View Single Post

**Buzz1927** · 12-02-2005, 11:59 PM

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Boot into safemode (tap f8 on startup).

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe
O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe
O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe
O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe

Close all open windows and browsers, and hit "Fix Checked".

Delete these folders\files.

C:\Documents and Settings\All Users\Application Data\Tools
C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat
C:\Documents and Settings\Max\Application Data\AXISDU~1 <- This will be longer than 6 letters, but will start with AXISDU and contain the file DartDumbFrag.exe

Then boot back to normal mode, and post a new Hijackthis log, and say how things are now.

12-02-2005, 11:59 PM	#6 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,087	Reconfigure Windows XP to show hidden files: Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Boot into safemode (tap f8 on startup). Run Hijackthis and select "Do a system scan only", place a check by the following entries. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.puxqaualblnq.com/U6JEO7Oz...GPEMZrJnst.asp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank O2 - BHO: ohb Class - {98640C3B-0699-4D51-ADB4-A6FC48ACB966} - C:\WINDOWS\System32\nsvA.dll O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll O4 - HKLM\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKLM\..\Run: [oozebatvgajunk] C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat\THUNKTITLE.exe O4 - HKLM\..\RunServices: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O4 - HKCU\..\Run: [Stxjagwf] C:\WINDOWS\System32\?ttrib.exe O4 - HKCU\..\Run: [Noj] C:\WINDOWS\System32\m?iexec.exe O4 - HKCU\..\Run: [EggsDog] C:\DOCUME~1\Max\APPLIC~1\AXISDU~1\DartDumbFrag.exe O4 - HKCU\..\Run: [\1.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tools\1.exe O16 - DPF: IEToolbarCab - http://www.dailytoolbar.com/DailyToolbarAff.CAB O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://195.190.118.140/e9xr2.chm::/file.exe Close all open windows and browsers, and hit "Fix Checked". Delete these folders\files. C:\Documents and Settings\All Users\Application Data\Tools C:\Documents and Settings\All Users\Application Data\TitleDefaultOozeBat C:\Documents and Settings\Max\Application Data\AXISDU~1 <- This will be longer than 6 letters, but will start with AXISDU and contain the file DartDumbFrag.exe Then boot back to normal mode, and post a new Hijackthis log, and say how things are now. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!