Trusted Site: http:\\*.63.219.181.7

I'm new to this forum, but have logged on to check posts regarding spy ware.

I recently have had problems with pops telling me my computer was not secure, and asking me to go to different sites. When I try to add this website that I'm being sent to, as a restricted site, in Internet Explorer, I get the error message telling me that it is a trusted site. When I remove the only web site listed as a trusted site in internet explorer (http://*.63.219.181.7) it returns as a trusted site in less than 1 second.

I ran Hijack this, and the only thing I have in the Hijack this log is
O15: Trusted Zone: http://*.63.219.181.7
(I had major virus issues for the past week, and deleted everything from Hijack this, but everything has been running smoothly for the last week, makes me wonder what all these entries are for??)


and when I try to delete the entry for Trusted Site, it comes back the next time I run HiJackThis (within a second).

I did have a very nasty virus I could not get rid of until I used reg edit and took the virus out of a registry. Does any one know where the registry would be that controls Tursted Zones for Internet Explorer??

Yes I have run Ad-aware (it always finds two things, which I delete), and I have run every other program you recommend (CCShreader, AntiVir, etc.) Nothing seems to work.

Any help would be appreciated.

Thanks,
Kevin

 

Thanks for the help.

Here is my HiJAckThis Log file (it is the version you requested, and it is in a separate file:

EDIT by chaslang: Change inline log to an attachment

(vptray is from Norton's antivirus)
---------------------------------------------------------------------
You are probably right that I have a process running, but no anti virus program can find it. Ad-aware can find two, they get deleted, and I run the program again, and it finds the same two.

I've had problems with heretofind just prior to this, which I've gotten rid of (I think), but still have problems with 4 pop-ups:
1) adultgaming.com
2) findspyware.com
3) 24.108.222.162 coming up with a window, telling me it is scanning my computer and that I have thousands of viruses, please visit a website and by spyware
4) Windows Security Centre: Warning Windows firewall detected suspicious network activity.

Any help would be appreciated.

Kevin

 

Chaslang,

Thank you for your help. As I said in the original message, that was all of my HJT log as I had cleared out many of the programs in an attempt to rid myself of heretofind virus. Yes, I did follow all of the instructions exactly on before posting my HJT to the forum (with the exception of updating windows, as I've found the latest Service Pack 2 has major bugs, and I can not use an internet based program for work, WAY TO GO MICROSOFT!!).

I have looked in other forums, and in the past week, several people have had the exact same virus that I recently became infected with (probably during the heretofind virus infection).

Here's what seemed to work for me:
I re-booted in Safe mode.
Scanned with Adaware, with latest update.

Went to Dos prompt, and typed:
cd C:\windows\system32
renamed the following files:

by typing
ren clfmon.exe clfmon.exe.old
ren dllhostxp.exe dllhostxp.exe.old
ren mqbackup.exe mqbackup.exe.old
ren msacmx.dll msacmx.dll.old
ren pxhping.exe pxhping.exe.old

For the last 2 days I have had no problems (not even the Microsoft Security Centre popping up telling me I have security problems, and then redirecting me to a site to buy spyware, which is definitely part of this virus)

I hope that this helps someone else, as these viruses have been a huge hassel, wasting tonnes of time for me.

The whole virus problem seems more complicated than it should be. Would it not be a better forum, to have seperate threads for each particulair virus?? I found the forum a bit difficult to navigate, and find people with similair problems so that I can follow their solution. Is there a place that we can upload fixes to common viruses, that are not fixed with conventional virus programs??

I thank you for your help, and I enjoy reading your forum.

Kevin

 

Re: Trusted Site: http:\\*.63.219.181.7 and HeretoFind

I'll post my HJT log again, (as an attachment this time, as you requested). I ran every step in your instructions (Read me before Post HJT) twice, I did the major HJT clean up about 2 days before the message to you.

Unfortunately, I looked in the archives, and can not find my old HJT log file, or back-up... If you can tell me what I am looking for I can send it (in the HJT dir, I have mostly 1 kb short cuts, no text files).

In the mean time, here is the thread that I followed to get rid of my previous problem ( Windows Security Center" keeps popping up asking me to download spyware cleaning software), seems like this is very rampant, and I'm sure you'll get lots of posts on it. Not a bad idea to put this in its own thread.

http://computercops.biz/postx84967-0-30.html

I got rid of Heretofind virus by reading this thread, and then being a bit creative with reg edit (follow first 2 links on page).
http://www.joewein.de/sw/hijack-heretofind-com.htm

I wasted over 2 weeks on this. If this in any way saves someone from wasting anymore time on this, then please use it.

I should also mention that I did follow the instructions on this website (Read me Before posting HJT log files), and did find multiple other "suspicous programs", although not as problematic as heretofind. I did buy Adaware, professional version also and have installed it yesterday after all was fixed, just as an extra insurance package and keep things running smoothly (very tiny investment of less than $40.00 when you consider I wasted 2 weeks on this)

Hope this helps,

Kevin