My HiJack Log

Hi
I visited a IRC site a few days ago using Explorer on Windows 98. I have freeware F-secure Anti-Virus S/W. It picked up Trojan-Downloader/Win32/Agent.Ap and Trojan-Downloader.kq. It wouldnt delete,rename. When I reopened exploret the Home page went to "About: Blank". If I entered a web address, it caused a general fault on explorer and exited.

I went into my Windows/ files and deleted some suspect files and renamed others via Ms-DOS. Silly, I know. Anyway, i was able to get back on the Internet. I surfed the forms and downloaded "Trojan Hunter" and "Stinger" and "CCleaner". They didnt pick up anything. I also did an online Panda Scan. Found Nothing.

I restarted on safe mode and deleted more suspect files. I ran Trojan hunter and Stinger from there. It Didnt pick up anything. I believe I deleted the main suspect file.

Still, I believe my Computer is slugglish and my log is below. Does it look like any suspect files still exist? Thanks for your help on this matter. P.S I have google Toolbar!

Michael

 

Hi Subaculture,

You still have a number of issues including About:Blank on your machine.

Also, it would be a good idea to move HijackThis to C:\Program Files\HijackThis.

You should take a spin through this Cleanup Tutorial:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Then, attach a fresh log via the "Manage Attachments" tool when you post and somebody should be able to help you out.

Best

PP

 

Hi there,
i have attached Version 2 of my Hijack Log. I followed suggestions and cleaned my drive with Sysclean. I also did full scans with Trojan Hunter and cleaned all my Windows Temp Files.

Does my Log look OK?

Regards
Michael

 

Hi Michael,

Your HJT Log looks good, but I just gave it a really quick look. Chas will probably be along to doublecheck it.

I do not know what this is - C:\WINDOWS\APIFU32.EXE
That doesn't mean its bad. I just need to look it up when I get some time.

Hang on for the final word from Chas.

PP

 

Hi,
I deleted the APIFU32.EXE file via Hijack and did a PANDA and RAV Online Scan. I also scanned with About: Buster. It was clear. Panda was clear and RAV Identified a Sober.32 virus in an unopened mail in Outlook Express. There was no sign of APIFU32.EXE in the Windows Directory. I will continue to scan and hunt for it and recheck logs, but I hope the problem is solved. Thanks for your help int his matter.

Rgs
#Michael

 

Sorry, Back again like malware. I am worried about one aspect.

I deleted Spyware Doctor because its was a evaluation copy with no updates. I installed Spyware Blaster and updated. In Spyware Blaster under TOOLs - BROWSER PAGES , I have

http://searchbar.findthewebsiteyouneed.com/

as "more Info on Browser Page Item. default_seach_url" This item is a Search Assisant related Item for the Cuurrent User.

All the other default addresses are correct .i.e google.com

I can not get rid of it via safe or Normal Mode. I deleted all temp files, scanned using online Scans and a Sysclean Scan. While it doesnt seem to be doing anything. .. any thoughts on now to get rid of it.

Regards
Michael


[log removed]

 

You ran HIJACKTHIS from

C:\MY DOCUMENTS\MY PICTURES\SPYWARE\HIJACKTHIS.EXE

please only run it from it's own folder like
C:\program files\hijackthis

when you've completed this, post a new log file as an text document attachement only.

 

Hi,
I dont see any problems with the log but after checking my registry at
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main

There is
Name Data
Default value not set
Default_Search_URL http://searchbar.findthewebsiteyouneed.com/

Do I just delete the second line?
Mike

EDIT by chaslang: Inline log deleted

 

Im sorry,
I should have uploaded the log!!

 

Hi all,
I had deleted the registry key before reseting the Explorer options but in either case, the "Searchbar" default URL that Spyware Blaster picked up is gone. The PC seems fine and all scans are clear. Here's hoping. Thanks to all for their time and effort.

Michael