User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 397,601 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,680 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser:

Hijack this...

Join Date: Feb 2004
Location: Oztralya
Posts: 7,683
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 22
Solved Threads: 419
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hijack this...help please

  #2  
Jun 17th, 2004
First of all we have to remove Newdotnet, either from add/remove programs, or by going here. & scrolling down to the uninstall tool.

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O4 - HKLM\..\Run: [bxwbjg] C:\WINNT\system32\mrlugh.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\WINNT\system32\mrlugh.exe< file
C:\WINNT\alchem.exe< file

Reboot normally.
The 017 entries take me to a yellow pages site. Seems a bit suss to me. If this is from your ISP or company network then leave them, otherwise fix them with HJT.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 7:01 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC