Security2k.net problem

Hello, after stumbling across your site and completing all of the steps mentioned in your sticky "READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal" I have still been unable to rid myself of this obnoxious virus/trojan/spyware (although the steps did rid me of some other viruses i apparently had, but did not realize).

The security2k.net problem makes IE completely useless, as, unless the computer is running in safe mode, any action leads to being brought to the security2k.net homepage. Also, every few minutes I will receive a popup claiming my IP is logged and is being viewed by someone else, or that i have a virus etc. and i should buy their software to fix the problem.

I'm not sure whether it is related or not, but while in safe mode running the Bitdefender program, it was unable to delete one of the viruses it detected.

Any help would be greatly appreciated.

 

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

OK, Here's the attachment of the HijackThis log.

Again, thanks for the help ^^

 

Let's fix the below lines using HJT. Make sure you close all browsers before clicking Fix.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp928B.tmp

From Add or Remove Programs uninstall ViewPoint.

OK, now reboot into Safemode and run Windows Explorer. Navigate to C:\WINDOWS\system32 locate mssearchnet.exe delete the file.

Reboot, into normal mode and post a new HijackThis log as an attachment.

 

MSN home page actually loads now! and no more signs of the annoying taskbar popups! Thankyou SO much, you guys are amazing.

(second log is attached as per your request) ^^

 

A few additional entries that need removing as well...

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)

O4 - HKCU\..\Run: [LDM] \Program\

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O18 - Protocol: bw+0 - {91835E34-3CDB-4603-8CED-96267A1B83CB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
(All of these entries) Also consider uninstalling the Desktop Messenger via Add/Remove Programs

After you remove the above with HJT, boot into Safe Mode and delete the following files:

C:\Program Files\Viewpoint <--Folder

C:\WINDOWS\system32\hp928B.tmp

After you have complete the above run CCleaner to clean up any junk files and you should be ok. Your log will then be clean!

 

These lines are for Netscape Start/Search Pages. Are you familiar with these entries?

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Ian\Application Data\Mozilla\Profiles\default\j26l5gfn.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ian\Application Data\Mozilla\Profiles\default\j26l5gfn.slt\prefs.js)

Do you have the Yahoo Toolbar installed? If not you can have HJT remove this line:

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)

Also the Logitech Desktop Messenger is an unessary service and you can unistall that using Add or Remove Programs from the Control Panel.

Other than that your log looks pretty good.

 

Netscape actually is my default browser, and i haven't noticed any problems with it thus far, although i don't believe that i have the Yahoo! helper installed so i'll go ahead and remove that one.

I'm very grateful for all your help, thanks again.

-ren

 

OK, didn't think there was a problem with the Netscape entries, just wanted to make sure.

Between the fixes I posted and the additional stuff from bjgarrick, you should be good now.

Having any other problems that you might need assistance with?