Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another http://t.swapx.cc/h.php?aid=20009 problem


  • Please log in to reply
6 replies to this topic

#1 jonnyfish

jonnyfish

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 November 2004 - 11:46 AM

Please please please can you help me get rid of this horrible horrible thing on my computer! I read a previous post and carried out all the instruction but to no avail, so looks like i need a tailored solution. Here is the log file from HiJack This:

Logfile of HijackThis v1.97.7
Scan saved at 16:42:47, on 27/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\s89h4ho3nrdy5othd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Stuart\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=32715
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\System32\s89h4ho3nrdy5othd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Tencent QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: ICQ 4 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra 'Tools' menuitem: Tencent QQ (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A7808A1-544F-480C-B4F8-AD9660CDDCFB}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{7A7808A1-544F-480C-B4F8-AD9660CDDCFB}: NameServer = 195.92.195.95 195.92.195.94

I hope you can help, my parents are going nutty for apparantly 'destroying' their PC, you know what they are like, bless'em!

BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:08:28 AM

Posted 27 November 2004 - 03:04 PM

Hello jonnyfish and welcome to BleepingComputer.

Please collect the following information for me:

1. Open Windows Explorer (Windows key+e) and navigate to the C:\WINDOWS\System32 folder. Look for a file that has W8C6S4 as the first 6 characters and ends in .DLL. I believe it will be C:\WINDOWS\System32\w8c6s4xcm66.dll, but please check to be sure.

2. Then open Notepad and copy/paste the contents on the following quote box to Notepad. Save it to your desktop as Find_Bad_dlls.bat

dir C:\WINDOWS\System32\*.dll.dll > C:\baddlllist.txt
notepad C:\baddlllist.txt
del c:\baddlllist.txt

Double click on Find_Bad_dlls.bat and copy the contents of the resulting file into the next post.

Finally, You are using an outdated version of Hijackthis. Please download and install the newest version, v1.98.2, from this HijackThis download site.

Please post the result of 1 and 2 above, along with a new HJT log using v1.98.2. Post it as a new thread to the HijackThis Logs and Analysis board. Then post at this thread that you have done the above so that I get a notification to go look for you on the Hijack Analysis board.
Derfram
~~~~~~

#3 jonnyfish

jonnyfish
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 28 November 2004 - 07:58 AM

Hi Ddeerrf,

First thanks a lot for replying and helping me out, its verymuch appreciated!

I created a post as you told me and called it 'Jonnyfish calling Ddeerrff, details you asked for' You should be able to find it there,

thanks again

jonny

#4 opilo

opilo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 30 November 2004 - 10:15 PM

and what about mine log?

Logfile of HijackThis v1.98.2
Scan saved at 4:15:20, on 1-12-2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\loadqm.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\dkbmhi.exe
C:\WINNT\System32\sj6bhcisrhthd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\winupdt.exe
C:\WINNT\System32\telgnt5.exe
C:\WINNT\System32\internat.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINNT\subst.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Free-Popup-Killer\fpuk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Installer\fog\SpySub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\aaayuv.exe
C:\WINNT\System32\admoinst.exe
C:\samo\totalcmd\TOTALCMD.EXE
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\INSTALLS\HELP2GO-sw\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door F & S Computers IE-6
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINNT\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\System32\.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: Search - {7D12711A-5452-DD70-1AB0-93AFAE090B12} - C:\WINNT\Podbmqeo.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [khlwbmn] C:\WINNT\System32\dkbmhi.exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\System32\sj6bhcisrhthd.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINNT\System32\winupdtl.exe
O4 - HKLM\..\Run: [saie] c:\winnt\system32\saie.exe
O4 - HKLM\..\Run: [tspnqc] C:\WINNT\System32\tspnqc.exe
O4 - HKLM\..\Run: [MSRegSvc] C:\WINNT\System32\regsvc32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [573O38l] admoinst.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RKNAWIAXP] C:\WINNT\URBPSBKS.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Clock] C:\WINNT\label.exe
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - HKCU\..\Run: [KwsERUJth] aaayuv.exe
O4 - HKCU\..\Run: [Terminate Popup] C:\Program Files\Free-Popup-Killer\fpuk.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: SpySubtract.lnk = C:\Installer\fog\SpySub.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.f-scomputers.nl
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04bc62b2f58b8b...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {8B36EE17-F914-4D89-B2BA-612394ECF3B1} - http://www.globalmalepass.com/icon/gmpicon.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/4/download/pdpplug...bundle7v1d1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAF27AB3-3AB2-4070-803A-7332EEF892A8}: NameServer = 209.47.15.118,64.157.143.38,
O20 - AppInit_DLLs: tr333p4wp2u11gx.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

I've searched in many forums-problem is with the safe mode;-( thanx 4 help

#5 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:08:28 AM

Posted 01 December 2004 - 12:26 AM

Opilo, please start your own thread. Piggy-backing on someone else's, no matter how similar, just gets confusing.

The best place to post a HijackThis log is on the HijackThis Logs and Analysis board. Someone will get to you within a couple days.
Derfram
~~~~~~

#6 opilo

opilo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 01 December 2004 - 10:37 AM

my problem has the same name: http://t.swapx.cc/h.php?aid=20005

#7 Tankerdog2002

Tankerdog2002

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 11 December 2004 - 09:31 AM

Hi guys,

I nuked this beastly Hijacker very simply. After trying everything I could think of... I went here and found out that I needed to reload Ad-aware SE Personal and then update it before I ran it.

I did this and was immediately infected with 185 new objects when I re-booted. Whoaaaaaaa! I only had 32 to start with.

So....I turned to MajorGeeks.com; were I found a little program under the spyware category called HSremove. The author said that he couldn't remove his malware with all the other spyware gunk so he wrote a program himself.

I ran it once and the problem was fixed! Then I donated $5 bucks to help him out.

Yep....that simple.

Do not reboot after running Ad-aware or you'll just get more bugs.....run the Ad-awareSE and then HSremove.

Tankerdog




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users