Pop ups and Coolsearch

Discussion in 'Malware Help (A Specialist Will Reply)' started by dequan, Jan 31, 2005.

  1. dequan

    dequan Private E-2

    Ok i dled the hijackthis prog and got rid of everything BUT i;m still gettin pop ups and the O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch

    all that BS will not delete.... so can yall help me out? if u need a log just tell me.
     
    dequan, Jan 31, 2005
    #1
  2. dequan

    dequan Private E-2

    Also my recycle bin does not seem to be working anymore (when I delete a file it just deletes, no longer goes into the bin). But it still says i have 5 files in it
     
    dequan, Jan 31, 2005
    #2
  3. TheOldThug

    TheOldThug First Sergeant

    Welcome

    This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!! :)

    TheOldThug
     
    TheOldThug, Jan 31, 2005
    #3
  4. TheOldThug

    TheOldThug First Sergeant

    For your recycle bin you might want to try:

    1. right click on recycle bin
    2. left click properties
    3. see if box "Do not move files to recycle bin" is checked
     
    TheOldThug, Jan 31, 2005
    #4
  5. dequan

    dequan Private E-2

    Ok i did all that b4 i posted... and i still get pop ups and something call "ceres"
    and also when i delete that coolsearch stuff .. it comes back
     
    dequan, Jan 31, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have one of the VX2 infections going around. It is also the reason for your Recycle Bin problem.

    First let's get a HijackThis log

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

    Now please download the following tools and have them handy (Perhaps create an Anti-Spyware Folder for them). Do not run them yet. We need to see your HijackThis log first to see if there is anything else we must deal with before continuing with the VX2 problem. Make sure to get them from the links below:

    L2MeFix Tool
    Generic Detection Tool - NT/2000/XP
    VX2.BetterInternet Finder XP/2k - Version Msg126
    Pocket KillBox
     
    chaslang, Feb 1, 2005
    #6
  7. dequan

    dequan Private E-2

    Ok i believe i got it all deleted but here is my hijack file
     

    Attached Files:

    dequan, Feb 1, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is that HJT log after a reboot? If not I would like you to perfom a reboot and open and close a few browser sessions. The O1 - Hosts problem (a VX2 infection) does not go away so easily just using standard tools and HJT. After the above are the O1 - Hosts lines still gone?

    You should reset your home page to what you want. It is currently:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
     
    chaslang, Feb 1, 2005
    #8
  9. dequan

    dequan Private E-2

    here is my log after i reboot
    i got my recycle bin working and for the best part is NO MORE POP UPS
     

    Attached Files:

    dequan, Feb 1, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Ok! Log is clean! But you still need to reset your start page. I don't think that you want to keep http://hsremove.com/done.htm as your start page.
     
    chaslang, Feb 1, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds