Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HEEELLLLLLLLLPPPPPPPP


  • Please log in to reply
6 replies to this topic

#1 gymmaster7

gymmaster7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 24 November 2004 - 08:35 PM

Someone please help.

I have been forced to use my laptop because my desktop was hit with this win-eto CRAP turns into tspax. i have tried advise given to other people on this site but it doesnt work. as soon as i can i will post a log

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:46 PM

Posted 25 November 2004 - 10:38 AM

Create a directory on your hardrive, to save HijackThis.exe, called c:\hijackthis. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Download the latest version, from here.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum. Do not fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

#3 gymmaster7

gymmaster7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 29 November 2004 - 06:03 PM

ok everyone as promised heres the log
Logfile of HijackThis v1.98.2
Scan saved at 6:01:55 PM, on 11/29/04
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\3Z4BW3~1.DLL
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\5PYC3TD66YKSTHD.EXE
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Propel Accelerator] C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\WTP1HJ5GE6H9ZV.EXE
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.greg-search.com

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:46 PM

Posted 29 November 2004 - 06:10 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\3Z4BW3~1.DLL
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\5PYC3TD66YKSTHD.EXE
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\WTP1HJ5GE6H9ZV.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: *.greg-search.com

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\SYSTEM\3Z4BW3~1.DLL
C:\WINDOWS\SYSTEM\5PYC3TD66YKSTHD.EXE
C:\WINDOWS\SYSTEM\WTP1HJ5GE6H9ZV.EXE

Reboot your computer to go back to normal mode and post a new log.

#5 pop

pop

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 29 November 2004 - 06:11 PM

hey, I just fixed that same problem on my computer. The fix is down a little ways in the post and it takes a little bit of time. Yours may be a little bit different but try writing to the guy who helped me in my post. I think it was title permanent homepage change t.swapx.cc or something like that

good luck

#6 gymmaster7

gymmaster7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 03 December 2004 - 07:38 AM

Hey thanks for all your help. I ran hijack this and by the next day win-eto never came back. Tahks abunch :flowers: :trumpet: :thumbsup:

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:46 PM

Posted 03 December 2004 - 11:52 AM

gymmaster7,

Please post a last log for review




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users