need assistance

I have an old computer---with Windows 98. I've read the tutorials and have followed your recommended scanning and cleaning instructions, including Hijack this, but can't fix the problem. My homepage keeps getting directed by Win-Eto and the address bar indicates "swapx..." or something to that effect. The scans that you have recommended identify the problems, but they don't fix it. The Win-eto homepage keeps reappearing as my homepage. Note that the last time I tried Hijack this, then ran explorer, I saw "about blank" in the address bar. That was the first time I saw that one.

I appreciate any suggestions anyone might have. Thanks.

 

Thanks for responding. I did review many of the other posts. I think or hope I've ran all the scans right and followed the instructions. Just can't get rid of it. Attached is the latest log of Hijack This. That Win-Eto home page is there again.

I'm thinking of using a different browser after this is resolved. Are these viruses specific to internet explorer? Could I just change browsers now and leave these viruses in explorer?

 

Hi Fixme,

I'll point you in the right direction so that you can fet a few things done before Chaslang checks back

1) Your HijackThis is out of date! The version you are using does not detect everything. Please get a fresh Download Here: HijackThis 1.98.2

Then, Extract it from the ZIP File to its own folder - C:\Program Files\HijackThis

2) Please download the following tool and keep it handy: Pocket KillBox

Now, Scan with your Current Version HijackThis and attach a fresh log.
Hopefully, you can get this done before Chas checks back!

Best luck
PP

 

Here's the new log. I've downloaded the other item. Mine's a mess, huh?

 

Just something I've notice and I'm a computer novice, but when I open IE from my favorites, I don't have any problem. It goes straight to the favorite item. I can bypass all the viruses by using the favorites.

 

Please Update To HiJack This 1.98.2 - before continuing you must update to the proper version of HJT or you will not get Backups (Added by chaslang). Also this fix will not work since some items are not show due to the old version of HJT being used.

1) Run HiJack This,
2) Remove the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\PN1TCL~1.DLL
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\WGM8W3Y92X5THD.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\1XJ7Z5P4PNYM4.EXE
O4 - Startup: HP Updates.lnk = C:\Program Files\BackWeb\BackWeb\Program\backweb.exe
O16 - DPF: {48BAE8BB-A034-11D2-B9D3-00C04F753F09} (BridgeChannel) - http://etrade.bridge.com/bc/java/install.cab
O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeBC24) - http://etrade.bridge.com/bc24/java/install.cab
O16 - DPF: {89EDFBA2-F623-11D4-BA72-00C04F753F09} (EtradeBridgeChannel) - http://etrade.bridge.com/bc24/java/etradeinstall.cab

 

1) Install Grisoft's AVG AntiVirus Program
2) Install the program, check for updates and scan your system allowing it to remove whatever it finds.
3) After the scan is complete, re run HiJack This and post new log!

 

Hi Fixme,

You are still scanning with an old version of HijackThis. You must upgrade to version 1.98.2! Use the link I gave you. The version you are using is not showing the 020 entry that is part of the SwapX infection. We need to see that DLL, or we can't fix the problem.

Also, there are additional items that need to be removed along with what BJ gave you. You have a porn dialer and a few other baddies along with the SwapX. Also, you will need to delete the corresponding files in safe mode.

So, please get HJT v1.98.2 and scan with that. I imagine Chaslang or BJ will check back.

PP

 

I did run Grisoft and here is another Hijack log. I did use the Hijack link again. Maybe I'm not downloading or unzipping it properly if this isn't the right version.

 

Hi Fixme,

I know I'm sounding like a broken record (if people still know what records are in this day and age ), but you will not get backups running HJT this way:
C:\UNZIPPED\HIJACKTHIS!\HIJACKTHIS.EXE

Also, did you do the last scan in Safe Mode? The reason I ask is that I still do not see the 020 entry normally associated with a SwapX infection. Also, a lot of running processes are gone including these:
C:\WINDOWS\SYSTEM\WGM8W3Y92X5THD.EXE
C:\WINDOWS\SYSTEM\TIBS3.EXE
C:\WINDOWS\SYSTEM\1XJ7Z5P4PNYM4.EXE

I would like to see if they are still there, if they have mutated, or if AVG got some of them.

If you want to be able to eliminate all of the malware on your machine, please locate HJT HERE as you did before: C:\PROGRAM FILES\HIJACKTHIS!\HIJACKTHIS.EXE

Then, rescan in Normal Windows and attach that log.

I realize that this is probably very frustrating for you! It is for us as well!
Hang in there and we'll get you fixed up properly

Somebody will check back when they can.

PP

 

Hey, I have found AdwareAway to be effective in the removal of the win-eto hijacker as well as a few others. Just an idea.

 

Just as an option if you would like to try AdwareAway for the removal of this HiJacker.
1)Download AdwareAway
2)Install, Click "Online Update" (NOTE: After update you must close and restart the application for the updates to be applied)
3)Under "Remove HiJackers" select "Win-eto.com Hijacker" and click "SCAN ONE"
4)Look where it says:
Search Win-eto.com Hijacker ... Start
Found [0] Win-eto.com Hijacker Objects.
Search Win-eto.com Hijacker ... Finished
5)If it detects anything it will show you here.^^
6)If it detects anything, click remove
7)Restart!
8)To make sure HiJacker is gone, repeat steps 3-6