944,155 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Logfile from hijackthis
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Nov 28th, 2005
0

Logfile from hijackthis

Expand Post »
some days ago i have been hijacked by some trojan...
my ie got a new toolbar (i could remove).
but sometimes i am redirected to some links like abcsearch.com

please help.

thanks,

sauronflorik

here my logfile:
ogfile of HijackThis v1.99.1
Scan saved at 18:55:42, on 28.11.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\CTNOTIFY.EXE
D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
D:\PROGRAMME\WINTV\IR.EXE
D:\PROGRAMME\SIEMENS\GIGASET WLAN ADAPTER 54\WLANMONITOR2003.EXE
C:\PROGRAMME\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAMME\TROJANCHECK\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System\TrayIcon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programme\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AutoStart IR.lnk = D:\Programme\WinTV\ir.exe
O4 - Startup: NkvMon.exe.lnk = D:\Programme\Nikon\NkView6\NkvMon.exe
O4 - Startup: Gigaset WLAN Adapter Monitor.lnk = D:\Programme\Siemens\Gigaset WLAN Adapter 54\WLANMonitor2003.exe
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sauronflorik is offline Offline
4 posts
since Nov 2005
Permalink
Nov 28th, 2005
0

Re: Logfile from hijackthis

You appear to be infected with the "Alexa" malware. This is indicated by the entry: C:\WINDOWS\web\related.htm

Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned
Reputation Points: 20
Solved Threads: 3
Posting Whiz in Training
Paddy is offline Offline
219 posts
since Sep 2004
Permalink
Nov 28th, 2005
0

Re: Logfile from hijackthis

hey paddy,

thanks for helping.

i forgot to mention that i have already used spybot, ad-aware, antivir and bitdefender but it didnĀ“t work out...

ok, i deleted the C:\WINDOWS\web\related.htm-file but i have still problems.

what else can i do?







Quote originally posted by Paddy ...
You appear to be infected with the "Alexa" malware. This is indicated by the entry: C:\WINDOWS\web\related.htm

Running SpyBot - Search and Destroy will rid you of this annoyance. Besides that, there doesn't seem to be any other problem(s) as far as your HijackThis! log is concerned
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sauronflorik is offline Offline
4 posts
since Nov 2005
Permalink
Nov 28th, 2005
0

Re: Logfile from hijackthis

Hmm, well I can't see anything else in the log that would indicate what the problem is, and the fact that you've already run those anti-spyware programs has left me even more stumped lol.

The only other possibility I can think of is that you've installed a program which comes bundled with "legitimate" spyware/adware/malware. Some companies let you use their software for free, providing that you agree to install their spyware. This would also explain why your anti-spyware programs didn't fix the problem - those programs don't remove the bundled, "legitimate" spyware because they know that removing it will corrupt the program that the spyware came bundled with.

If you can come back with a list of programs that are currently installed it might help to shed some light on the subject. Off the top of my head, the following programs come bundled with spyware:

DivX Codec - I've seen the Gator spyware included in this package in the past.
Messenger Plus! - An add-on for MSN Messenger. It comes with an optional sponsor program (i.e. spyware) that you can opt out of during the installation.

Some P2P/filesharing programs like eDonkey, Usenet, etc. have sponsor programs bundled with them, too.

If you can get us a list of programs to check out, or if you want to google each one yourself and see what is said about them, it would eliminate the possibility if nothing else
Reputation Points: 20
Solved Threads: 3
Posting Whiz in Training
Paddy is offline Offline
219 posts
since Sep 2004
Permalink
Nov 28th, 2005
1

Re: Logfile from hijackthis

I'd suggest installing the free SpywareBlaster utility; it blocks known "bad" addresses/domains, including abcsearch. A short tutorial on installing and updating SpywareBlaster can be found here.

Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way:

- Before booting into Safe Mode, open SpyBot and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates.

- Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Run both utilities (the order doesn't matter) and have each program fix everything it finds.

- Reboot normally.
Last edited by DMR; Nov 30th, 2005 at 7:21 pm.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Nov 29th, 2005
0

Re: Logfile from hijackthis

ok, i run sbsd and ad-aware in windows safe modus.
it found some nastie spyware (alexa...).

i hope i kicked it!

i also downloaded spyblaster and have now 3 anti-spy progs.

@paddy: you were right with alexa...

@DMR:thanks for help

hope my system is clean now.
i will see in some days...











Quote originally posted by DMR ...
I'd suggest installing the free SpywareBlaster utility; it blocks known "bad" addresses/domains, including abcsearch. A short tutorial on installing and updating SpywareBlaster can be found here.

Also- you should try running AdAware and SpyBot in Safe Mode if you haven't already; they might be able to find/fix more "nasties" that way:

- Before booting into Safe Mode, open SpywareBlaster and AdAware and use each program's online update feature to make sure that you have the absolutely most current spyware definition databases installed. Do not run scans yet, just close each program when it finishes installing its updates.

- Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

- Run both utilities (the order doesn't matter) and have each program fix everything it finds.

- Reboot normally.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sauronflorik is offline Offline
4 posts
since Nov 2005
Permalink
Nov 29th, 2005
0

Re: Logfile from hijackthis

Glad to be of assistance!

DMR: It never even occurred to me to run anti-spyware scans in SafeMode! Learn something new every day Cheers mate! hehe
Reputation Points: 20
Solved Threads: 3
Posting Whiz in Training
Paddy is offline Offline
219 posts
since Sep 2004
Permalink
Nov 30th, 2005
0

Re: Logfile from hijackthis

You're welcome, sauronflorik; glad we could help


Paddy,

You might know the reasoning behind Safe Mode scans already, but I'll post the basic info just for reference:

When Windows is running in its normal start-up mode, spyware and virus removal programs can have difficulty removing some malicious infections due to the fact that components of the infections have already loaded themselves at Windows start-up, and are active at the time the removal programs try to delete them. While the removal programs can terminate many of the active nasties, others present more of a problem.

One reason for this is that many infections install multiple files which act as guardians for one another; monitoring each other's "health". When one of the files gets shut down by a removal utility, another guardian file senses this, and restarts (and in some cases actually recreates) the file that was killed. Additionally, infections can use hidden .dll files which are activated at boot-up by obscure registry entries, and these dlls can be quite difficult to detect and deactivate.

In Safe Mode however, Windows loads only a bare minimum of services, drivers, and processes; it ignores most normal startup items, and it does not process the entire registry. This means that many of the "autostart" techniques used by infections are also ignored, making the infections essentially dormant in Safe Mode. The fact that the infections are inactive makes it much easier for removal programs to thoroughly remove them from your system.
DMR
Team Colleague
Reputation Points: 221
Solved Threads: 369
Wombat At Large
DMR is offline Offline
6,439 posts
since Dec 2003
Permalink
Dec 1st, 2005
0

Re: Logfile from hijackthis

ok, i still have a prob :evil: .
sometimes i got redirected from google searching.
the first adress is: 'http://85.255.113.26/' then it apears another page...

what else to do?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
sauronflorik is offline Offline
4 posts
since Nov 2005
Permalink
May 17th, 2006
0

Re: Logfile from hijackthis

I have the same problem. Please let me know if you fix it?

/j

Quote originally posted by sauronflorik ...
ok, i still have a prob :evil: .
sometimes i got redirected from google searching.
the first adress is: 'http://85.255.113.26/' then it apears another page...

what else to do?
Reputation Points: 10
Solved Threads: 1
Newbie Poster
megaman99 is offline Offline
1 posts
since May 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Adware!!!!!
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: HighJack this Log..please advise





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC