i tried everything please help

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dlow, Jan 14, 2005.

  1. dlow

    dlow Private E-2

    i have ad ware away, crap cleaner, about: buster, cwshredder, hijackthis, kill 2 me, spybot S&D, spy substract, and spyware blaster. i have all the newest windows updates but i cant get rid of this spyware. its the thing when you start internet explorer it takes me to some stupid search page. if you can help me i would really appreciate it.
     
    dlow, Jan 14, 2005
    #1
  2. dlow

    dlow Private E-2

    and also I completely ran through that READ ME FIRST BEFORE ASKING FOR SUPPORT tutorial, using every tool and suggestion... all in safe mode. but it still goes to that search page

    also here is my hijackthis log
     

    Attached Files:

    dlow, Jan 14, 2005
    #2
  3. Quinndrew5

    Quinndrew5 Corporal

    Quinndrew5, Jan 14, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You also need to get the proper version of HijackThis. And in the future please wait for someone to ask you to post a HijackThis log.

    And as Quinndrew5 pointed out run the Generic Solution. If you don't understand how to do that, post back a request for help.

    The key items from your log are:

    C:\WINNT\System32\rsvp.exe
    C:\WINNT\system32\sdknz.exe
    C:\WINNT\ntjj.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\hksxd.dll/sp.html#29126
    O2 - BHO: (no name) - {1D7F3E68-D541-2D61-344B-C7102BFA73A2} - C:\WINNT\system32\addvb.dll
    O4 - HKLM\..\Run: [ntjj.exe] C:\WINNT\ntjj.exe
    O4 - HKLM\..\RunOnce: [sdknz.exe] C:\WINNT\system32\sdknz.exe

    But since you did not use the proper version of HJT, one of the three services mentioned in the READ ME FIRST and in the Generic Solution is not showing in your log and one of them could be running.
     
    chaslang, Jan 14, 2005
    #4
  5. dlow

    dlow Private E-2

    i probably am going to need some help with the generic solution
     
    dlow, Jan 17, 2005
    #5
  6. Quinndrew5

    Quinndrew5 Corporal

    Any specific problems I might be able to get you ahead start on?
     
    Quinndrew5, Jan 17, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to read thru it, and ask your questions ahead of time. Then prior to executing post a current HJT log and do not reboot or the problem files could change names making the steps I would give you useless.
     
    chaslang, Jan 18, 2005
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds