Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

buldog-search hijack! HELP!


  • Please log in to reply
2 replies to this topic

#1 suamplis

suamplis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 15 December 2004 - 10:36 AM

SOMEONE HELP ME PLEASE!!

I have a problem with hijack buldog-search. At the end is my log...


Ive tried to fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
and
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe

Ive tried delete C:\WINDOWS\hhnt.exe and when I reboot my system its appear!!
Ive tried using AdAware, trojanhunter, Xcleaner,spyhunterS, etc.. and no results

Please can anybody give me any idea? :thumbsup:

Thanks



Logfile of HijackThis v1.98.2
Scan saved at 15:41:38, on 15/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\oracle\ora92\bin\omtsreco.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Archivos de programa\Reflection\rtsserv.exe
C:\TIBCO\adapter\adsbl\4.2\bin\adsblDTA.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\userinit.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\Iexplore.exe
C:\Archivos de programa\Kerio\Personal Firewall\PERSFW.EXE
C:\Documents and Settings\porgarma\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de

programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -

C:\ARCHIV~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\ARCHIV~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [] "C:\Archivos de programa\Trend Micro\OfficeScan Client\"
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\ARCHIV~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel -

res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de

programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\ARCHIV~1\FlashGet\flashget.exe
O12 - Plugin for .rx: C:\Archivos de programa\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Archivos de programa\Internet Explorer\Plugins\iewrqxrx.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = albura.com
O17 - HKLM\Software\..\Telephony: DomainName = juani.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = juani.com
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} -

C:\WINDOWS\System32\Fodede32.dll

BC AdBot (Login to Remove)

 


#2 Bulldog

Bulldog

  • Members
  • 394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Missouri
  • Local time:09:48 AM

Posted 15 December 2004 - 11:03 AM

as you can see i have a log right befor yours. so im not an expert but, at the link right below this one(hijack this log ans analysis) is the self help and rwading link click on it and about the 4th thread down showed help you i hope.
bulldogsmall6ma.jpg


"And in the end it's not the years in your life that count. It's the life in your years." - Abe Lincoln

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 16 December 2004 - 05:13 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users