sah agent, name changing exes..etc [hijack this log included]

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by womoma, Apr 10, 2005.

  1. womoma

    womoma Private E-2

    Hi all.

    NB- I have tried to explain the whole problem in good detail- feel free to skip to the Hijack This log- Thanks in advance for any help..

    Im so furious but also upset at the moment. I started getting popups a couple of days ago but today when I lost about 3 hours of hard work because of a bundle of popups clogging up my system and forcing me to restart, I was almost crying.
    Now I am livid. I am usually a safe surfer and only recently reinstalled windows- Im wondering could it be anything to do with limewire or flashget? - either way its too late now.

    Here is my problem..
    Im getting popups- lots of them- mostly to gambling and sex sites but also to registry cleaners and other cynical advertising- every time i start explorer or otherwise every hour or so.

    I have ran adaware and spybot and stopped the process' they advised.- yet still I have the problem-

    To make me even more worried, I installed Winpatrol, which seems like some nice software, and every 5 minutes I am getting notice that a new auto start up programme has been detected [in windows\system32]- and it keeps changing to random names!!- it is instantly recognisable by having a version of 0, 0, 7, 0 -

    In Winpatrol - the start up programmes section- when I remove a suspicously randomly named execution, it is usually instantly replaced by another suspicously randomly named execution!!!!!

    In my +- programmes list I have "Shop At Home" [sah agent] which when I try to remove I get an error saying "cannot delete * it may have already be deleted"

    My home page is also being changed to google. I have tried stopping some processes in Hijack This but am scared I might do some damage.

    A total system restore would be a last resort Id rather not take.
    Please please at least have a glance and see if theres any way you can help me. :eek:
    Here is my Hijack this log:

    Edit by chaslang: Unrequested inline log removed

    I can honestly say right now if you put someone in front of me who has anything to do with this scumware I would happily kick their butt. These people have no morals whatsoever. Dont they realize how much suffering they put people through?? And the [bleep] and gambling that is forced on my screen could just as easlily be forced on an old person or a young child. Its sick and immoral and wrong.

    Please help. If anyone can help me I would be so greatfull and would gladly return the favour with any assistance needed as far as graphic or sound design goes.
    Thank you for reading.
     
    Last edited by a moderator: Apr 11, 2005
    womoma, Apr 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs Womoma,

    We have guidelines about when and how to post HijackThis logs. Before getting to one, we also require that some standard cleanup processes be run first. Please follow the steps below.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    You should uninstall (using Add/Remove programs) Limewire. It contains adware.



    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Apr 11, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds