|
| ||
| clearing out this gargabe >prosearching.com/ searchbar.html Hi I am quite fed up with spyware , this time : http://prosearching.com/searchbar.html (IŽd wish to have a valid email to call a bit of names to such [Moderator's edit: Please keep it clean, we ask that our members not use profanity in these forums- thanks] is there any safe tutorial on how to get rid of IE hijacking (cwshredder has got 2 links where there are explanations on how to uninstall java virtual machine and others items which allow hijacking ) In this meantime , perhaps any of you could assist me to clear my system out of this rubbish (what the h e l l is that : C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE) Here youŽve got the Logfile : HijackThis v1.97.7 Scan saved at 1:00:59, on 23/04/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk D:\12GHOSTS\12SRVC.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE D:\ADMUNCHER\ADMUNCH.EXE C:\ARQUIVOS DE PROGRAMAS\MIX MAIL LOVE\POLLBAIT.EXE C:\ARQUIVOS DE PROGRAMAS\MYVITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\ARQUIVOS DE PROGRAMAS\MSN MESSENGER\MSNMSGR.EXE D:\CHATBROWSER4.0\CB_4001.EXE C:\ARQUIVOS DE PROGRAMAS\SYSAI\SYSAI.EXE D:\!DOWNLOAD\!_HIJACK_CLEAN\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Multi Media Marketing R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://home.uol.com.br/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBATREADER\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {00000000-0007-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - D:\12Ghosts\12popup.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Ad Muncher] D:\ADMUNCHER\ADMUNCH.EXE /bt O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE" O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe O4 - HKLM\..\RunServices: [12Ghosts TrayProtect] D:\12GHOSTS\12srvc.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - Startup: MyVitalAgent.lnk = C:\Arquivos de programas\myvitalagent8\VitalAgent\Program\VtlAgent.exe O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download with GetRight - D:\Arquivos de programas\getright502\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - D:\Arquivos de programas\getright502\GRbrowse.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: ComVC (HKCU) O12 - Plugin for .spop: C:\ARQUIV~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O19 - User stylesheet: C:\WINDOWS\color.css |
| ||
| Re: clearing out this gargabe >prosearching.com/searchbar.html I'm moving this to our one-day old Security forum :) for all your hijacking needs ;) |
| ||
| Re: clearing out this gargabe >prosearching.com/ searchbar.html Hi. :) Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html O2 - BHO: (no name) - {904071B0-0D97-86B7-E2E8-38105E672165} - C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG\SEEK64.DLL O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\ARQUIVOS DE PROGRAMAS\SYSAI\APROPOSPLUGIN.DLL O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER.EXE" Reboot into safe mode following the instructions here & navigate to & delete C:\ARQUIVOS DE PROGRAMAS\SYSAI< this one C:\ARQUIVOS DE PROGRAMAS\SOFTWARE 2 LONG< this one C:\WINDOWS\TEMP< entire contents of folder Reboot normally & you should be good. |
| ||
| Re: clearing out this gargabe >prosearching.com/ searchbar.html Also remove this with hijack this & remove the folder whilst in safe mode too. O4 - HKLM\..\Run: [Flaw Dog] C:\ARQUIV~1\MIXMAI~1\Pollbait.exe C:\ARQUIV~1\MIXMAI~1< this one in safe mode. |
| ||
| Re: clearing out this gargabe >prosearching.com/ searchbar.html A few tips to stay relatively clean. Download & instal Adaware from here & update it B4 scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' Also in tweaks under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion.' When the scan is finished select 'next.' Remove what it finds by placing a check in the box to the left of the object. Reboot Download & instal Spybot S&D from here Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available. After the scan is complete, have spybot fix everything marked RED. On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot Check out the "So how did I get infected to start with..." thread here |
| All times are GMT -4. The time now is 11:40 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC