|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
1200+ fellow developers rate and compare features of the top IDEs, like Visual Studio, Eclipse, RAD, Delphi and others, across 13 categories. Enjoy this FREE Download of the IDE User Satisfaction Study by Evans Data Corporation. Download Now!
|
|
#1
May 28th, 2004, 04:14 AM
|
|||
|
|||
Can any body plz scan my Hijackthis log file
Hi,
My System has been hijacked by some program from net. Now I am not able to set my homepage. It's automatically set to some URL site. Also some unwanted links are added to my favourite list. I downloaded hijackthis and ran it. But I am not able to figure out which process i need to delete or not. I am pasting the contents of Hijackthis.log. Can any body plz scan this file and help me? Thanks in advance. Ranjan Logfile of HijackThis v1.97.7 Scan saved at 9:57:56 AM, on 5/26/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\IBM\IBM Agent Controller\bin\RAServer.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe c:\sysadmin\python23\python.exe C:\WINNT\system32\cmd.exe c:\sysadmin\temp\angz.exe C:\WINNT\Explorer.EXE C:\Program Files\mozilla.org\Mozilla\Mozilla.exe C:\satyaranjan\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = URL O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{B202CC01-9FEC-4D70-8D0E-1A52B886D880}: NameServer = 192.168.1.201
|
|
#2
May 28th, 2004, 05:50 PM
|
|||
|
|||
|
Hey ranjansatya,
Run HijackThis, place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "fix checked". R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php Reboot to complete the removal process. Consider installing Spywareblaster and Spywareguard (links below). Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#3
May 31st, 2004, 12:21 AM
|
|||
|
|||
|
Hi Tom,
Thanks for your prompt reply. I tried whatever you explained and restarted the computer. But those registry entries are still there. I am again sending the new hijackThis log. Plz help me.. Thanks in advance. Ranjansatya Logfile of HijackThis v1.97.7 Scan saved at 10:19:07 AM, on 5/30/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\IBM\IBM Agent Controller\bin\RAServer.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Program Files\mozilla.org\Mozilla\Mozilla.exe C:\satyaranjan\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = URL O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{B202CC01-9FEC-4D70-8D0E-1A52B886D880}: NameServer = 192.168.1.201
|
|
#4
June 1st, 2004, 10:09 PM
|
|||
|
|||
|
Ok please copy the contents of the quote box to notepad:
Quote:
hit save as give it the name clear.reg under the filename set file types to all files. save it to the desktop. After done double click the clear.reg when asked to merge say yes reboot then find this file: system32.dll its probably in one of two locations: c:\windows\system32\system32.dll c:\windows\system\system32.dll and delete it. Delete the file ONLY! Do not touch anything else in the system32 folder. Then fix these with hijackthis: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php Credit goes to shadowwar for the reg fix! Tom
|
|
#5
June 2nd, 2004, 08:01 AM
|
|||
|
|||
|
Hi Tom,
Thanks very much for your help. My system is now running fine.. Thanks, ranjan
|
|
#6
June 2nd, 2004, 04:14 PM
|
|||
|
|||
|
Good work ranjan!
You need to update to SP4 and get all other Critical Windows Updates! Please Update Windows and Internet Explorer. Download each critical update one by one, rebooting when necessary.. http://v4.windowsupdate.microsoft.com/ Installing Spywareblaster and Spywareguard will help keep you clean! Links are in my signature below. Tom
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Can any body plz scan my Hijackthis log file |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
