & RUN ME FIRST Before Asking for Support sticky thread in its entirety.

You still have a W32.MYTOB.BO worm and a MyWay problem. Also did you know that Ares is bundled with malware.

You also have the Sony Rootkit crap installed! See the below:

http://www.bleepingcomputer.com/startups/XCP_CD_Proxy-13346.html

prince_will · Apr 23, 2006

oh...i'm sorry if i've caused you any trouble or stress.

i'm currently fixing the Sony problem and the worm problem but i do not know what the "MyWay" problem is.

i'm also planning on deleting Ares. do you have any other suggestions on good file-sharing programs? i only use Ares for Videos and Limewire for music (though Limewire isn't bad with movies, Ares always had the videos that Limewire doesn;t have.)

i'll have another log posted in a little while.

chaslang · Apr 23, 2006

prince_will said:

but i do not know what the "MyWay" problem is.
Click to expand...

Here is the MyWay stuff but you should look for it in Add/Remove programs first and uninstall it:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll

The below two lines are the worm!
O4 - HKLM\..\Run: [WINTASK] taskgmr.exe
O4 - HKCU\..\Run: [WINTASK] taskgmr.exe

Do not confuse the above with Windows Task Manager which is also name taskmgr.exe and is located in C:\windows\system32

prince_will said:

i'm also planning on deleting Ares. do you have any other suggestions on good file-sharing programs? i only use Ares for Videos and Limewire for music (though Limewire isn't bad with movies, Ares always had the videos that Limewire doesn;t have.)
Click to expand...

In this forum and in most reputable malware fighting forums on the net, allo you will get is an answer of "we do not recommend any P2P programs be used. In fact we highly recommend against using any". Some forums will refuse to even help you until all of them are uninstalled.

prince_will · Apr 24, 2006

well i think i've done it. i've done everything you've asked me (i hope i haven't left anything out....here's the new log.

prince_will · Apr 24, 2006

whoops...took too long...here it is.

chaslang · Apr 24, 2006

Just have HJT fix the below lines:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Now we need to Reset Web Settings:

If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.

Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now you need to install the current version of Sun Java and then uninstall the old 4.2 Upddate 03 version (and any other old versions) . Go to the below and get the current version.

http://java.com/en/

prince_will · Apr 24, 2006

alright, i've done everything you've asked...here's the new log.

thank you SO much for your help and patience.

chaslang · Apr 24, 2006

You're welcome.

I still see an older version of Sun Java running!

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

Did you uninstall ALL old versions?

Let's check by getting an installed programs list from HijackThis!

Run HijackThis, click Open the Misc Tools section

Click Open Uninstall Manager

Click Save List (generates uninstall_list.txt)

Click Save, to save it to a file where you can find it.

Attach the uninstall_list.txt file to your next message.

prince_will · Apr 27, 2006

sorry bout the delay...i had more work than humanly possible.

here's the log and uninstall list...though i think i got rid of the old Java on my own.

chaslang · Apr 27, 2006

prince_will said:

here's the log and uninstall list...though i think i got rid of the old Java on my own.
Click to expand...

Nope! You still have the below:

Java 2 Runtime Environment, SE v1.4.2_03

Also you did not follow the guidelines in the READ & RUN ME and because of that you are using a version of Spybot that is more than one year out of date. Uninstall the below:

Spybot - Search & Destroy 1.3

Then get the one given in the READ & RUN ME installed, updated and run a full scan.

Also the below is of questionable reliable and may come bundled with malware. You should uninstalled this but it is your decision:
Warez P2P Client 2.95

Read this for some additional info:
http://research.sunbelt-software.com/threat_display.cfm?name=Warez%20P2P&threatid=15164

Also you have Ares running which comes bundled with malware! See: http://www.spywareinfo.com/articles/p2p/

Log in or Sign up

FakeMSN8Beta

prince_will Private E-2

Attached Files:

hijackthis.log

prince_will Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

prince_will Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

prince_will Private E-2

prince_will Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

prince_will Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

prince_will Private E-2

Attached Files:

hijackthis.log

uninstall_list.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member