1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

annoying installer

Discussion in 'Virus & Other Malware Removal' started by shard`, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. shard`

    shard` Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    2
    when i was browsing some 'lewd' sites something installed itself on my computer that fills my favourites tray up with obscene URL's. also, it automatically inserts a home page of its choice every time. no matter how mant times i delete these they always come back. also, when i close down there is some program called 'win min' always open, though i can't detect where it is. does anyone know how to get rid of this annoying installler'?

    thanks heaps,

    shard
     
  2. BlueSpruce

    BlueSpruce

    Joined:
    Jul 24, 2003
    Messages:
    420
    Start with the following ,

    Have your computer scanned at one of the following free online Virus Scanners ,
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/

    Also , download and run one of the Anti-Trojan applications found here http://www.wilders.org/anti_trojans.htm

    If you happen to have Kazaa , Remove it in Add/Remove Programs in the control panel , then reboot your computer
    Follow-up with KazaaBegonev1.01 http://www.spywareinfo.com/~merijn/files/kazaabegone.zip
    Unzip KazaaBegone to a temp Folder , Close all browser windows and run KazaaBegone , Again reboot your computer

    If you're not running Kazaa skip the 2 Kazaa steps and continue with the following ,

    Download CWShredder , Unzip to the Desktop www.spywareinfo.com/~merijn/files/cwshredder.zip
    Close all browser windows , check the Taskbar for minimized windows as well , Run CWShredder. Reboot again


    Next , download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer

    Consider installing SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

    Finally , download Hijack This v1.97 www.tomcoyote.org/hjt/ Unzip Hijack This to your Desktop , Press Scan , Scan button becomes Save log button (Do not fix anything yet) , Save the log to the Desktop , Return to this thread , copy and Paste the log to the forum. We would certainly like to know if any malware survived.

    Good luck
     
  3. shard`

    shard` Thread Starter

    Joined:
    Sep 29, 2003
    Messages:
    2
    hey blue spruce,

    thanks man!

    although there was no viruses or trojans, spybot and hijack detected some nasty business, i deleted all the rubbish and everything seems to be ok... i couldn't believe the **** that they put on there as i have never owned a computer or browsed from home.... but gawd they are unscrupulous....

    anyway thanks heaps for your help, i have attached the log that was recorded by highjack.

    cheers,

    shard.
     

    Attached Files:

  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,202
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-itnow.com/panel_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-itnow.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-itnow.com/panel_search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-itnow.com/panel_search.html
    O1 - Hosts: 66.250.107.99 worldsex.com
    O1 - Hosts: 66.250.107.99 www.worldsex.com
    O1 - Hosts: 66.250.107.99 sexocean.com
    O1 - Hosts: 66.250.107.99 www.sexocean.com
    O1 - Hosts: 66.250.107.99 easypic.com
    O1 - Hosts: 66.250.107.99 www.easypic.com
    O1 - Hosts: 66.250.107.99 free6.com
    O1 - Hosts: 66.250.107.99 www.free6.com
    O1 - Hosts: 66.250.107.99 al4a.com
    O1 - Hosts: 66.250.107.99 www.al4a.com
    O1 - Hosts: 66.250.107.99 thumbnailpost.com
    O1 - Hosts: 66.250.107.99 www.thumbnailpost.com
    O1 - Hosts: 66.250.107.99 drbizzaro.com
    O1 - Hosts: 66.250.107.99 www.drbizzaro.com
    O1 - Hosts: 66.250.107.99 hoes.com
    O1 - Hosts: 66.250.107.99 www.hoes.com
    O1 - Hosts: 66.250.107.99 absolut-series.com
    O1 - Hosts: 66.250.107.99 www.absolut-series.com
    O1 - Hosts: 66.250.107.99 elephantlist.com
    O1 - Hosts: 66.250.107.99 www.elephantlist.com
    O1 - Hosts: 66.250.107.99 ah-me.com
    O1 - Hosts: 66.250.107.99 www.ah-me.com
    O1 - Hosts: 66.250.107.101 google.com
    O1 - Hosts: 66.250.107.101 google.de
    O1 - Hosts: 66.250.107.101 google.co.in
    O1 - Hosts: 66.250.107.101 google.ca
    O1 - Hosts: 66.250.107.101 google.fr
    O1 - Hosts: 66.250.107.101 google.it
    O1 - Hosts: 66.250.107.101 google.com.au
    O1 - Hosts: 66.250.107.101 google.co.uk
    O1 - Hosts: 66.250.107.101 google.be
    O1 - Hosts: 66.250.107.101 google.com.ar
    O1 - Hosts: 66.250.107.101 www.google.com

    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe"

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168455

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice