Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attack on Windows Media Player (Help me!)


  • Please log in to reply
3 replies to this topic

#1 RavenWolf

RavenWolf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 08 April 2005 - 01:42 AM

Okay, well, I recently had a severe bout with a web hijacker. After about four downloaded spyware removers, including Adaware, Spybot, and Spysweeper, I've managed to get it gone.

Except for one little residual problem.

Every time I try to open Windows Media Player, instead of the program, I instead get a little pop-up that says 'Browser Enhancement Installation: Good News! A free browser enhancement is available to be installed on your system immediately free of charge. By installing our software you agree to the terms and conditions stated here.' Then there's a little check-box which appears automatically checked and a button that says 'close this window'. There's nothing else in the box.

All I do is uncheck the box and click 'Close This Window'. But it still comes back every single time I go to open WMP, therby preventing me from accessing it.

Help please?

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:33 PM

Posted 08 April 2005 - 11:53 PM

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.

Download HijackThis from:

HijackThis Download Site

Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.

Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here and right click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the link below:

How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

#3 concussion91

concussion91

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:33 PM

Posted 17 April 2005 - 06:23 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:20:59 PM, on 4/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\XL.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

Edited by concussion91, 17 April 2005 - 06:41 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:33 PM

Posted 18 April 2005 - 05:57 AM

Looks like you only posted a partial HJT log. Please post a complete log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users