I'm having problems with IE; I keep getting redirected to Worldtracker.com and others

I've read all your tutorials and I have ran all appropriate software that your website has specified. I'm still having major problems with my computer. The virus scanners that you specify have found problems, but they aren't being fixed. The scanners say unrepairable. In addition to this something has hacked my desktop the says "warning you are in danger". I can't seem to remove this from my desktop either. Please help.

 

Hi Mike,

If you've pretty much exhausted the Tutorial's options, then go ahead and send us a HijackThis Log. Make sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will take a look. I'll try to check back if I can.

Best
PP

 

I tried to attach it in the manage area, but the stupid virus keep redirecting me. Here it is pasted, hope this will work for your reference. Thank you!


C:\Documents and Settings\Mike Mobley\Local Settings\Temp\HijackThis.exe

 

Hi Mike,

Please move HijackThis to its own safe folder - C:\Program Files\HijackThis!

Try attaching again. Make sure to include the entire log.

PP

 

Fresh Log

 

Hi Mike,

There are a number of issues in your log. I'll post something for you when I get a chance. I have a number of threads ahead of yours and little spare time - So, please be patient!

PP

 

Will do, thank you!

 

Did you guys forget about me?

 

Hi Mike,

I think it's just me here tonight & I only have so much free time to volunteer here

You have a whole truckload or Trojans and Worms to deal with.

Please be especially careful removing these as the bad process names closely resemble the legitimate ones.

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Look in Add or Remove Programs for 180 Solutions and Uninstall it.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and END them (if found):

csmss.exe ---> Not to be confused with smss.exe
stisvsq.exe
svshost.exe ----> Not to be confused with svchost.exe
msqdevl.exe
lssas.exe ----> Not to be confused with lsass.exe
mservice.exe ----> Not to be confused with services.exe
iau.exe

Now scan with HijackThis and Check the Boxes for the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O4 - HKLM\..\Run: [spoolsvr32] c:\windows\system32\csmss.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe

O4 - HKLM\..\Run: [Games Acceleration] svshost.exe

O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe

O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe

O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe

O4 - HKCU\..\Run: [tgbcde] C:\WINDOWS\tgbcde\module32.exe arg1

O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe

O4 - HKCU\..\Run: [Games Acceleration] svshost.exe

O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe

O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe

O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe


O16 - DPF: {9EB5CD98-D52D-4C75-84DF-B22520DB6941} (XLosCtrl Class) - https://net3.creditworkbench.com/cab/xPoint40.cab ----> If this is something you want to save, then do not fix it.

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE the following if they remain:
(Again, be careful not to delete the Legitimate files)

C:\windows\system32\csmss.exe
C:\WINDOWS\stisvsq.exe
C:\WINDOWS\svshost.exe
C:\WINDOWS\msqdevl.exe
C:\WINDOWS\lssas.exe
C:\WINDOWS\mservice.exe
C:\WINDOWS\iau.exe
C:\WINDOWS\tgbcde ---> The Folder
c:\program files\180solutions ---> The Folder

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will check back when I can – Likely tomorrow night. (I've got a life too, you know? )

AFTER we have gotten your machine cleaned up, take a spin to Windows Updates and get updated!

Best luck
PP

 

I did everything you stated and this has definately helped out as far as IE is concerned. However, I was not able to delete the csmss.exe file in the system32 folder; the computer stated that is was protected or in use and therefore I couldn't remove. In addition to that, I still have my desktop hijacked; can't put my own wallpaper up; it's some sort of warning page that is all black with the following: "Warning You're in Danger". I've attached the hijack log for your review. I just want you to know that this is an outstanding service. I know you don't charge, but is there somewhere I can send a donation for you guys?

 

PP,

Please take a look at your earliest convenience.

Thank you,
mike

 

Hi Mike,

Thanks for waiting! I do this in my free time because I know how frustrating Malware can be.
I am not exactly sure how to go about fixing your desktop problem if it is not related to the csmss problem. Other than this, your HJT log is clean.

However, for the C:\windows\system32\csmss.exe problem, try ending the running process in task manager and then, with the viewing of hidden files enabled, try to delete it then.

Should that fail, try downloading this tool: Pocket KillBox

Select the Delete on Reboot option and try to delete it that way. Let me know if this does the job!

Best
PP