1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Brothers Computer

Discussion in 'Virus & Other Malware Removal' started by gamegeek2, Sep 4, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Can someone please direct me to a HijackThis download link? I'll post the log here, if you can.

    Anyway, to the problem..Whenever someone opens my bro's 'Google' homepage, many ads continusly pop up, and it get really annoying when it may download some utter crap onto his computer..One of the files that it downloads, is called 'WW.14.ink', and I haven't opened them, only deleted.

    I (not him, he's too dumb ;)) always run 'Spybot Search and Destroy very frequently, due to this, although it only deletes cookies, and something that is ALWAYS there, called DSO Exploit (you can't seem to delete it from SSaD, even though it says it does. My computer has DSO exploit aswell). I'm wondering if you can help my brother here? Thanks in advance!

    EDIT: Got Hijackthis, log is here:

    Logfile of HijackThis v1.98.2
    Scan saved at 10:03:50, on 04/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\WINDOWS\SYSTEM\ICSMGR.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\UPHPAOXR.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\JAVASOFT\JRE\1.3.1_04\BIN\JAVAW.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O2 - BHO: (no name) - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - (no file)
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [bxfdauncxxup] C:\WINDOWS\SYSTEM\uphpaoxr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [\IEService.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI\Pribi.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file)
    O9 - Extra button: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file) (HKCU)
     
  2. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    BUMP!!!

    Sorry to sound impatient, but my brothers computer is REALLY in a state here, due to the uh, efficency of all the spy-crap that is coming on..I mean, the internet wouldn't've come on for ages if I didn't (luckily) download Spyware S&D, which came up with some junk like 'Sextracker', and 'Bargains', and 'DSO Exploit(what is that??)' amongst 69 other things, not inculding variants of some VX2/ a,b,c,d,e,f..

    Sorry to sound impatient, but you can't even go on a website page without trillians of advertisements, porn pop-ups, downloadments (is that even a word?) of diallers-for-modems-even-though-I've-got-cable, downloadings which I don't even want, even if I click 'no', it seems to be 'misunderstood' as 'YES GODAMNIT, I WANT ALL OF THIS PORN AND SHITE CLUTTERING UP THIS COMPUTER!!' for some weird reason. No matter how many times I run Spybot S&D, press ctrl-alt-delete and get rid of 'bargains' and 'optimizer', this continuesly happens...And have I said anything about DSO Exploit??

    Thanks ever so much about your willingness to help in advance, and whilst I endlessly fight hand-to-hand, uh, I mean anti-spyware-to-spyware, I hope you have it in your hearts to reply, and finalize the commencation of it all ;)
     
  3. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    gamegeek2, while we're looking at your log.

    You need to visit Windows Update. Scan for updates and accept all critical updates.
    Reboot and go back to Windows Update until there are no more criticals offered.
     
  4. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    I suggest you do this: You might want to print this out.

    Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\MULTIMPP.DLL
    O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [bxfdauncxxup] C:\WINDOWS\SYSTEM\uphpaoxr.exe
    O4 - HKCU\..\Run: [\IEService.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
    O4 - HKCU\..\Run: [\Pribi.exe] C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI\Pribi.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file)
    O9 - Extra button: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {C9F5A88E-29AA-4027-A95F-88AF7C8E07DA} - (no file) (HKCU)
    Restart your computer.

    Press the F8 key until the startup menu appears.

    Choose the Safe Mode option then press Enter.

    Double-click My Computer.
    Click the Tools menu, and then click Folder Options.
    Click the View tab.
    Clear "Hide file extensions for known file types."
    Under the "Hidden files" folder, select "Show hidden files and folders."
    Clear "Hide protected operating system files."
    Click Apply, and then click OK.

    Turn off System Restore:
    Click Start, Settings, and then click Control Panel.
    2. Double-click the System icon. The System Properties dialog box appears.

    NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.

    3. Click the Performance tab, and then click File System.
    4. Click the Troubleshooting tab, and then check Disable System Restore.
    5. Click OK. Click Yes, when you are prompted to restart Windows.

    Once you have cleaned the virus or other problem from the computer, reenable System Restore by following these directions

    1. Click Start, point to Settings, and then click Control Panel.
    2. Double-click System, and then click the Performance tab.
    3. Click File System, and then click the Troubleshooting tab.
    4. Uncheck Disable System Restore.
    5. Click OK. Click Yes, when you are prompted to restart Windows


    C:\WINDOWS\ALCHEM.exe <----Delete File
    C:\Program Files\BullsEye Network\bin\bargains.exe <--Add/Remove Programs Remove Bullseye

    C:\WINDOWS\SYSTEM\uphpaoxr.exe <---Delete File
    C:\WINDOWS\ALLUSE~1\APPLIC~1\PRIBI <---Delete folder
    C:\WINDOWS\ALLUSE~1\APPLIC~1\IESERV~1 <---Delete Folder
    1. Open My Computer
    2. Right click on your hard drive that you wish to clean (C drive, for example)
    3. In the context menu that opens, select properties
    4. Under the general tab you should select Disk Cleanup
    5. Windows will scan your drive which will take a few seconds/minutes
    6. A box will display the various files you can remove. Here are some safe examples:

    Temporary Internet Files
    Recycle Bin
    Temporary Files
    7. Click OK and windows will comply.

    Reboot and post a new HJT log
     
  5. gamegeek2

    gamegeek2 Thread Starter

    Joined:
    Nov 29, 2003
    Messages:
    24
    Done system update stuff, I was gonna post earlier, but I lost the internet connection.

    Unfortunatly, I don't have a printer (on this comp, and my printer doesn't even work!) so I have to write it out, and that takes time, so I won't be able to post in the next minute or whatever. Thanks for your help :D
     
  6. LDTate

    LDTate Malware Specialist

    Joined:
    Aug 13, 2004
    Messages:
    789
    Copy it into NotePad
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269996

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice