Help with hijack

N

ncbix

New Member
Hey guys,

Any help would be appreciated.Thx.
 

Attachments

  • hijack1.txt
    7.2 KB · Views: 136
Last edited:
Byteman

Byteman

Malware Destroyer
you've got some nasties there... run BOTH the following scans (let them take care of what they find):

Panda
Trendmicro

Afterwards dowload and install/update Microsoft Antispyware, run a full scan, (not the quick scan). After that, post a new HijackThis log so we can clean up the leftovers. :)
 
Last edited:
C

Cache

New Member
With this CWS variant I very much doubt the above mentioned scans would work, due to the NT service created by the parasite. Some thing you may already know, this variant sometimes deletes important Windows files. If the user gets error messages on reboot after performing any fixes, you may have to replace one or more of the following files:

1) control.exe
2) shell.dll
3) wmplayer.exe
4) rundll32.exe
5) msconfig.exe
6) notepad.exe

You can get copies of these files from Merijn's page here for any version of Windows. The other file sometimes deleted is HOSTS --- replace it by running the Hoster and using "Restore Original HOSTS".
 
Buzz1927

Buzz1927

Digaredd
Cache said:
With this CWS variant I very much doubt the above mentioned scans would work, due to the NT service created by the parasite. Some thing you may already know, this variant sometimes deletes important Windows files. If the user gets error messages on reboot after performing any fixes, you may have to replace one or more of the following files:

1) control.exe
2) shell.dll
3) wmplayer.exe
4) rundll32.exe
5) msconfig.exe
6) notepad.exe

You can get copies of these files from Merijn's page here for any version of Windows. The other file sometimes deleted is HOSTS --- replace it by running the Hoster and using "Restore Original HOSTS".
Click to expand...

I think Byteman probably wanted to clean the log up a bit before tackling what was left, as his post clearly states. If you read some of the other threads in Computer Security, you will see that he deals with most of the Hijackthis logs posted.
 
C

Cache

New Member
Buzz1927 said:
I think Byteman probably wanted to clean the log up a bit before tackling what was left, as his post clearly states. If you read some of the other threads in Computer Security, you will see that he deals with most of the Hijackthis logs posted.
Click to expand...
Hello, Buzz1927.

I apologize if I came across the wrong way, or stepped on anyones territory here. Although I gave my honest opinion and I stick by it, I was only trying to add some information I though may have been useful. Also, yes I have indeed searched through many of the HJT logs on this forum.

Again im sorry if my opinion and advice was misplaced. I too like to work with HJT logs so, if anyone has objections to me helping with them please let me know.

Thanks
Cache.
 
Buzz1927

Buzz1927

Digaredd
Hi Cache

I apologize if I came across the wrong way, or stepped on anyones territory here.
Click to expand...

Sorry if I gave that impression, I was just pointing out what Byteman was doing. Everyone's got different ways of doing things.
The more knowledgable people you can call on, the better. Welcome to the forums, BTW.
Buzz.
 
Last edited:
Byteman

Byteman

Malware Destroyer
Hey everyone, finally back...

Cache, welcome! Nice to read from you again buzz!

I've noticed that as spyware and their variants pop their ugly heads out, we have to yank them manually for a while before the good antispyware progs figure things out (or in most cases partially figure things out). However they do do a better job with known spyware as time goes on and updates and versions come out. That,... coupled with the fact that anything they can clean up DOES help when we have to go in with HJT and other goodies to finish the job.

You'll notice posts where people get infected, and the first thing they want to do is run a HJT log! I would prefer people run certain scans first (with certian programs), then have us start disecting there system. :)

Oh,... Cache, if you look on other forums and sites most of the pros will have people run some general scans if they haven't already. So that don't have to fight an uphill battle killing one thing when there are others screwing things up in the process, (kind of makes a nice clean up job convaluted).

I would like to see how you work :) Please, by all means, take this one over (if you don't mind) :D !
 
Last edited:
C

Cache

New Member
Byteman said:
I would like to see how you work :) Please, by all means, take this one over (if you don't mind) :D !
Click to expand...
Sure, I would be happy to. Hopefuly your sig wont apply to me lol.

PS, I think it would be best to take this into PM's if anyone has more to say, as I seem to have run the thread completely off topic.:)
 
You must log in or register to reply here.
Top