HSA vs Jason vs Michael Myers

HSA vs Jason vs Michael Myers

Hi there!


Well, last two days I've methodically followed, read, done, dowloaded,
updated, etc. everything said on these three tutorials...

1. READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
2. When all else fails - Generic Solution to HSA
(BTW, I've feedback & some suggestions related to this document).
2. Hijack This Tutorial And How To Post Your Log File

...And cannot completly remove the freakin' HSA (aka About:Blank, Windows
Help Center, etc.)!.


I think HSA is kind of a movie monster-bad-serial-killer (like Michael
Myers). You cannot never be sure if you kill the mothertrucker!


Please guys help me out and together we can get rid off this f.cking
character flix!

PS I'm ready to send you the new logs from About:Buster & Hijack This;
and other interesting feedback.


Melomano
WinXP

 

Sorry guys, forgot to tell you that -after all the scanning and cleaning
things- NOW I have the following symptoms:

1. I've put majorgeeks.com as the IE startpage, but now isn't.
Instead a www.google.com address appears...
2. If a run Hijack_This everytinhg looks normal there's nothing wrong in
the R1 or R2 lines. BUT in the O2 there's this little archive *.dll.
2. Anyway, IE doesn't responde. Actualy there's no activity in
the status bar. I cannot even go through to the Internet Options.
3. Cuz IE is dead, I started to used Mozilla Firefox but is funky
time here. When you try to open www.google.com the browser
sends you to a windows update page with the Google logo (?). If
you then click stop, and put another page like www.hotmail.com, the
browser sends you to google.com (!).

So if you put www.mail.com the browsers responds with
hotmail.com or with a Error Page (not the 404) or a page with a URL
ending with .../en/default.asp. So f.cking strange because if I close
Firefox and open it again, things go normal but in seconds
weird pages open up like a Windows Update page with a left
pane with the world google (hahahah! funny as hell!!!!!)

- So if a do a Hijack_This scan, I can see that HSA is back
in the R1 and R0 lines (AAAAARGGGGH!!!)

I think this a case for the experts.
Calling Major Attitude or Chaslang: Need help!

 

Today I should add other symptom and a placebo effect:
4. All my icons disappear from the toolbar.
5. I installed Opera and browsing the Web without problems so far. If I encounter problems I'll repost.

 

Thanks Chaslang, This is the new (after doing everyting by the book) Hijack This post.

 

Thanx Chasland

First, I run the Hijack This and this window pop up appeared saying this:

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O21 - SSODL: System - {805F800B-D927-47A5-9123-287A6B469C55} - C:\WINDOWS\system32\system32.dll (file missing))
Error #62 - Input past end of file

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2600.0000
HijackThis version: 1.98.2

This message has been copied to your clipboard.

Secondly, I reboot in Safe Mode and look after the .dll file. Couldn't found it and that's was probably because I'd previously deleted it yesterday with about:Buster (yes, the Hijack This log you read it was from yesterday and it wasn't updated) .

Third, I run Mozilla Fire Fox and isn't working properly (when I do a google search I get the results but can't open any: I'm still getting a "Server Database Error" page).

Finally, I'm posting this message in IE !!! It's working good so far! aleluya! Thanks Chaslang for the help, you're so damn good !!!

PS.
Chaslang,
I'm going to update my Windows version, doing all over again the process of cleaning and scanning , reboot few more times, navigate, etc. If a encounter something bad or good I'll post more feedback.

 

Sorry, forgot to tell you. Yes, I'm using a proxy server and that line for me looks normal.

Cheers

 

I look for it (the .dll file) with the search for File or Folders (+ subfolders, hidden files, etc.) option from the Windows Start . And also look after the xxx.exe and xxx.dat, but none found. I don't know but maybe yesterday when I did some hijjack fixs and about:Buster scans, the file could be eliminated. I don't remember well but I think I also run & clean with AdAware SE.

Here's my most recent Hijack This log:


(CANNOT UPLOAD hijackthis.txt NEITHER IE OR OPERA, WHY?)

 

Here's it:

 

Thank you so much Chaslang for helping me. Last four days I've been normaly
navigating the Internet with Opera & IE, and I gotta tell you:
I finally killed the "HSA", aka "About:Blank"!. Of course, with so
much of your help.

And about my case, forgot to tell you that I didn't deleted these
services because didn't found them:

"Network Security Service"
"Workstation Netlogon Service"

Instead, I deleted this service named: "Remote Procedure Call (RPC) Helper"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote Procedure Call (RPC) Helper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Remote Procedure Call (RPC) Helper


I found that service suspicious. Check for yourself at http://www.d-a-l.com/help/archive/index.php/t-1637.html

PS. I uninstalled and installed Firefox but that didn't work. Guess I don't need it anymore (ahem, I hope so).


¡MUCHAS GRACIAS COMPA!