Browser HiJack-Help

[AliceH]

This is what I have done . Have been struggling with this
since Tuesday. offending page address is
res:hgvwq.dll/index.html#12802. I followed these
instructions from HiJack This to which I was referred by
other newsgroup posters.
- Start the system in safe mode.
- Delete the appropriate DLL
- Open HiJack This and get rid of anything that does not
belong.
- Change your startup page in IE back to normal.
- Run CWS Shredder just in case

Cleared temporary internet files, cookies, etc.
- Restart to normal mode.
- Check for the DLL again, if it reapears delete it.
- Run HiJack This again - there should be minimal changes
from the spyware this time (I had only two registry
entries changed).
- Open up IE and give it a go. After you open it up,
check HiJack this for trails of spyware"

This does not work for me. I have also done it with
system restore off. This morning I finally got through to
McAfee support. They had me scan, shutdown, disconnect
from internet, boot up, scan again with ie open. Nada.
When I went back to their e-ticket I was sent to MSN. I'm
not a subscriber so I've popped back here. My last
critical upadate patch was installed on Wednesday. This
is serious. It's not even allowing me to get to sites I
do want to frequent. Please help.
Alice

 

[nelson]

I have been hit with the same Hijack. Spysubtract can't
remove it either. I am going to find a way to turn the
copmany that released this to the local DA. are you with
me if i presue them? I have been caused many hours of
trouble and also lost hours in billing.

(e-mail address removed)

 

[Guest]

-----Original Message-----
I have been hit with the same Hijack. Spysubtract can't
remove it either. I am going to find a way to turn the
copmany that released this to the local DA. are you with
me if i presue them? I have been caused many hours of
trouble and also lost hours in billing.

(e-mail address removed)
.

Absolutely. It even got me to by a junk spy-killer
software before I realized I had been lured to a list of
handpicked spyware sites. I was so upset I didn't bother
to research first. I lost hours this week trying to get
rid of this. I do lots of confidential work here and am
very angry right now.
(e-mail address removed)

 

[H Leboeuf]

The normal procedure with CWShredder do not work on this new nasty variant.

Post your log at the forum. They are very busy with this new infection.

The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.

Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.

O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338-29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32\xxxxx.exe


You will be asked to:

Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip


Run AboutBuster.exe, click OK, then start, then OK. This will scan your
computer for the files responsible for hijacking your home and/or search
settings/page.

Reboot and post a new HijackThis log along with the report from
About:Buster.

With these instructions they will suggest the correct files to be remove.

Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.

 

[H Leboeuf]

Nelson this will apply only if you have the exact same CWS variant.
Post your log at the forum.


The normal procedure with CWShredder do not work on this new nasty variant.
Post your log at the forum. They are very busy with this new infection.
The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.
Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.
O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338-29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32\xxxxx.exe
You will be asked to:

Download About:Buster from either of the following locations.
http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip
Run AboutBuster.exe, click OK, then start, then OK. This will scan your
computer for the files responsible for hijacking your home and/or search
settings/page.
Reboot and post a new HijackThis log along with the report from
About:Buster.
With these instructions they will suggest the correct files to be remove.
Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.

 

[Guest]

Thanks very much. I did post my log there yesterday but
they are truly swamped. I will do as you sggest./ At
least I feel like I'm trying to fix it.

-----Original Message-----
The normal procedure with CWShredder do not work on this new nasty variant.

Post your log at the forum. They are very busy with this new infection.

The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.

Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.

O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338- 29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32 \xxxxx.exe


You will be asked to:

Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip


Run AboutBuster.exe, click OK, then start, then OK. This will scan your
computer for the files responsible for hijacking your home and/or search
settings/page.

Reboot and post a new HijackThis log along with the report from
About:Buster.

With these instructions they will suggest the correct files to be remove.

Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

This is what I have done . Have been struggling with this
since Tuesday. offending page address is
res:hgvwq.dll/index.html#12802. I followed these
instructions from HiJack This to which I was referred by
other newsgroup posters.
- Start the system in safe mode.
- Delete the appropriate DLL
- Open HiJack This and get rid of anything that does not
belong.
- Change your startup page in IE back to normal.
- Run CWS Shredder just in case

Cleared temporary internet files, cookies, etc.
- Restart to normal mode.
- Check for the DLL again, if it reapears delete it.
- Run HiJack This again - there should be minimal changes
from the spyware this time (I had only two registry
entries changed).
- Open up IE and give it a go. After you open it up,
check HiJack this for trails of spyware"

This does not work for me. I have also done it with
system restore off. This morning I finally got through to
McAfee support. They had me scan, shutdown, disconnect
from internet, boot up, scan again with ie open. Nada.
When I went back to their e-ticket I was sent to MSN. I'm
not a subscriber so I've popped back here. My last
critical upadate patch was installed on Wednesday. This
is serious. It's not even allowing me to get to sites I
do want to frequent. Please help.
Alice

.

