problems with Hijack This software

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by aeshaffer, Sep 22, 2004.

  1. aeshaffer

    aeshaffer Private E-2

    Hi, I recently had the about:blank and ResearchAssistant bugs. I have run the decribed protocols to delete them, but my computer will not let me open the Hijack this set up application. It flashes a warning sign, but it's too quick to read, any idea what's going on? Also, whenever I start up my computer I get reinfected with Malware and Data Miners. Along with pop ups for Web Dialer and Cool search. I used CWShredder, but it did not not seem to help. Any more things I can do to fix it myself. (Tech support at my school sucks).

    Applications I've run:

    Followed protocol for "How to: Spyware, Trojan and Virus Removal" with all suggested programs, but when I ran about:buster it said "Database is corrupt"

    Ran toolbarcop, and a2

    I also changed my default browser to Firefox from IE.

    Thanks for your help.
     
    aeshaffer, Sep 22, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where did you download About:Buster from? Try downloading it again from here: http://www.majorgeeks.com/download4289.html

    Then unzip it and run it. If you still get an error, give the exact word for word message.

    To run HijackThis, try renaming the hijackthis.exe file to test.exe and run test.exe. Tell me what happens now.
     
    chaslang, Sep 22, 2004
    #2
  3. aeshaffer

    aeshaffer Private E-2

    So...the about:buster warning is "the database is either corrupted or missing. Please download a new one." And I ran the hijack under test: this is the log
     

    Attached Files:

    • hjt.txt
      File size:
      9.4 KB
      Views:
      1
    Last edited by a moderator: Sep 22, 2004
    aeshaffer, Sep 22, 2004
    #3
  4. zooper

    zooper Private E-2

    and i have to same problem

    i download the about:buster i unzip this but the program not run

    the message is the same the database is either corrupted or missing. Please download a new one
     
    zooper, Sep 22, 2004
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have About:Buster do another update!

    You need to go back on run ALL of the steps from READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    you have not run them all. Please repeat them again and make sure you check that you have the correct versions. This time also make sure you do the scans with Stinger and also the online scans.

    You have a load of problems that need to be resolved.
    Also go to Add/Remove programs and uninstall the WebRebates stuff.
    Also run these:
    http://www.memorywatcher.com/uninst.exe
    http://tools.zerosrealm.com/PeperFix.exe

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINNT\localNRD.dll
    O2 - BHO: (no name) - {3DA4107E-B81E-71C0-8152-62550BA07638} - C:\WINNT\system32\rbxwrfe.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINNT\questmod.dll
    O2 - BHO: (no name) - {A350D2F7-CEB2-4300-B62E-9696A6D40836} - C:\WINNT\system32\kmdc.dll
    O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
    O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll (file missing)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
    O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\ISTbar\istbar.dll"
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe (file missing)
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...7ff22322f046:375a82d108ec2e9d584f880889783bc3
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
    O18 - Filter: text/html - {D2C2BBE4-47DB-40D8-AEDF-DA95520B18CB} - C:\WINNT\system32\kmdc.dll
    O18 - Filter: text/plain - {D2C2BBE4-47DB-40D8-AEDF-DA95520B18CB} - C:\WINNT\system32\kmdc.dll
    O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINNT\system32\mssaru.dll

    Then reboot in safe mode and delete:
    C:\WINNT\localNRD.dll
    C:\WINNT\system32\rbxwrfe.dll
    C:\WINNT\questmod.dll
    C:\Program Files\ISTbar <--- the whole directory
    C:\Program Files\SideFind <--- the whole directory
    C:\WINNT\system32\kmdc.dll
    C:\WINNT\system32\mssaru.dll

    Reboot normal and post a new HJT log. This is a start. There will be more to do. I do not believe it will fix your about:blank problem though.
     
    chaslang, Sep 22, 2004
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds