need help removing heretofind.com hijack

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by YoTrep, Nov 10, 2004.

  1. YoTrep

    YoTrep Private E-2

    Can anyone help me remove heretofind? Need help bad
    thanks

    hijack log


    EDIT by chaslang: Inline log changed to an attachment Please follow guidelines and only post logs when asked and only post as an attachment to your message.
     

    Attached Files:

    • hjt.txt
      File size:
      4.1 KB
      Views:
      2
    Last edited by a moderator: Nov 10, 2004
    YoTrep, Nov 10, 2004
    #1
  2. PhilliePhan

    PhilliePhan Guest

    Hi YoTrep,

    You MUST first move HijackThis to its own safe folder - C:\Program Files\HijackThis

    We also recommend that you First follow the steps HERE:
    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

    I'll get you started:
    Please print out these instructions so that you can operate with All Browser Windows CLOSED.

    Please make the Viewing of Hidden Files is Enabled as per the above tutorial.

    Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and END them:
    fnlujv.exe
    msmonk32.exe

    Now scan with HijackThis and check the boxes for the following:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\spe\start.chm::/start.html#

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.heretofind.com/show.php?id=0&q=%s

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\spe\start.chm::/start.html#

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

    R3 - Default URLSearchHook is missing

    O4 - HKLM\..\Run: [xptkzw] C:\WINNT\System32\fnlujv.exe

    O4 - HKLM\..\Run: [System Initialization] C:\WINNT\system32\msmonk32.exe

    O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)

    O9 - Extra button: Corel Network monitor worker - {EFC8FC6A-8584-4A81-B49F-322C99D7FE08} - (no file)

    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EFC8FC6A-8584-4A81-B49F-322C99D7FE08} - (no file)

    O9 - Extra button: Corel Network monitor worker - {EFC8FC6A-8584-4A81-B49F-322C99D7FE08} - (no file) (HKCU)

    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {EFC8FC6A-8584-4A81-B49F-322C99D7FE08} - (no file) (HKCU)

    O13 - DefaultPrefix: http://www.heretofind.com/show.php?id=0&q=

    O13 - WWW Prefix: http://www.heretofind.com/show.php?id=0&q=

    O13 - Home Prefix: http://www.heretofind.com/show.php?id=0&q=

    O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=0&q=

    O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=0&q=

    Again, make sure All Browser Windows are Closed when you Click FIX.

    Now boot into Safe Mode and DELETE:
    C:\WINNT\about.htm
    C:\WINNT\System32\fnlujv.exe
    C:\spe
    C:\WINNT\system32\msmonk32.exe

    Reboot to Normal Windows and Scan with HijackThis and attach that log. Let us know of any problems you may have encountered with the above instructions and how your computer is running now.

    NOTE that I just gave your log a quick look and you should DEFINITELY run through the tutorial that I linked!!

    Best luck :)
    PP
     
    PhilliePhan, Nov 10, 2004
    #2
  3. YoTrep

    YoTrep Private E-2

    Thankyou, Thankyou, Thankyou!

    I think the problem is fixed, at least as far as I can see, which isnt very far. Thanks again for your help, I will name my first born after you! Here is my hijack this log.
    Thanks Trep
    [log attached by kodo]
     

    Attached Files:

    • hjt.txt
      File size:
      2.5 KB
      Views:
      0
    Last edited by a moderator: Nov 15, 2004
    YoTrep, Nov 15, 2004
    #3
  4. PhilliePhan

    PhilliePhan Guest

    Other than the fact that you posted it inline again, your log looks OK. Happy we could help :)

    I suggest that you take a look at Chaslang's recommendations HERE:How to protect yourself from malware!

    Best,
    PP
     
    PhilliePhan, Nov 15, 2004
    #4
  5. Kodo

    Kodo SNATCHSQUATCH

    and GET SP4 for windows 2000 ASAP!!!!!
     
    Kodo, Nov 15, 2004
    #5
  6. YoTrep

    YoTrep Private E-2

    PhilliePhan,
    unable to use your link, can you give me another way to get there. thanks again for your help, sorry about the inline posting. I'm a rookie when it comes to this stuff, but I am learning fast. I also downloaded SP4.

    thanks
    Trep
     
    YoTrep, Nov 15, 2004
    #6
  7. PhilliePhan

    PhilliePhan Guest

    A bad case of Malware can often be a good learning experience - as well as an eye-opener ;)

    I was just referring to Chaslang's How to protect yourself from malware Pinned Post at the top of the Spyware Forum. He offers some really good suggestions.

    Among them, I definitely recommend that you use the following tools:
    Ad-Aware SE Personal

    SpyBot-Search & Destroy - Remember to use the "Immunize" feature

    SpywareBlaster

    These are all FREE! Just remember to Internet Update them regurlarly! They, along with a good Anti-Virus and Firewall & keeping your Windows up-to-date will do wonders in helping to keep Malware off your computer!

    Best :)
    PP
     
    PhilliePhan, Nov 15, 2004
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds