Hijacked

Old Tom · Aug 25, 2004

Hi all,

I was wondering if one of you smart people could help me out? This is the first time that I ever had a virus or spyware on my PC. I have all my definitions up to date and I have all my Microsoft updates. Still something got through when I was quickly researching some info fo my job. Over the last 24 hours my Internet Explorer is being hijacked to a search engine called heretofind. I have followed the basic set ups and I have run Ad Aware, Spy Bot, Hijack This, Norton, Xoft Spy, Spy Sweeper, and a few others. The spyware keeps coming back. I can eliminate several objects but I am missing something. I am putting my latest Hijack This log below after running and cleaning. Do you see anything that I have missed? My operating system is Win XP Home Edition. If you could give me some tips I would be very grateful. I use my computer for my little home business. Thx Old Tom

DavidGP · Aug 25, 2004

yes Tom ... first off I would read and follow the instructions in this guide first then if all steps do not resolve your problem then post back.

http://forums.majorgeeks.com/showthread.php?t=35407

Old Tom · Aug 25, 2004

Thanks for the reply Halo,

Actually I performed all of those steps already before I posted. I went back and double checked the steps though.

The hijack still keeps coming back. Seems I can get 99% of it out but not the key part that keeps respawning the other parts.

Any other tips will be appreciated.

Thx.

Old Tom

chaslang · Aug 25, 2004

I do not have time to go into to details on how to right now but:
- unregister sfg656e.dll, fix the O2 line in HJT (after exiting all browser sessions), reboot to safe mode and delete the file C:\WINDOWS\System32\sfg656e.dll

Here is the HJT line:
O2 - BHO: Core Library - {83B3E0C1-DEF1-4df5-A3F5-92D10B7A396A} - C:\WINDOWS\System32\sfg656e.dll

Also you need to dowload LSP-Fix and repair youu LSP chain. See the next line:
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

Download LSP-Fix from here: http://www.cexx.org/lspfix.htm

See if you can follow that and get back to me. I'll be back in later.

chaslang · Aug 26, 2004

Okay from the PM you sent me, I can see you do not know what I meant. See if you can follow the below instructions:

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:

regsvr32 /u C:\WINDOWS\System32\sfg656e.dll

then click OK. If a dialog box confirming this action appears, click OK. If you get an error message here, tell me what it said and continue.

Now run HijackThis and put checks on the following item but do not click Fix until you have exited all browser (Internet Explorer) sessions:
O2 - BHO: Core Library - {83B3E0C1-DEF1-4df5-A3F5-92D10B7A396A} - C:\WINDOWS\System32\sfg656e.dll

Did you download LSP-Fix from here: http://www.cexx.org/lspfix.htm
If not please do so. Then run it. Check "I know what I'm doing" and select spsublsp.dll from the left hand side. Click the arrow so it goes over to the right. Click Finish.

Now enable view of hidden files and folders: http://forums.majorgeeks.com/showthread.php?t=37650
Now reboot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

And use Windows Explorer to located and delete:
C:\WINDOWS\System32\sfg656e.dll

Let me know how all this works out and how things are working. If still have problems, describe them and post a new HJT log as an attachment.

Log in or Sign up

Hijacked

Old Tom Private E-2

Attached Files:

HJT.txt

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Old Tom Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

Hijacked

Old Tom Private E-2

Attached Files:

HJT.txt

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Old Tom Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches