Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware/Malware?


  • Please log in to reply
8 replies to this topic

#1 Dom Hollow

Dom Hollow

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 June 2005 - 02:44 PM

I am operating an older computer (5-7 years old) using Windows ME and managed to contract something unpleasant. As of this point I have tried:

* Scanning with Ad-Aware SE Personal
* Scanning with Spybot Search & DestroyI have used the:
* Norton Antivrus (an older version but with updates)
* TweakNow Registry Cleaner
* Registry Mechanic

I have downloaded HijackThis and CWShreder but am unable to run either as the computer delivers an "Unexpected Error" message when I do attempt to run them.

Many of my programs including Internet Explorer deliver an "Explorer has caused an error in MSAUH.DLL" message when I try to run them.

And the more visible problems include an extra tool bar in many of the computers traditional programs (Word , Internet Explorer, etc...) as well as many new listings in my "Favorites" category.

I apologize if this seems scattered but I am appreciative of any assistance that may be offered.

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:34 PM

Posted 07 June 2005 - 02:56 PM

Have you gone in to your Control panel>Add/Remove Programs, and see what is there that could be uninstalled?

What error are you getting when you try to run HijackThis?

It sounds like a ISearch infection, but that is just a guess from what little information you have given. If you have questions about what is safe to remove from add/remove programs, just ask. :thumbsup:

#3 Dom Hollow

Dom Hollow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 June 2005 - 03:11 PM

Thanks for the reply.
I have looked at the Add/Remove Programs but nothing in it jumps out at me.

And as for the error message title bar says "HijackThis" and the body of the message is simply "Unexpected Error".

Just let me know if a list of the Add/Remove Programs would help you?

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:34 PM

Posted 07 June 2005 - 03:20 PM

If you can get a list of everything in there, that would be helpful. But before we do that, let's try something a bit off the wall. Go to the directory where HijackThis is located, and change the name of the .exe. Right now, it should be named hijackthis.exe. If you right click on it, and select rename, try renaming it to hj.exe and then see if it will run.

How much memory do you have on that box? And do you have a bunch of programs that run on startup? Sorry for all of the questions, but we have to figure out what is going on just so we can get you started.. :thumbsup:

#5 Dom Hollow

Dom Hollow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 08 June 2005 - 05:57 PM

Okay,
I changed the HijackThis.exe name to hj.exe but it still just gave me the error message.

This is the list from my Add/Remove Programs file:

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe PhotoDelux 2.0
Adobe Reader 6.0.1
Adobe Type Manager
AnswerWorks Runtime
Avant Browser (remove only)
BJC-2100 Canon Creative Launcher
Camera Driver Installation
Canon BJC-2100 Printer
Canon Camera Window for ZoomBrowser EX
Canon i560
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CD-Writer Plus software
CNET Dowload Manager
Device drivers for Simple Backup
Easy CD Creator 5 Platinum
Easy-WebPrint
Ghost Recon
Google Toolbar for Internet Explorer
HP Simple Trax
Internet Explorer Q832894
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.2_03
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 1.7 (Symantec Corporation)
Medal of Honor Allied Assault
Micrografx Windows Draw 6 LE
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office XP Professional with FrontPage
Microsoft Outlook Express 6
MSN Messenger 6.1
MSN Messenger 6.2
MSN Toolbar
MYIE2 Browser (remove only)
NetoDragon 56k Voice Modem
Network Play System (Patching)
Norton Antivirus
Outlook Express Update Q330994
PaperMaster Live
PolyView 3.92
Power Tab Editor 1.7
QuickTime
RamBooster
Registry Mechanic 4.0
RHSI Self Healing (remove only)
RHSI Toolbar (remove only)
Rogers Yahoo! Applications

Search Assistant – My Search (This actually jumps out as something I don’t want)
Spybot – Search & Destroy 1.3
TweakNow RegCleaner
Uninstall ESS Modem
Windows Millennium Edition Q823559 Update
WinRAR archiver
WinZip
ZoneAlarm


The machine currently has a maximum memory capacity of 5.59 GB
3.85 GB are being used
1.73 GB are free

As for programs that run on start-up I'm not 100% sure how many there are but I think it is quite a few. (Is there somehow I can check for a specific number?)

Also I'm not sure if this helps but many of the URL's that the Avant browser blocks when I'm using it are listed as "global.msads.net"

Thanks again for the help.

#6 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:08:34 PM

Posted 08 June 2005 - 06:14 PM

As for programs that run on start-up I'm not 100% sure how many there are but I think it is quite a few. (Is there somehow I can check for a specific number?)


This will bring you to, where you will be able to view all of your startups.


> Start

Left click on > Run

Type in > msconfig

Click on > Open

Click on > Startup Tab

Edited by scarlett, 08 June 2005 - 06:15 PM.

Posted Image

#7 Dom Hollow

Dom Hollow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 08 June 2005 - 06:29 PM

Thanks for the tip,
There are 24 programs that run on startup.
Would the list help?

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:34 PM

Posted 08 June 2005 - 07:42 PM

No need for the startup list.. I already know what the problem is (thanks scarlett :thumbsup: )

You definately don't want Search Assistant – My Search, IIRC, that is a CWS infection, and is quite difficult to remove. You can try removing it through the add/remove programs, but I would bet even money it won't work. You are going to need the assistance of the malware removal team.

http://www.bleepingcomputer.com/forums/How...orum-t1112.html

That post will get you on to the help you need. :flowers:

#9 Dom Hollow

Dom Hollow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 10 June 2005 - 12:05 PM

Thanks a lot for your help I really apreciate the assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users