Need help with spyware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wdewky, Oct 3, 2004.

  1. wdewky

    wdewky Private E-2

    I've followed the directions at the link http://forums.majorgeeks.com/showthread.php?t=35407

    I have not been able to fix the problem and I'm to the point where using hijackthis is suggested. I read the tutorial on the program, but when I ran a scan the window that displays the log file disappears after only a few seconds and I'm not able to analyze. What should I do about this?

    Note: My problem is that my homepage keeps redirecting to about:blank page.
     
    wdewky, Oct 3, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    the log file should still be there as Hijackthis.log find it and open it up with another editor like word pad or ms word and make sure there is content in it. Then change the extension to .txt and upload it to a post here and I or Chaslang will take a look at it.
     
    Kodo, Oct 3, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This problem happens quite often when a CWS infection has corrupted notepad. As Kodo said, look in the directory where you have HijackThis running from. The hijackthis.log file should be there. Follow Kodo's directions.
     
    chaslang, Oct 3, 2004
    #3
  4. wdewky

    wdewky Private E-2

    I can't find any hijackthis.log file
     
    wdewky, Oct 3, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you look in the directory where hijackthis.exe is located?

    Have you run CWShredder and clicked Fix?

    Did you also run About:buster?
     
    chaslang, Oct 3, 2004
    #5
  6. wdewky

    wdewky Private E-2

    I have run the cwshredder and about buster. I looked in the folder where hijackthis is saved. Forgive me for my ignorance, but is that the same as looking in the directory?
     
    wdewky, Oct 3, 2004
    #6
  7. Kodo

    Kodo SNATCHSQUATCH

    where ever you put the HiJackThis.exe .

    you can do a full pc search for the file too.
     
    Kodo, Oct 3, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes, folder = directory. Go here and download the version of notepad.exe for your system. It also tells you where to download it to. See if that helps. Also if still necessary, try renaming hijackthis.exe to myhjt.exe and run that. See if you can scan and save a log that way.
     
    chaslang, Oct 3, 2004
    #8
  9. wdewky

    wdewky Private E-2

    OK, thanks. If it helps, I just ran about buster again and it repeated an error over and over...
    Error Removing! : C:\WINDOWS\System32\d3d.dll
    Error Removing! : C:\WINDOWS\System32\d3d.dll
     
    wdewky, Oct 3, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure viewing of hidden files is enabled.

    That is most likely an AppInit_DLL file that we will need to fix.

    1) go here and download Registrar lite and install it: http://www.majorgeeks.com/download469.html
    2) Run it, copy and paste this line to reglite's address bar:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    3) Click the "go" tab
    4) Find: "AppInit_Dlls" value on the right side panel.
    5) DoubleClick on AppInit_Dlls and tell me exactly what you see in the Value field:

    If you find the d3d.dll file do this:

    - Run Registrar lite again but this time do the following:
    - copy the following into the address bar or expand the same key by hand:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

    - Rename the Folder Windows to NotWindows highlighted as a light blue (some people call it light purple) folder in the left hand pane of reglite.

    - Double Click "AppInit_DLLs" again and clear the data value:
    C:\WINDOWS\System32\d3d.dll < delete this line , 'Apply' and 'ok' to set.
    - Rename the NotWindows folder back to its original name Windows
    - This should make the file visible.
    - Now use Windows Explorer to delete C:\WINDOWS\System32\d3d.dll
    If you cannot delete it, try the above again from safe mode.


    But you could also try running About:Buster in safe mode if that is not what you just tried.
     
    chaslang, Oct 4, 2004
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds