|
you might be able to install firefox, which would then let you get the MSIE 6.0 downloader.
|
Sorry I am late to the party Stu. We have been reconfiguring our life again.
Without more information, I can't fully help you. Here is the link to re-install IE: http://www.theeldergeek.com/repair_r...e_and_oe_6.htm ... The odds are you still have adware on your system. If you can get to this URL: http://housecall60.trendmicro.com/en...rp.asp?id=scan ...Run that scan. The full one, spyware and virus. If you cannot start hijackthis, just rename the file to something else and run it. If you can download the Microsoft anti-spyware beta: http://www.microsoft.com/athome/secu...e/default.mspx ... then go ahead and install that. Do a search in your C:\windows folder for *.com anything that shows up as being 1k files size, go ahead and delete it. This puts files in the directory called regedit.com, ping.com, etc... This is for discouraging a fixable solution. You see windows will always run the .com before the .exe if there are two files of the same name with different extensions. If you post your hijackthis log, I can tell you what probably doesn't belong. I would advise you to install: http://www.javacoolsoftware.com/spywareblaster.html ...and : Spybot Search and Destroy: http://www.safer-networking.org/en/download/ ... Make sure you turn on the S&D resident scanner. "TeaTimer" This will alery you to attempted changes to your registry. This way you know exactly which site you were reviewing when the bad stuff happened, and... Who to blame. I also run: http://www.mlin.net/StartupMonitor.shtml ... which has largely the same functions as the tea-timer, but catches things it might miss. I have been running a TGP since 1999, and have been dosed with everything ever put out before the detectors would detect it. Formatting your hard drive should be your last option. This way, if you beat the little bastard out of your system, you will be setup to repel future invaders. I will wait to see your hijackthis log. 23 years in computer repair and it has come to chasing bugs. |angry| Mr. H. |
wowwwwwwwwwwww Mrhackula :D i am wokrking on it thanks
|
Logfile of HijackThis v1.99.1
Scan saved at 13:46:57, on 24-5-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE C:\PROGRA~1\QUICKH~1\QHONSVC.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\QUICKH~1\QHM32.EXE C:\PROGRA~1\QUICKH~1\MailSvr.exe C:\PROGRA~1\QUICKH~1\UPSCHD.EXE C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\system.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\QUICKH~1\QHONLINE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\locator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\hopeloos\Bureaublad\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /LOADRUN O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\MailSvr.exe O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /Check O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\RunOnce: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /check O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4 O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [ssgrate.exe] C:\WINDOWS\System32\system.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096750544656 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O23 - Service: Quick Heal Helper Service WSC (qhwscsvc) - Unknown owner - C:\PROGRA~1\QUICKH~1\QHWSCSVC.EXE O23 - Service: Quick Heal Online Protection - Unknown owner - C:\PROGRA~1\QUICKH~1\QHONSVC.EXE |
I agree with Mr Blue, the MS anti-sypware program works very well. Only thing, it usually takes a good number of scans before it gets rid of everything. Last time I had some nasty stuff it took about 7-8 scans, but it did get rid of it. Many other programs never even found what I had.
ronnie |
http://www.hijackthis.de/en use this or similar for a quick analyse of your hijackthislog!
Great to see how helpful people are! |
Quote:
Stever, I have found that declining all sites with scripts, iframes, and other outside sources has certainly decreased the amount of junk I am forced to deal with (and that my surfers have to deal with too). As I determine new methods for adding stuff on pages, I add that to the bot filter so that my surfers are not subject to this crap. If more TGPs and such spent a few minutes actually pre-checking stuff, there would be much less crap out there in the world. Oh yeah, firefox instead of IE is a HUGE help... not a total fix, but moves me from 99% to 1% pretty much directly! Alex |
mmm i did the housecal mirotrend thing he found 4 infected files, after that one i did the spysweeper i have myself and that one found Mitglieder_trojan, housecall didnt catch that,
Raw alex was it you who said that time to ban all the people who use fmous names, like the Phil Collins guy? well from his site i got this shit, i was doing some of the reviews at pimplinks and that ones had the coolwwwweb shit in filled my puter with virusses, even my virus scanner catch most |
hi Stu
in your hijackthis log "C:\WINDOWS\System32\system.exe" may be the problem go here to read about this before you delete this as I am not 100% sure http://www.answersthatwork.com/Taskl...tasklist_s.htm Fred |
Quote:
|
i cant get on the link fred i get time out
|
that file you pointed me at is infected with the midglieder trojan thing
|
Stu then dont delete it because like I said I'm not 100% sure and wouldn't want to be the cause of making it worse wait and see if someone else that reads the hijackthis log agrees with me.
ok then if that is a virus let hijackthis fix it Fred |
Quote:
Now, the mitglieder worm you already know about. Here is the details page at symantec: http://securityresponse.symantec.com...glieder.b.html The most interesting line is this one: "The Trojan also downloads and executes PWSteal.Ldpinch" ... so any common passwords in use are to be suspect and should be changed. For the hijack this log... There is another tool you might find helpful if you can't reach the first: http://hjt.iamnotageek.com/ In my opinion the only really bad thing there was already pointed out by someone else(f69j69b): C:\WINDOWS\System32\system.exe The actual file in this case is called: "ssgrate.exe" ... it is just lyint to the system process manager to make it think it has a true filename of: "system.exe" Read the removal instructions at symantec's site (linked above) and all should be well. If you need anything else, just ask. Dealing with this shit is fun, isn't it? Now you know why my blacklist is up to 67,126 domains. Pity there aren't enough non-"traffic-trading" (circle jerk) sites out there to bother making a communal blacklist. Most sites approve anything because the surfer only has a 1-10 chance of seeing an actual gallery anyway. :-( I hope it is easy fixing from here on out. Mr. H. |
Quote:
|
oke have runned all the programs now, it looks its gone, but, there is the but....puter is slow with starting up, sintetnet exploere is still fucked and firefox is finme, i tried to reinstal ie with the setup i have, but the puter said cant find iesetup.inf or something like
|
you should have let me get someone else to do the sites |satan|
what a pain in the ass it been so sorry |cry| hit me when you back ok |waves| |
Until next month when you get to go through all this again…
|
Quote:
and no virus scanner would catch it, its like symantic said , it has to be removed by hadn also, cwshredder thing couldnt find it but it was there.na i think i can be safe now for awhile with firefox, because thats the only one who does work on my puter. i am gonna review this eve again. i have send opti also pm, because all my pass and ids are whiped out too. |
Quote:
|
oke uodate even with all the help here, it didnt work, well it did work to get rid of the coollwww and the 100s of other strange stuff in it, but my files are so damnage that xp cant work good anymore, even putting files back from the disk wont work, so what i am going to do is, totally reinstal xp but then with xp sp2 with it, i am gonna back up all my stuff i need and i ned to do something with those emails, because i dont know how to put my emails in an folder so i can burn them on cd . I realy realy wanna thank all for the help it was realy apriciated and you guys are the best!!! btw i have an totally upgrade and updated puter ready just incase i fuck up reinstalling xp pro again.:D
|
Quote:
ronnie |
| All times are GMT -4. The time now is 10:57 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc