Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SwapX We've been hijacked! Please help!


  • Please log in to reply
2 replies to this topic

#1 mdseamon

mdseamon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 26 November 2004 - 04:44 PM

Please help! I'll beg if you wish! I'm at my wits end. Please help. Please?!!...I've been infected with SwapX and here is my HJT log:

Logfile of HijackThis v1.98.2
Scan saved at 3:22:21 PM, on 11/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 5.0

\Reader\AcroRd32.exe
C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\Temporary

Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer,SearchURL = http://win-eto.com/sp.htm?

id=9
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar = http://win-

eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page = http://win-

eto.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://win-

eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page = http://win-

eto.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet

Explorer\Search,SearchAssistant = http://win-

eto.com/sp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-

2A4752CA7F4E} - C:\WINDOWS\system32\W8C6S4~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1

\HPINST~1\plugin\bin\PCHButton.exe
O4 - Global Startup: winlogin.exe
O20 - AppInit_DLLs:

mwfmcnsu7nx6np.dll.dll.dll.dll.dll.dll.dll.dll.dl

l.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.

dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.d

ll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

BC AdBot (Login to Remove)

 


#2 mdseamon

mdseamon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 26 November 2004 - 05:04 PM

Again, please? Can someone help me with this SwapX infection?

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 27 November 2004 - 04:59 PM

Try using this online virus scanner and then post the log from the scan and a new hijackthis log

http://www3.ca.com/virusinfo/virusscan.aspx

Let it install the software and the nhave it scan your c: drive. Delete everything it finds and then post a new log along with the log from the virusscan you just ran




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users