Still Need Help Please!!!!

I read both of the Read This First Areas and I did all of the required things but, I still seem to be having a problem with the about:blank hijacker and maybe some other things as well. My computer is running very slow and freezes up and my browser doesn't work right as well as it keeps getting hijacked to the about:blank page. What should be my next step?

 

Welcome

We ask that you first try to do all the TUTORIAL listed below.

This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

I have already read the please reads and I followed the steps exactly. All of the scans (Trend Micros, Symantec Security Scan and Stinger) all found nothing. I booted into safe mode as requested and used cc cleaner, I ran adaware and spybot S&D (all of these are the most updated versions available) and they found nothing. CW Shredder found nothing, as well as Kill2Me. The About:buster and HSRemove did their thing and deleted what they found. I have also run my SpyDoctor and it keeps finding the about:blank and says that it has been deleted but it hasn't and also, it says their is a possible hijack attempt and it deletes the files regarding that. My Rav antivirus keeps finding a trojan also but, it says that it fixes the problem. Nothing seems to be fixed though after running all of these programs.

 

Hi Iceeqb,

If you have exhausted the resources in the Cleanup Tutorial, go ahead and send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been busy with work and other obligations these days, but somebody will try to take a look when they get a chance.

PP

 

Here is my HJthis log. Thank you for helping me and you may be saving the life of my computer.

 

Thank you again for your help. I think that I have moved the HJT to its own file now. I did not see the PPC Advertor folder anywhere on the PC. I removed the things you requested me to remove. I also reset my web settings as you asked. What does it look like now? The new log is attached.

 

On first viewing i would question the file MSMSGS.exe as its not where it should be as it should be in the c:\windows\system32 folder

having just googled it, it comes up as a variant of a worm, and should be removed.

Certainly i would disable windows messenger and use Msn messenger. Maybe someone else can expand on this?

When was the last time you did a Trend Housecall scan?

Alistair

 

Where is that file now? I don't see it and also, I don't use windows messenger or msn messenger. I only use yahoo and aol for my messenger. I ran a trend scan as directed earlier this evening.

 

Thank you for clearing up that last reply to my post.

 

I don't seem to be having any more problems at this point since doing what you told me to do. I also went in and took the steps on the preventing yourself from malwares in the future. I used to have zonealarm but uninstalled it a while back but, I am reinstalling it now. I use RAV antivirus now. Could you give me your opinion on RAV vs. the 3 that you mentioned. Would it be better to use one of the ones you mentioned instead? Thank you for all your help. I appreciate you guys to the max.

 

Tsk, just cos im new here doesnt mean im new at this!

I'm not guessing at stuff, i raised an eyebrow at the location of the file!

Perhaps you'd care to take a look at http://www.neuber.com/taskmanager/process/msmsgs.exe.html or try looking it up via google. Personally i have used security task manager for months and found it a great asset.

I also was interested that the file is associated with the Agobot-Nl Worm and is also Quote "Note: msmsgs.exe is a process which is registered as the W32.Alcarys.B@mm worm" It is listed in Symantecs files as a file which is overwritten / created by a worm, albeit in neither of the locations mentioned.

I'm an assistant manager on a different forum and so far here have found attitudes just a tad hostile!

I came here to both learn and share knowledge. I dont Assume that because you havent come up with the same ideas i have that your Guessing, so please credit me with the same attitude. The idea is that people work together in places like this.

Alistair

 

It states quite clearly

"Note: The msmsgs.exe file is located in the c:\windows\System32 folder. In other cases, msmsgs.exe is a virus, spyware, trojan or worm!"

Check your information again.

Re read HERE

Hope this helps