Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked while on holiday


  • This topic is locked This topic is locked
5 replies to this topic

#1 mprhly99

mprhly99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 30 May 2005 - 10:58 AM

pc used by other family member while I was away. picked up usbn without realising - we still have to discover bill! Have run updated Spybot without success, can't used ad-aware on W95. Here is the post Spybot Hijack this log. Have identified apparent rogue entries but not sure how to delete effectively

Grateful for help. Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 11:40:05, on 30/05/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON UTILITIES\NSS\SPDSTART.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM32\USBN.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
D:\MICROSOFT OFFICE\OFFICE\OSA.EXE
D:\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\NSCHED32.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
E:\Program Files\OCRAWARE.EXE
E:\PROGRAM FILES\OCRAWR32.EXE
D:\PROGRAM FILES\PSCONSV.EXE
E:\Program Files\nortonsystemworks\Norton CleanSweep\Monwow.exe
D:\PROGRAM FILES\ELOGERR.EXE
D:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UPDATES\IMMUFIX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT 5.05\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [MSWHEEL] C:\WINDOWS\SYSTEM\mswheel.exe
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [BillMinder] D:\QWSE\BILLMIND.EXE
O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\nortonsystemworks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [SpdStart] E:\Program Files\nortonsystemworks\Norton Utilities\NSS\SPDSTART.EXE /AutoStart
O4 - HKLM\..\Run: [Norton Auto-Protect] E:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c28 -w
O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\nortonsystemworks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\PROGRA~1\NORTON~1\NORTON~3\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Billminder.lnk = D:\QWSE\billmind.exe
O4 - Startup: Office Startup.lnk = D:\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = D:\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Norton System Doctor.lnk = E:\Program Files\nortonsystemworks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Norton Program Scheduler.lnk = E:\Program Files\nortonsystemworks\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\nortonsystemworks\Norton CleanSweep\csinsm32.exe
O4 - Startup: OCRAWARE.lnk = E:\Program Files\OCRAWARE.EXE
O4 - Startup: PsiWin 2.3 Connection Server.lnk = D:\Program Files\Psconsv.exe
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Freeserve - {0F1332C0-FCF1-11D2-9AE8-243105C10000} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/us/sa/common/c...n/bin/cabsa.cab

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 30 May 2005 - 09:39 PM

Hello mprhly99 and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Download CCleaner and install it but do not run it yet.

Step #2

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #3

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c28 -w
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #4

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\system32\usbn.exe
Step #5

Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Step #6

Reboot normally and run at least 2 of the following on-line virus scans:Trend Micro Housecall
BitDefender On-Line Virus Scan
Panda ActiveScan
eTrust Antivirus Web Scanner
Make sure that you choose "fix" or "clean".

Step #7

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 mprhly99

mprhly99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 02 June 2005 - 03:18 PM

Thanks OT - some progress. have taken off the usbn.exe. was tired so got surprised to be cleaned out so completely by cc cleaner - could have unchecked some boxes. but no great losses. pc and I were both tired by the scanners (only slow modem and 3gb hard disk - still in 20th century here. - panda active scan found three but did not clear them
Adware:Adware/SearchExe C:\WINDOWS\SYSTEM\ogaa.dll
Adware:Adware/Adsmart C:\WINDOWS\SYSMON.EXE
Adware:Adware/SAHAgent C:\WINDOWS\unstall.exe

CA only found the ogaa.dll. Said it could not cure it

Can I just delete them? not sure if hijack this shows them.

Here is the hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 20:59:17, on 02/06/05
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.00 SP2 (5.00.3314.2100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON UTILITIES\NSS\SPDSTART.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMENU.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
D:\MICROSOFT OFFICE\OFFICE\OSA.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CG16EH.EXE
D:\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
D:\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON ANTIVIRUS\NSCHED32.EXE
E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
E:\Program Files\OCRAWARE.EXE
E:\PROGRAM FILES\OCRAWR32.EXE
D:\PROGRAM FILES\PSCONSV.EXE
E:\Program Files\nortonsystemworks\Norton CleanSweep\Monwow.exe
D:\PROGRAM FILES\ELOGERR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\tapiexe.exe
D:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT 5.05\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [MSWHEEL] C:\WINDOWS\SYSTEM\mswheel.exe
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [BillMinder] D:\QWSE\BILLMIND.EXE
O4 - HKLM\..\Run: [NPROTECT] E:\Program Files\nortonsystemworks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [SpdStart] E:\Program Files\nortonsystemworks\Norton Utilities\NSS\SPDSTART.EXE /AutoStart
O4 - HKLM\..\Run: [Norton Auto-Protect] E:\PROGRA~1\NORTON~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "E:\PROGRAM FILES\NORTONSYSTEMWORKS\NORTON CRASHGUARD\CGMenu.EXE"
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [NPROTECT] E:\Program Files\nortonsystemworks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [CSINJECT.EXE] E:\PROGRA~1\NORTON~1\NORTON~3\CSINJECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - Startup: Billminder.lnk = D:\QWSE\billmind.exe
O4 - Startup: Office Startup.lnk = D:\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = D:\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut Bar.lnk = D:\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Norton System Doctor.lnk = E:\Program Files\nortonsystemworks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Norton Program Scheduler.lnk = E:\Program Files\nortonsystemworks\Norton AntiVirus\NSCHED32.EXE
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = E:\Program Files\nortonsystemworks\Norton CleanSweep\csinsm32.exe
O4 - Startup: OCRAWARE.lnk = E:\Program Files\OCRAWARE.EXE
O4 - Startup: PsiWin 2.3 Connection Server.lnk = D:\Program Files\Psconsv.exe
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBAR\FSBAR.DLL/VSearch.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Freeserve - {0F1332C0-FCF1-11D2-9AE8-243105C10000} - http://www.freeserve.net/ (file missing) (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/us/sa/common/c...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

Thanks a lot for your time and advice.

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 02 June 2005 - 11:45 PM

Hi mprhly99. As far as the log foes, it is clean. Good job! How are things running? Any problems?

If you did any virus scans and the scanners were not able to either clean, quarantine or delete the files then go ahead and delete them yourself. The nice thing about win95/win98 is that if you have to you can boot to DOS and delete anything.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section unselect Show all files.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus application like the one you are currently using. It is critical to have both a firewall and antivirus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 mprhly99

mprhly99
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 04 June 2005 - 07:16 AM

Thanks OT - system running OK now I have moved Activescan of my C drive which cannot take any more downloads.

Have deleted the ogaa.dll which seems to be a relic of previously moved about blank hijack. The other 2, sysmon.exe and unstall.exe while identifiable as potential spyware have creation dates of 1996 and 1999 respectively. Neither appears to be active. Have looked at various web info and decided to leave sysmon.exe as it does not correspond to the worm description and could be motherboard related. Have removed unstall.exe to the recycle bin. New pc on the way soon I hope so will try to maximise protection there.

thanks again for your help. cheers.

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:48 AM

Posted 04 June 2005 - 11:23 AM

You're very welcome mprhly99. I'm glad that we could help.

Now that your issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users