annoying installer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

shard`

Thread Starter
Joined
Sep 29, 2003
Messages
2
when i was browsing some 'lewd' sites something installed itself on my computer that fills my favourites tray up with obscene URL's. also, it automatically inserts a home page of its choice every time. no matter how mant times i delete these they always come back. also, when i close down there is some program called 'win min' always open, though i can't detect where it is. does anyone know how to get rid of this annoying installler'?

thanks heaps,

shard
 
Joined
Jul 24, 2003
Messages
420
Start with the following ,

Have your computer scanned at one of the following free online Virus Scanners ,
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/

Also , download and run one of the Anti-Trojan applications found here http://www.wilders.org/anti_trojans.htm

If you happen to have Kazaa , Remove it in Add/Remove Programs in the control panel , then reboot your computer
Follow-up with KazaaBegonev1.01 http://www.spywareinfo.com/~merijn/files/kazaabegone.zip
Unzip KazaaBegone to a temp Folder , Close all browser windows and run KazaaBegone , Again reboot your computer

If you're not running Kazaa skip the 2 Kazaa steps and continue with the following ,

Download CWShredder , Unzip to the Desktop www.spywareinfo.com/~merijn/files/cwshredder.zip
Close all browser windows , check the Taskbar for minimized windows as well , Run CWShredder. Reboot again


Next , download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer

Consider installing SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

Finally , download Hijack This v1.97 www.tomcoyote.org/hjt/ Unzip Hijack This to your Desktop , Press Scan , Scan button becomes Save log button (Do not fix anything yet) , Save the log to the Desktop , Return to this thread , copy and Paste the log to the forum. We would certainly like to know if any malware survived.

Good luck
 

shard`

Thread Starter
Joined
Sep 29, 2003
Messages
2
hey blue spruce,

thanks man!

although there was no viruses or trojans, spybot and hijack detected some nasty business, i deleted all the rubbish and everything seems to be ok... i couldn't believe the **** that they put on there as i have never owned a computer or browsed from home.... but gawd they are unscrupulous....

anyway thanks heaps for your help, i have attached the log that was recorded by highjack.

cheers,

shard.
 

Attachments

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.find-itnow.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-itnow.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.find-itnow.com/panel_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.find-itnow.com/panel_search.html
O1 - Hosts: 66.250.107.99 worldsex.com
O1 - Hosts: 66.250.107.99 www.worldsex.com
O1 - Hosts: 66.250.107.99 sexocean.com
O1 - Hosts: 66.250.107.99 www.sexocean.com
O1 - Hosts: 66.250.107.99 easypic.com
O1 - Hosts: 66.250.107.99 www.easypic.com
O1 - Hosts: 66.250.107.99 free6.com
O1 - Hosts: 66.250.107.99 www.free6.com
O1 - Hosts: 66.250.107.99 al4a.com
O1 - Hosts: 66.250.107.99 www.al4a.com
O1 - Hosts: 66.250.107.99 thumbnailpost.com
O1 - Hosts: 66.250.107.99 www.thumbnailpost.com
O1 - Hosts: 66.250.107.99 drbizzaro.com
O1 - Hosts: 66.250.107.99 www.drbizzaro.com
O1 - Hosts: 66.250.107.99 hoes.com
O1 - Hosts: 66.250.107.99 www.hoes.com
O1 - Hosts: 66.250.107.99 absolut-series.com
O1 - Hosts: 66.250.107.99 www.absolut-series.com
O1 - Hosts: 66.250.107.99 elephantlist.com
O1 - Hosts: 66.250.107.99 www.elephantlist.com
O1 - Hosts: 66.250.107.99 ah-me.com
O1 - Hosts: 66.250.107.99 www.ah-me.com
O1 - Hosts: 66.250.107.101 google.com
O1 - Hosts: 66.250.107.101 google.de
O1 - Hosts: 66.250.107.101 google.co.in
O1 - Hosts: 66.250.107.101 google.ca
O1 - Hosts: 66.250.107.101 google.fr
O1 - Hosts: 66.250.107.101 google.it
O1 - Hosts: 66.250.107.101 google.com.au
O1 - Hosts: 66.250.107.101 google.co.uk
O1 - Hosts: 66.250.107.101 google.be
O1 - Hosts: 66.250.107.101 google.com.ar
O1 - Hosts: 66.250.107.101 www.google.com

O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.7\THGuard.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top