Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This! Questions (WindowsXP)


  • Please log in to reply
3 replies to this topic

#1 moonchild

moonchild

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 14 August 2005 - 08:44 PM

I received an e-mail from Pete Moss the other day. The e-mail was a guide on how to get rid of "Home Search Assistant". In the guide it said to download HijackThis! so I did, I don't have a problem with the actual program.. I just don't know if I should be deleting some entries that came up on my scan. I have saved the scan log. Now the guide says this:

One or more O4 entries that will always have the same entry name as the filename. RunServices entries will only appear in Windows 95/98*Grinler computers, so do not be alarmed if you are not using one of those versions and don't see that type of entry.

Examples are:

O4 - HKLM\..\Run: [d3uw.exe] C:\windows\system32\d3uw.exe
O4 - HKLM\..\RunOnce: [sdkyo.exe] C:\WINDOWS\system32\sdkyo.exe
O4 - HKLM\..\RunServices: [D3RP.EXE] C:\WINDOWS\SYSTEM\D3RP.EXE

When we are cleaning these, do not be alarmed or surprised if you have many O4 entries or only one. Just clean them all. If you see an entry named internat.exe, pccguide.exe, or PCClient.exe, you can leave them alone as they are legitimate.


I don't know if I should be deleting all these files, for example.. the messenger plus3 files or Quicketime files.. do I not need those for the programs to work without complications? or are those files infected and need to be cleaned?
so Basically my question is..Do I delete ALL these files (using hijack this and the guide)?

Please your help is greatly appreciated and I can't proceed with fixing my computer until i know for sure what to do

>>>My Logfile<<<
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CPQEASYACC] C:\Compaq\eakdrv\STARTDRV.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [2time] C:\DOCUME~1\STEPHA~1\APPLIC~1\LIESGR~1\WebRefHide.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:46 AM

Posted 14 August 2005 - 09:03 PM

Quite frankly, I would post the entire log in the HJT forum; unless you are fairly computer-savvy, you can do some harm to your OS if you delete things without knowing precisely what you are doing. The volunteer team are very knowledgeable and have had a lot of experience with such problems, and can give you good advice.

Here is the link that explains the process:

http://www.bleepingcomputer.com/forums/How...s-Log-t956.html

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 moonchild

moonchild
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 14 August 2005 - 11:08 PM

Thanks for the link, and sorry I would've posted in there I just wasn't aware that there was an HJT forum.

#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:46 AM

Posted 15 August 2005 - 01:32 PM

Glad I could steer you in the right direction. That forum is a busy place, and logs are taken on a first posted, first reviewed basis, so be patient and a team member will help you.
Regards,
John
Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users