Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - Glutton


  • This topic is locked This topic is locked
5 replies to this topic

#1 glutton

glutton

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 20 April 2005 - 04:03 PM

Ok, in my recent post regarding the files CTHELPER, PCSYNC, HOTKEYSVC, i was advised to acquire a couple of programs, run them, clean out the junk, etc..
I did that, and also I deleted the three above files.. I'd never seen them before my incident with MSN messenger (when they appeared in my SpySweeper ALERT list). Since deleting them, they no longer appear in the list, and I'm also able to once again load up programs on Windows (98) start, which i couldn't do while they were alive and well.

So here's the HJT Log file, as i was instructed.. It doesn't appear to have anything malicious in it, and the computer is much cleaner since performing the various sweeps, but here it is and maybe someone can determine if there's still something rude going on.
NOTE: i've also deleted Internet Explorer.. that's how all my problems started.. now i use Netscape exclusively



Logfile of HijackThis v1.99.1
Scan saved at 5:01:55 PM, on 20/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\GRXP4EXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\RFA\RFAGENT.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {9C569BC1-20DA-11D7-AEFB-00036D1329A6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunOnce: [washindex] C:\Program Files\Washer\washidx.exe "h"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "h"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - HKCU\..\RunServices: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
O4 - HKCU\..\RunServices: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

BC AdBot (Login to Remove)

 


#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:02:57 AM

Posted 21 April 2005 - 07:56 AM

Hi Glutton.

Nearly there, just one more to come out.

Please remove this one with HJT making sure ALL windows and browsers are closed:

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...meInstaller.exe


Now that you've removed Internet Explorer, how do you propose to keep Windows updated with security patches?
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#3 glutton

glutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 April 2005 - 10:07 AM

Hi John, thanks for the reply...

I'll chop that line right away...
By the way... I assume i just check the desired box and click 'FIX' with HJT?

as for the security updates for Windows..
I don't think i've ever updated Windows security patches... maybe once or twice in the last 5 years.. I never had any problems.. In fact, I would always have trouble trying to download the patches... And it's just myself who uses this computer so I can control the junk that goes in and out of it with fair precision...
That's why i've had it for 8 years with Internet and have had only one instance of pain (when someone else snuck on and clicked a bunch of bleep sent to him over MSN messenger)

I've been meaning to get IE back again.. Now that i have all this spyware junk, it'd probably be safe to at least have it again...

Can it be downloaded anywhere? (just the browser).. or is it included in the windows 98 CD?
I tried getting it from the Microsoft website, but that site's as good as Chinese to me.

thanks,
scott

#4 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:02:57 AM

Posted 21 April 2005 - 06:33 PM

Yes, sorry, I should've been clearer about HijackThis. Check the box next to the entry, close ALL OPEN WINDOWS and click the Fix button.

as for the security updates for Windows..
I don't think i've ever updated Windows security patches... maybe once or twice in the last 5 years.. I never had any problems.. In fact, I would always have trouble trying to download the patches... And it's just myself who uses this computer so I can control the junk that goes in and out of it with fair precision...

I would consider yourself very lucky. Without keeping Windows updated, your operating system is extremely vulnerable to the point where you have absolutely no control whatsoever. Infections often take advantage of Security holes in the OS leaving you defenceless.

Go here for instructions on how to reinstall Internet Explorer. Once done, I suggest you go immediately to Windows Update and download ALL available Critical Updates and Service Packs for IE.

Post back when you're done if you have any further queries.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#5 glutton

glutton
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 21 April 2005 - 07:24 PM

Thanks a bunch John..
Got rid of that line in HJT
and I was able to reinstall Internet Explorer and have downloaded all Critical Updates, and I even got my Task Scheduler back on my start up bar!! (this had been missing since CTHELPER, PCSYNC and HOTKEYSVC had reared their ugly heads)..

all is well!

scott

#6 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:02:57 AM

Posted 21 April 2005 - 08:07 PM

Great stuff Scott, I'm glad everything is in order again.



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and renable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.


Safe Surfing - :thumbsup:

HJM


Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users