Major problem with hijacks. Please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by daro, May 14, 2005.

  1. daro

    daro Private E-2

    Hi. I am running WinXP on PC and I have a huge problem with a spyware (or virus) I can't get rid for about a week now. This is what it causes:
    - redirects browsers to other pages (sportresult.com is one of it's favored choice but it can take me to other e.g. 9ringtone.com as well)
    - is capable of launching my default browser if it was closed – all by itself - when I am online
    - disconnects my browser from displaying pages. I mean I am still on line (can do ping and use other network services) but my browsers will say that there is no page to be displayed. Now it happens every 5 -10 minutes!!. I have to restart PC each time to get it back to work so writing this post I’ve done it couple of times - probably the bastard is full of bugs :(
    - quick launch icons bar disappears after each reboot

    Following advices of the other forum members I've scanned my WinXP with (system restore was disabled):

    - Trend Micro Online Scan
    - Symantec Security Check
    - McAfee AVERT Stinger
    - CCleaner
    - Ad-Aware
    - Spybot
    - CWShredder
    - Kill2me
    - about:Buster
    - HSRemove
    - SpySweeper

    During scans Look2Me adware has been found and removed. The only thing is I am connected through modem and couldn't do online scan in safe mode so it would not be 100% .

    Anyway all the scans say now that my PC is clean but it is NOT.

    Could you please help me on this. Let me know if you need more info or Hijack This log to go through.

    Thanks
     
    daro, May 14, 2005
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    You can, however, do a complete scan from safe mode with your own anti-virus program, which is what I would suggest for a dialup user. Be sure your anti-virus is up to date first.

    After doing that, if you still have a problem:
    [/color]
    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    Major Attitude, May 14, 2005
    #2
  3. daro

    daro Private E-2

    Halo Major Attitude! Thanks for your answer! Attached is my HJT log.
     

    Attached Files:

    daro, May 14, 2005
    #3
  4. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    There are 4 lines I see that you should not remove, but point out a problem, they look like:
    O10 - Unknown file in Winsock LSP: c:\windows\system32\winlspak.dll
    I thought we had the tool here, but i am on my way out, so grab it here:
    http://www.cexx.org/lspfix.htm and read the text file first.

    Remove:
    O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
    O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} - http://advnt01.com/dialer/russia.CAB

    Remove these if they are not your ISP, if not sure, leave them:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{345D7F6F-0C98-44B7-B8B6-A3C989E66DEA}: NameServer = 194.204.152.34 217.98.63.164
    O17 - HKLM\System\CS3\Services\Tcpip\..\{345D7F6F-0C98-44B7-B8B6-A3C989E66DEA}: NameServer = 194.204.152.34 217.98.63.164

    Continue:
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\jr4025hmg.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
    O23 - Service: Erss8udkaski - Creative Technology Ltd - (no file)
    O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)

    Ill be out for the afternoon, hopefully Chaslang or BJgarrick will step in if that does not fix you up, plus they are smarter then me :)
     
    Major Attitude, May 14, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds