Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • Please log in to reply
15 replies to this topic

#1 DeniseM

DeniseM

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 25 May 2006 - 06:39 AM

:thumbsup: Hi, I'm having trouble getting rid of some stuff that has invaded my computer. I run my ad-aware se and my spybot often and even in safe mode but It keeps returning.
I have Avast, which I'm not sure I like too much yet, it takes all night and part of the morning to scan my computer!
Spybot has recently found deal helper, desk wizz, virtual bouncer and winsecure, which were removed. Should I purge the folder that they go into??
Adaware found a tracking cooking 2o7.net, which seems to keep coming back. Every time I open my explore folder I get several microsoft pop ups even after I remove the items that show up in the above.
Avast recently found a alwil software, and some win virus, which was moved to the virus vault....should those be deleted from there as well??
I tried to install and run hijack this, installed it to its own folder in programs but when I click on it I get an error "unexpected error" and it wont open
I'm not sure where to go from here

Thanks for reading about my U G L I E S !! lol

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:54 AM

Posted 25 May 2006 - 08:33 AM

I can answer a part of your questions. Anti-virus and anti-syware applications will move the infections they find into quarantine, where they cannot do further damage, but can be retrieved if needed. If, after a couple of days, you do not experience any problems, then the quantined files can safely be deleted.

Tracking cookies are perhaps the least serious of problems. Most browsers will have settings that will require your permission before allowing a cookie to be set on your hard drive. If possible, review the information about the cookie and you may be able to determine the site that sets it.

Delete the current holder with HJT, and re-download it. Are you following the instructions in the HJT Preparation Guide?

Hope this helps,
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:54 AM

Posted 25 May 2006 - 10:02 AM

To add to what John said, delete your temp files. Many things reinstall from there. Go to Start -> Run and type:

%temp%

and in the resulting folder that opens, you need to set it to be able to see all items. In Windows ME, go to tools -> Folder Options and click on the View tab. Uncheck "hide protected operating system files" and check "view hidden files." For Windows 98, go to the View choice, then the View tab. Check "Show all files."

Then select all the files in the folder. (Edit - Select All) Hold down your shift key while pressing your delete key. There may be files in use that cannot be deleted. If you get a warning that a file cannot be deleted, hold down your Ctrl key and deselect it, finish deleting as many as you can. (Files in use cannot be deleted.)

If you're installing Hijack This using the .sfx version, you just save it to a folder, double-click it, tell it to unzip, then close it. The program will now be in your C:\Program Files\HijackThis folder and ready to use.

#4 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 25 May 2006 - 10:25 AM

Thanks for your speedy answers!
I still cannot get hijack this to work
I downloaded it to my desktop, unzipped it to its own folder but when I double click I still get a pop up
saying "unexpected error"

I did my temp files and cookies
not sure what else to try with hijack to get it to work
after running adaware se yet again, tons of stuff was found :thumbsup:

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:54 AM

Posted 25 May 2006 - 10:27 PM

Herk I'm sure has nothing but the best intentions, but he should add that what he is suggesting is altering the redigstry, and any mistake...typo...could result in serious damage to your operating system. Be very careful.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:54 AM

Posted 25 May 2006 - 11:01 PM

but he should add that what he is suggesting is altering the redigstry,


No - I didn't say anything about altering the registry. I recommended changing folder options, which does not involve opening the registry. I should point out, however, that when you delete an icon from your desktop, install a new program, change your wallpaper, or most anything you do with your computer, you're altering the settings in the registry.

What I was suggesting was a way to remove temp files, since that's folder where many viruses and other malware start to infect your computer from. And if the file that seriously needs to be removed before it can reinfect and do damage is either a hidden file or a bogus system file, it needs to be removed. (System files, after all, are not stored in the temp folder, but in the Windows System folders for the most part.) The percent keys before and after the word "temp" are a variable, and will take you to the temp folder whichever directory it is in.

I seldom give advice that requires users to edit the registry, and if I did, I would instruct them to go to Start -> Run and type "regedit."

#7 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 26 May 2006 - 01:41 PM

Yikes, I did not mean to cause an argument lol
I still cant install hijack this for some reason :thumbsup:

#8 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:54 AM

Posted 26 May 2006 - 05:37 PM

Hi DeniseM :thumbsup:

Download Microsoft:- Visual Basic 6.0 Service Pack 5 Runtime Files

http://www.microsoft.com/downloads/details...&DisplayLang=en

Now see if you can run HijackThis! without getting that error.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#9 tekman22003

tekman22003

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 26 May 2006 - 09:39 PM

Have you tried to go to disk clean up in system tools? Also what about a reformat? This may be the only way to fix the problem.

#10 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:54 AM

Posted 27 May 2006 - 03:26 PM

You might try going into Control Panel, Add/Remove Programs to see if there is any malware such as Wintools or a searchbar that can be removed. Sometimes these will interfere with Hijackthis! running.

#11 DeniseM

DeniseM
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 29 May 2006 - 01:50 PM

After installing the visual basic pack, my hijack this now works :thumbsup:
here's my log (hope its ok to put it here since my other problems are already stated here)
Logfile of HijackThis v1.99.1
Scan saved at 2:42:04 PM, on 5/29/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\PAINT SHOP PRO 7\PSP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT1.4\SPYBOT~1\SDHELPER.DLL (file missing)
O2 - BHO: (no name) - {4669E99F-76E7-403F-85DD-C331ED7AC148} - (no file)
O2 - BHO: (no name) - {406F1E82-3183-4C07-9BCB-355D9AF16C56} - (no file)
O2 - BHO: (no name) - {C1BA40D8-8DB8-4B9A-80FD-1425A8D56469} - C:\WINDOWS\SYSTEM\JKKKL.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunOnce: [*JKKKL] rundll32.exe C:\WINDOWS\SYSTEM\JKKKL.DLL,CreateProtectProc rerun
O4 - Startup: HP OfficeJet Series 500 StartUp.lnk = C:\Program Files\HP OfficeJet Series 500\bin\HPOstart.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

Let me know what I should do next please

thanks again for all your help everyone :flowers:

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 AM

Posted 29 May 2006 - 04:41 PM

Hello DeniseM

We would like to assist you with your log but you posted in the wrong place.

Please post this log in the HijackThis Logs and Analysis Forum, not here. That is the forum used for those needing assistance by the HJT Team Experts.

I could move your thread topic over there but there have been several replies to it already. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If there are several responses, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible.

Thanks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 White Bird

White Bird

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 08 November 2008 - 09:01 PM

It sounds as if you may have what's called a "rootkit". This is a virus which puts (an) entr(y)ies into your registry. You can get various rootkit detectors (even as freeware) on the web. Just be very careful what you get as this does involve altering your registry, which can result in you having essentially an inoperable computer.

#14 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:07:54 AM

Posted 10 November 2008 - 07:32 PM

This post is more than two years old
I think they might have it fixed by now
In the beginning there was the command line.

#15 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:12:54 PM

Posted 11 November 2008 - 02:12 PM

This post is more than two years old
I think they might have it fixed by now

I did flag it up http://www.bleepingcomputer.com/forums/t/137145/bleeping-computer-tidiness/
but curiosity getting the better of me ,
I wonder how they did fix it or if we will ever find out ?Antivirus is desperatenly out of date and other programs could do with an update too :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users