my browser/webpage link/desktop wallpaper have all been hijacked

G

Guest

hijacked this log file:
Logfile of HijackThis v1.97.7
Scan saved at 7:37:15 PM, on 4/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\ncsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EX
C:\WINDOWS\System32\Services\{D10EA66A-271B-434B-8184-3BE2343FDBD3}\SVCHOST.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\MSTSC.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\David Yu\Desktop\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ipassist.biz/
O4 - HKLM\..\Run: [Disk Keeper]
C:\WINDOWS\System32\Services\{D10EA66A-271B-434B-8184-3BE2343FDBD3}\SECURITY.EXE
O4 - HKLM\..\Run: [Service Host]
C:\WINDOWS\System32\Services\{D10EA66A-271B-434B-8184-3BE2343FDBD3}\SVCHOST.EXE


1) Wallpaper shows some virus warnings craps
rom control panel->display->desktop, it show "deskstop" item at the end
of the lit of jpg files, remove from windows/web directory does not help,
soon some prorgam generate again

2) home page being redirected to ipassist.bz/

3) If open a web page manually, all teh clickable link within the page are
pointing to ipassist.biz/search craps


Please help to remove this. All the hijackedthis or adware do not help
Thanks
DAve
 
D

David H. Lipman

From: "Dave" <[email protected]>

|
| hijacked this log file: Logfile of HijackThis v1.97.7

Dave:

This ios NOT the place for posting HJT logs !

You can submit it to the following parsers...
http://hjt.iamnotageek.com/
http://www.hijackthis.de/en

However, I would say that you are most likely infected with an Internet worm !

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

1) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt598.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

2) Download McAfee Stinger -- http://vil.nai.com/vil/stinger/
3) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/
4) Update Adaware with the latest definitions then exit the software.
5) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
6) Reboot your PC into Safe Mode and shutdown as many applications as possible
7) Using the Trend Sysclean, Stinger and Ad-aware SE utilities, perform a Full Scan of
your
platform and clean/delete any infectors found
8) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean, Stinger and Ad-aware SE
9) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
10) Reboot your PC.
11) Create a new Restore point

* * Please report back your results * *
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

netsh.exe popup on startup and task manager is disabled even though im the administrator 2
computer sending emails 17
xlime offeroptimizer and webrebates 1
Hijacker 2
Can't reboot-Plz analyze HJT Log 1
Anti viruses wont update 1
Hijack this, take a looks see mucks? 6
Windows XP Rundll32.exe not responding while shutting down 2

Top