Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help-(SIXA-wat the bleep-?)


  • Please log in to reply
1 reply to this topic

#1 noob123

noob123

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 12 August 2005 - 02:56 AM

Hi
I need helf removing this so called SIXA dialer.
Here is the log from Hijack(i cheked everything and clicked fix, but some stuff was still there)

Logfile of HijackThis v1.99.1
Scan saved at 5:30:47 PM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ymopomj.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kabi\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pcworld.idg.com.au
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [Road roam] C:\PROGRA~1\FRAGBO~1\flagone.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [wikadgyysmg] C:\WINDOWS\System32\ymopomj.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\My Documents\pba\MsgPlus.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [MMSystem] C:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32
O4 - HKLM\..\Run: [_1258c] C:\WINDOWS\System32\_1258c.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepjx32.exe
O4 - HKLM\..\Run: [pyghtpd] c:\windows\system32\plwngr.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD2BA68B-3EE7-45A7-85E9-D8139413AB2E}: NameServer = 203.2.75.132 198.142.0.51
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Please help

BC AdBot (Login to Remove)

 


#2 Lobos

Lobos

  • Members
  • 317 posts
  • OFFLINE
  •  
  • Location:California USA
  • Local time:11:27 AM

Posted 14 August 2005 - 10:26 PM

hello noob

welcome to BC

Download, install, update, configure and run a scan with Ad-aware SE
v1.06:
  • Download and Install
    AdAware SE Personal
    [/color], keeping the default options.
    However, some of the settings will need to be changed before your first
    scan.
  • Close ALL windows except Ad-Aware SE.
  • Click on the‘world’ icon at the top right of the Ad-Aware SE
    window and let AdAware SE update the reference list for the adware and
    malware.
  • Once the update is finished click on the ‘Gear’ icon (second from
    the left at the top of the window) to access the preferences/settings
    window:
    • In the ‘General’ window make sure the following are
      selected in green:
      • Under Safety:
        • Automatically save log-file
      • Automatically quarantine objects prior to removal
      • Safe Mode (always request confirmation)
    • Under Definitions:
      • Prompt to update outdated definitions - set the number of
        days
  • Click on the ‘Scanning’ button on the left and select in
    green:
    • Under Driver, Folders & Files:
      • Scan Within Archives
    • Under Select drives & folders to scan:
      • choose all hard drives
    • Under Memory & Registry: all green
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
  • Click on the ‘Advanced’ button on the left and select in green:
    • Under Shell Integration:
      • Move deleted files to recycle bin
    • Under Logfile Detail Level: all green
      • include addtional object information
      • DESELECT - include negligible objects information
      • include environment information
    • Under Alternate Data Streams:
      • Don't log streams smaller than 0 bytes
      • Don't log ADS with the following names:
        CA_INOCULATEIT
  • Click the ‘Tweak’ button and select in green:
    • Under ‘Scanning Engine’:
      • Unload recognized processes during scanning
      • Scan registry for all users instead of current user only
    • Under ‘Cleaning Engine’:
      • Let Windows remove files in use at next reboot
    • Under Log Files:
      • Include basic Ad-aware SE settings in logfile
      • Include additional Ad-aware SE settings in logfile
      • Please do not check: Include Module list in logfile
  • Click on ‘Proceed’ to save the settings.
  • Click ‘Start’
  • Choose 'Perform Full System Scan'
  • DESELECT "Search for negligible risk entries", as negligible risk
    entries (MRU's) are not considered to be a threat.
  • Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the
    options you have selected and clean automatically.
  • If Ad-Aware SE finds bad entries, you will receive a list of what it
    found
    in the window
  • Right-click on the list and choose Select All
  • Click the Next button to finish removing the items that were found
  • When finished, REBOOT to complete the removal of what Ad-Aware SE
    found
next

Spybot Search & Destroy

Download, install, update and run a scan with Spybot S&D:
  • Download and Install
    Spybot Search &
    Destroy
    , accepting the Default Settings.
  • In the Menu Bar at the top of the Spybot window you will see
    'Mode'. Make certain that 'default mode' has a check mark
    beside it.
  • Close ALL windows except Spybot S&D
  • Click the button to ‘Search for Updates’ and then download and
    install all available Updates
    .
  • Next click the button ‘Check for Problems’
  • When Spybot is complete, it will be showing ‘RED’
    entries bold 'Black' entries and ‘GREEN’ entries
    in the window.
  • Make certain there is a check mark beside all of the
    RED entries ONLY.
  • Choose ‘Fix Selected Problems’ and allow Spybot to fix the
    RED entries.
  • REBOOT to complete the scan and clear memory.
Run an online antivirus check from at least one and preferably 2 of the following sites....select autoclean click below

Housecall
Panda scan
RAV

Re-boot again. Then post a new HijackThis log to check what is left if anythig didnt get cleaned post the av log too


Lobos
<span style='color:blue'>Ad-Aware SE</span> | Spybot S&D 1.4

For extra protection try spyware blaster

<span style='color:blue'>If you use IE I suggest using these two programs</span> MVPHosts & IE-SPYAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users