HELP! I've been Hijacked! PLEASE HELP!

Discussion in 'Malware Help (A Specialist Will Reply)' started by D00MGIVER, May 3, 2005.

  1. D00MGIVER

    D00MGIVER Private E-2

    Hello,

    I've never had to use a messageboard like this before, but I'm completely at my wit's end!

    I recently contracted some sort of BHO hijacking virus which keeps changing my beloved Google homepage to some random search engine, complete with pop-ups, etc (possibly "Only the Best" or something like it). I have been using SpyBot, Ad-Aware and Norton on a regular basis after contracting a different virus of this same sort, but nothing seems to work. I use SpyBot's secure shredder, BHO changer, etc, but absolutely nothing works at getting rid of this nasty problem. Below is my Hijack This log report.... I hope it helps.


    Edit by chaslang: Unrequested inline log removed

    I've already manually gone through as many deleting procedures as I can, deleting anything that I knew to be malicious. However, if I rebooted my computer right now, I'm sure my Hijack This log would be a great deal worse. This thing keeps on coming back. I hope someone can help me, I am at a complete loss!!!

    Thank you in advance,

    T.S.D.
     
    Last edited by a moderator: May 3, 2005
    D00MGIVER, May 3, 2005
    #1
  2. Gottaminit419?

    Gottaminit419? Private E-2

    Please pay attention to the rules (no log files unless asked for)--

    This one (about:blank can be a real headache - as it likes to reinstall itself from the reg at startup). Hijackthis is the solution you just have to understand the log a little more--

    Here is the site that started me on my way to cleaning it once and for all

    pchell.com/support/aboutblank.shtml

    hopethathelped :)
     
    Gottaminit419?, May 3, 2005
    #2
  3. kuku

    kuku Specialist

    Try using Microsoft Antispyware and see if it catches anything that Ad-Aware and Spybot don't (my guess is that it will). Also switch to firefox. :)
     
    kuku, May 3, 2005
    #3
  4. D00MGIVER

    D00MGIVER Private E-2

    I'm sad to say that the website you directed me to did not help me as much as I had hoped. Basically, that website told me to look for a file which did not appear to exist on my computer. I followed its instructions, but was not able to find the "AppInit_DLL" file which they speak of.


    What should I do now? Can anyone help me?
     
    D00MGIVER, May 3, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read the Announcement and the sticky threads and do not post HijackThis logs unless they are requested and then they must be posted as attachments. Please follow the steps below to the best of your ability. Pay close attention to the steps mentioning about:Blank and HSA hijackers. Make sure your disable the Service as indicated in step 2 of the READ ME. You have the Network Security Service (NSS) running and it must be stopped and disabled. It is a key part of the hijacker.

    You don't need to go to other sites to solve your problems. We have all the procedures here. I have fixed literally in the vincinity of 1000 of these hijackers. You will notice there is even a very detail procedure for removing this in the sticky thread titled:

    When all else fails - Generic Solution to HSA (Only the Best) & about:Blank hijack

    But don't worry about running that right now! Just complete the steps below and make sure you download the about:Buster and HSremove tools.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 3, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    They will not do anything to fix this at all!
     
    chaslang, May 3, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds