Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - bobnix


  • Please log in to reply
2 replies to this topic

#1 bobnix

bobnix

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 14 November 2004 - 10:28 AM

I have attached a hijackthis log, and I would appreciate your assistance.

I do not have a file entry in the 20 section.

I have a file win-eto.com/sp.htm?id=31403. I am redirected to a website named win-eto.com. I have more than one of these files in my system.

I am also redirected to t.swapx.cc/h.php?aid=31403.

Various spyware is loaded into my computer. I am able to remove it with Spybot S&D, but spyware is reloaded each time I get on the net. First spyware loaded is Hellz Little Spy: Executable C:/WINDOWS/SYSTEM/system.exe.

Spybot is unable to remove browser thief.

Adaware has been separated from its file of spyware programs.

Cannot update Adaware, update is blocked.

Attempted to download and run A Square. Downloaded program, was redirected to update, could not successfully update and run. Each attempt to run redirects to update.

What do you suggest?

thanks,
Bob

BC AdBot (Login to Remove)

 


#2 CalamityKen

CalamityKen

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Location:Whitby. Ont.
  • Local time:05:09 AM

Posted 14 November 2004 - 10:59 AM

bobnix, welcome.

Please print this out and follow ALL these directions carefully.

The system is infected with Backdoor.OptixPro.13.C by the presence of system.exe
http://securityresponse.symantec.com/avcen...ixpro.13.c.html

Looks like you are also a victim of the latest CoolWebSearch (CWS) hijack.

Download the latest v1.98.2 version of HijackThis to post your log here:
http://aumha.org/downloads/hijackthis.exe
or
http://tools.radiosplace.com/HijackThis.exe

These infections disable the infection removal.

Make sure 'show all files' is enabled:
http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=

Boot into Safe Mode by tapping F8 key repeatedly at bootup.
More detailed instructions here:
http://service1.symantec.com/SUPPORT/tsgen...001052409420406

Find and delete if still present:
C:/WINDOWS/SYSTEM/system.exe <== file

Reboot and Install the prevention protection below and help your friends from being infected on the Internet.

Empty the Recycle Bin frequently.

Run CleanUp! as the Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.
http://cleanup.stevengould.org/
Then reboot to let it clean out what it found.

By the way, in order to improve Internet Explorer (IE) performance the Temporary(TIF)should be cleaned out periodically.
Also, it is a good idea to limit the size of the TIF to 200MB for performance sake.
In IE go to Tools then Internet Options then Settings and move the slider down to 200MB.

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and SpywareBlaster then keep them up to date as today's Internet is full of nasty infections.
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html

You should install ALL WindowsCritical Updates to help from being continually infected.
In Internet Explorer go to Tools then Windows Updates and install each patch one by one rebooting when necessary.

#3 bobnix

bobnix
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 20 November 2004 - 07:52 AM

Calamity Ken:

Thank you! The resources you gave me were great. I used them and your advice, and my problem is solved.

Bob Nix




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users