 

[Guest]

Thgis helped initially but I'm still not clean. I've run
the whole procedure twice now and posted my results. Even
ran CWS to be sure. I have noticed that this nasty thing
causes HJT to create a backup of every file you delete.
It plants them on the desktop. I delete those too before
rebooting. Still, it doesn't take long for it to
reactivate.
Alice

-----Original Message-----
Thanks very much. I did post my log there yesterday but
they are truly swamped. I will do as you sggest./ At
least I feel like I'm trying to fix it.

-----Original Message-----
The normal procedure with CWShredder do not work on

this
new nasty variant.

Post your log at the forum. They are very busy with

this
new infection.

The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.

Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.

O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338- 29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32 \xxxxx.exe


You will be asked to:

Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip


Run AboutBuster.exe, click OK, then start, then OK.

This
will scan your

computer for the files responsible for hijacking your home and/or search
settings/page.

Reboot and post a new HijackThis log along with the report from
About:Buster.

With these instructions they will suggest the correct files to be remove.

Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

through

to

.

.

 

[H Leboeuf]

The reason the Desktop get the temp files is because you have installed
HighjackThis in your Desktop folder.
Create a new folder C:\HJT ( or any other drive) and place the .exe file
there. Run it and all will be well. You can then clean your desktop. The
forum expert will ask you to do just that. So get head of the game.
--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

Thgis helped initially but I'm still not clean. I've run
the whole procedure twice now and posted my results. Even
ran CWS to be sure. I have noticed that this nasty thing
causes HJT to create a backup of every file you delete.
It plants them on the desktop. I delete those too before
rebooting. Still, it doesn't take long for it to
reactivate.
Alice

-----Original Message-----
Thanks very much. I did post my log there yesterday but
they are truly swamped. I will do as you sggest./ At
least I feel like I'm trying to fix it.

-----Original Message-----
The normal procedure with CWShredder do not work on

this
new nasty variant.

Post your log at the forum. They are very busy with

this
new infection.

The correct way is to first to remove these 02 and 04 entries.
Note that xxxx.exe are random files created by the malware. They are
different on each computer.

Run HijackThis again and place a check beside each of the following items.
Once done click the fix checked button.

O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338- 29CE7B59941D} -
C:\WINDOWS\system32\xxxxx32.dll
O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32 \xxxxx.exe


You will be asked to:

Download About:Buster from either of the following locations.

http://www.atribune.org/downloads/AboutBuster.zip
http://tools.zerosrealm.com/AboutBuster.zip


Run AboutBuster.exe, click OK, then start, then OK.

This
will scan your

computer for the files responsible for hijacking your home and/or search
settings/page.

Reboot and post a new HijackThis log along with the report from
About:Buster.

With these instructions they will suggest the correct files to be remove.

Note also that you must not have any other infections otherwise CWS will not
be removed. These infections if present must be cleaned first. Only your log
will show if you still have anything to remove.

--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

This is what I have done . Have been struggling with this
since Tuesday. offending page address is
res:hgvwq.dll/index.html#12802. I followed these
instructions from HiJack This to which I was referred by
other newsgroup posters.
- Start the system in safe mode.
- Delete the appropriate DLL
- Open HiJack This and get rid of anything that does not
belong.
- Change your startup page in IE back to normal.
- Run CWS Shredder just in case

Cleared temporary internet files, cookies, etc.
- Restart to normal mode.
- Check for the DLL again, if it reapears delete it.
- Run HiJack This again - there should be minimal changes
from the spyware this time (I had only two registry
entries changed).
- Open up IE and give it a go. After you open it up,
check HiJack this for trails of spyware"

This does not work for me. I have also done it with
system restore off. This morning I finally got

through

to
McAfee support. They had me scan, shutdown, disconnect
from internet, boot up, scan again with ie open. Nada.
When I went back to their e-ticket I was sent to MSN. I'm
not a subscriber so I've popped back here. My last
critical upadate patch was installed on Wednesday. This
is serious. It's not even allowing me to get to sites I
do want to frequent. Please help.
Alice


.

.