Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijacked by "a-search.biz/?wmid=1010"


  • Please log in to reply
2 replies to this topic

#1 chimera

chimera

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 07 November 2004 - 05:17 AM

I have downloaded and tryed almost ten diffrent programs all mentioned to kill this and its now 5:AM and no sucess.

Yes I have gone threw the self-help guide i found here.
*I have no previous back ground with this other than what i did tonight*

here is my hijack this log.

Logfile of HijackThis v1.98.2
Scan saved at 5:13:28 AM, on 11/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\csrss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\LEXBCES.EXE
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\system32\LEXPPS.EXE
C:\WINDOWS.000\Explorer.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.000\System32\wuauclt.exe
C:\WINDOWS.000\System32\wpabaln.exe
C:\Documents and Settings\nick\My Documents\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=Userinit.exe,
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/11225/online.chm::/on-line.exe

Any suggestions?
Thanks for the help! :thumbsup:

Edited by chimera, 07 November 2004 - 05:19 AM.


BC AdBot (Login to Remove)

 


#2 chimera

chimera
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:27 AM

Posted 07 November 2004 - 04:49 PM

would It help if I remove IE and reinstall it from the XP CD?

Probably not huh?

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 08 November 2004 - 12:59 PM

To avoid any confusion, this log is being handled here:
http://www.bleepingcomputer.com/forums/ind...t=0&#entry30775

This thread can be closed.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users