Hijacked by C2 Media Ltd

Please help!!!! My Internet Explorer have been hijacked. I mistakingly downloaded this malicious program responding to the buble in my tray, which was saying that I need to update my Windows. Stupid me, I believed them!
I performed everything that you listed in your DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal. The only thing that I didn't do was a safe mode. I am not very familiar with the PC details and was scared by the message I've got.
Unfortunately I wasn't able to get rid of the problem. My last resource is probably Hijack This, but I need a guidance. Please, please help me. I have WindowsXP and my Internet provider is Verizon DSL. I'll appreciate any help.

 

and what message was that?

one thing you do need to do is do it in safe mode and complete the "how to"
that may take care of anything that wasn't taken care of in normal mode
it is an important step in the procedure

 

I ran all the scans in safe mode. Didn't help. My Internet Explorer browser is still hijacked. should I try to run HJT?

 

go ahead
as long as it is in its own folder and not on the desktop
make sure you close any running applications you don't need
and post your HJT log as a .txt file

 

jarcher, attached please find my HJT log. thanks for help in advance.

 

never mind
MA is here
this may be removed

 

So, if I understood you correctly, here is what I need to do now:
1. Close all applications.
2. Disable Norton Antivirus, which is running on the background.
3. Restart in safe mode.
4. Run HJT again and make it fix the files listed in Administrator's emai message.
What scans would you recommend me to re-run, since I already ran most of them in the safe mode before my first HJT scan?
Thanks.
lina

 

I fixed what you suggested me to fix. I am attaching the new log.
I opened the Internet Explorer and the message said that the page couldn't be found. Also here is what appeared in the the address window of the browser:
http://www.ucfbbdwxjufmvj.com/kobdyOEsjhQlsoUNmtT0dKJJ8YjJXKM7HFxb1sQ0_oU.cgi

Does it mean that we achieved our goal?

Also I ran again CCleaner in Safe mode before HJT scan. So the log should reflect it.
Thanks.
lina

 

you could run all of them, actually
won't hurt anything, really

 

Just sent my new log.
Thank you, jarcher.
lina

 

jarcher!!! I just opened Internet Explorer and the thing is still there:
http://search200.com/
and all 9 yards of it.... Nothing helped yet?

 

i dont see your new log
but go here:


http://forums.majorgeeks.com/showthread.php?t=38772

see if that helps

 

jarcher, actually after I posted my new log I realized that it was only reflecting what I fixed in the safe mode. I went to the regular mode and scanned again. Many of the bad files were still there. So I fixed them. When I opened Internet Explorer after that I do not see WebSearch anymore but instead in the address window I see "about:blank" and a blank page. I typed some address and got the page I was asking for. Does this mean that I only need to pick the default page? Did we beat that ugly thing?
I am attaching my newest new log.
Hope it is clean now.
Please let me know whether you can see it.
Thank you.
lina.

 

the last link explains about:blank. . . .

but I think your clean
i'll be back, shortly

 

did you put in your wanted startpage?
is everything ok then?

 

jarcher, yes, I was able to set up a start page on the IE using Tools-Internet Options. Everything looks good to me, but I am still a little bit afraid to celebrate yet since I still can see the toolbar, which was on the WebSearch page. It contains entertainment tabs, like Football, Hockey, College... I do not know how to remove it.
I am going to read the link you recommend about:blank.
But I do not see about:blank in my log anymore. Does it mean that it's been removed?
thanks.
lina

 

Hi Lina,

I didn't see any About:Blank problems on your log.

Regarding your toolbar issue, take a look at this thread and see if your problem is similar:
http://forums.majorgeeks.com/showthread.php?t=44402

Perhaps the tool I suggested there may do the trick for you as well? Let me know if it helps. I'll try to check back later.

Best luck,

PP

 

the about blank you are reffering to
is just the IE default
looks like yer all good. . . .
thanks for choosing MG

 

PP, I am trying to download OmegakillerSM. I was prompted to register, which I did. Still I am not able to download a file, only an HTML document. What do I need to do?
lina

 

Hi Lina,

Are you using IE?
I had no problem downloading the ZIP file here:
http://www.short-media.com/download.php?d=294

No registration required. Try again. I am going to be away from my computer for a bit, but I WILL check back when I get a chance.

I've never had the toolbar problem, so I want to see how effective this tool is. If you are able to run it, let me know.

PP

*** again, M.A. - I apologize for the foreign link

 

Dear PhilliePhan, I was trying to download it from MSN browser. I attached files where you can see what I was getting. I'll try again tomorrow from IE. may be this will help. Too tired tonight... after spending the entire day sifting through the files and logs. Talk to you tomorrow.
lina.

 

Hi Lina,

Try IE and use this link:
http://www.short-media.com/download.php?d=294

If we need to, go into your profile here at MGs and enable e-mail and I'll send the ZIP file to you. (Don't post your e-mail in this thread, if it comes to that)

- - I take it your problem toolbar is similar to the one in the other thread?? You didn't say. . .

You should also note that I've not used this tool - I've never had this toolbar problem myself. So, I do not know whether it works or not. It's probably worth a try.
If you have any misgivings about using the OmegaKillerSM, you don't have to try it I find the SM site to be reputable and trustworthy.

Talk to you tomorrow - Most likely in the evening.

Best,
PP

 

Dear jarcher, administrator, PhilliePhan! Guys, you are life savers! Thank you so very much for your amazing help and for your advises, for taking time to analyze my logs. World is not lost yet when people like you exist. Wish all bad malisious companies to burn in hell!
I hope I am much smarter know, at least more knowledgable and careful. Although it cost me couple days of searching, reading, scanning, and a lot of stress and frustration.

PP, I took your advise and successfully downloaded OmegakillerSM in IE (remember, it didn't download in MSN browser).

 

so do we all. . . . . . . .'
thank you for coming to MG. . .

 

Hi Lina,
We are all happy to help.

Most people walk away from a battle with malware with their eyes opened. Chaslang has finally pinned his excellent malware safeguard recommendations. Check them out!
How to Protect yourself from malware!

Did the tool work as advertised? Please let me know so I will know whether to recommend it to others!

Happy & Safe Surfing

PP