HijackThis trouble

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tbird, Sep 2, 2004.

  1. tbird

    tbird Private E-2

    I have a browser hijacker that keeps coming back. Each time I re-start my pc, run registry mechanic, and run Ad-aware, I can browse the internet freely...but only for a few minutes. Then I get hijacked. My google search engine is disabled and if I try to go directly to any number of sites (google.com, microsoft, norton, symantec, yahoo) I get re-routed to //search.findwhatevernow.com.

    I followed your Basic Spyware removal and cleaning steps --
    ran CCleaner,CWShredder said already clean, Kill2me said nothing bad present,HSRemove said no files to remove.

    Steps not followed:

    I couldn't Disable System Restore. I have Windows 2000 and could only find inx for XP.
    about:Buster was corrupted and would not run
    hijackthis.exe would not run b/c it comes zipped and i don't know how to get it into the Program File.
     
  2. Kodo

    Kodo SNATCHSQUATCH

    you need a program like winzip or winrar to extract the HIJACKTHIS program to a directory.
     
  3. tbird

    tbird Private E-2

    I use Winzip, but it automatically extracts directly to the desktop. How to I make it extract to a directory?
     
  4. Kodo

    Kodo SNATCHSQUATCH

    if winzip pops up, just close it. Find the file, right click on it and choose EXTRACT TO [filename] where filename is the name of the zip file. It will then create a directory in that folder with the same name as the file. Open that folder up and run HJT.
     
  5. tbird

    tbird Private E-2

    Kodo -- thanks for the winzip procedure. The good news is it worked. the bad news is that I must have clicked on the wrong item in HJT b/c now I can't get onto the internet at all (I'm on a diff pc right now).

    I have copies of the HJT logs from both before and after the fix. Where do I go from here?
     
  6. Kodo

    Kodo SNATCHSQUATCH

  7. tbird

    tbird Private E-2

    Thanks Kodo -- here they are
     

    Attached Files:

  8. Kodo

    Kodo SNATCHSQUATCH

    you accidentally removed this line
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA1DC6B-28FE-44F1-85A3-F4DFE52FEF2A}: NameServer = 209.47.15.118,64.157.143.38,167.206.3.210,167.206.112.138

    this had your DNS servers .. you'll need to reconfigure your connection to include those DNS servers. Or follow optimum onlines's connection configuration manual (if they provided you with one).
     
  9. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    I am only not really sure about a few. You have a typical long Hijack This logfile as a lot of Compaqs tend to with all the crap loaded. I would like to hear Chaslangs input, but I am not sure about these:

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll

    Do you know what they are?
     
  10. tbird

    tbird Private E-2

    Thanks -- I'll go to optonline and will also wait to hear what you and Chaslang find
     
  11. tbird

    tbird Private E-2

    I have no idea what they are
     
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Here's what I say, "Fix those lines"!

    {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} nvms.dll Parasite eXact Advertising
    {CE188402-6EE7-4022-8868-AB25173A3E14} mscb.dll Parasite eXact Advertising
    {F4E04583-354E-4076-BE7D-ED6A80FD66DA} msbe.dll Parasite eXact Advertising
     
  13. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    So, I rock?
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No doubt about it!!
     
  15. tbird

    tbird Private E-2

    Success!!!

    Thank you very much
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds