hijack this help request

vivia727 · Feb 7, 2005

Hello,
I'm not sure if this is in the correct place, please move it if I am wrong. My computer was taken over this morning by a mess of trojans and viruses. I have gone through the "read me first" steps of downloading ad-aware, spybot, etc., disabling system restore, and doing the other scans. Even though I've deleted a lot of stuff, mostly seems to be tracking software, I am still having trouble with popups, "enhance my search" and an annoying "search the web" thing that insists on being in the bottom right hand corner of my screen. I've run hijack this and will post the log file if needed. The last time I ran Symantec in safe mode it was clean (I had deleted saie1101.exe and shopinst.exe), and when I ran trendmicro I still have troj_dloader.be in the file system32\apcl32.exe. While in trendmicro it told me I had btgrab.dll, sysupd.dll and polall1r.exe, all of which I deleted, and I also used regedit to try to disable them too. When I ran it the second time I only had the first trojan I mentioned come up. I have deleted all of my temp files. I have not run the symantec or trendmicro scans while in normal mode if that makes a difference. Thank you for any help or advice you can give!

chaslang · Feb 7, 2005

If you have completed ALL the steps in the READ ME FIRST sticky, then follow the below guidelines and post your HJT log.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

vivia727 · Feb 8, 2005

here is the log. Thanks!

TheOldThug · Feb 8, 2005

Vivia

Please make sure all browsers are closed when doing the HJT log.
This line shows that it is open.
C:\Program Files\Internet Explorer\iexplore.exe

vivia727 · Feb 8, 2005

I'm sorry. I thought I had had it closed. I ran it again.

vivia727 · Feb 8, 2005

Here's my latest log file. I've been trying to clean it up somewhat using the Hijack This analyzer, but I'd still really appreciate if someone could come after me and see what I missed. The sidesearches have stopped, at least, which is great, but I know there must be something lurking there still. the abod7zzh thing won't go away no matter how many times I try to "fix" it. Also, even though I have nothing open when I'm running this according to my task manager, it still keeps including that line (C:\Program Files\Internet Explorer\iexplore.exe), so maybe that is part of what is wrong? Thank you very very much for any assistance.

vivia727 · Feb 8, 2005

I received some help in another forum. Thank you anyway!

chaslang · Feb 8, 2005

vivia727 said:

I received some help in another forum. Thank you anyway!
Click to expand...

Okay! But are you sure you got everything. Did you check after a reboot and some surfing. The below items can and do come back sometimes:

O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

Log in or Sign up

hijack this help request

vivia727 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

vivia727 Private E-2

Attached Files:

hijackthis.log

TheOldThug First Sergeant

vivia727 Private E-2

Attached Files:

hijackthis2.log

vivia727 Private E-2

Attached Files:

hijackthis7.log

vivia727 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member