1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cannot get rid of hosts in hijack this

Discussion in 'Virus & Other Malware Removal' started by dfayr, Oct 20, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. dfayr

    dfayr Thread Starter

    Joined:
    Oct 20, 2003
    Messages:
    1
    hey kids,
    i have been using hijackthis to get rid of some virus crap, namely searchv.... anyways i keep "fixing" the 01- hosts for some naughty sites listed there and they reappear every time i restart the somp. here is my hijack scan... i apologize fot the exlpicit material.
    thanks,

    Logfile of HijackThis v1.97.3
    Scan saved at 2:37:35 PM, on 10/20/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wininetd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\VSTASCAN\vsaccess.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\dan\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

    O1 - Hosts: 66.40.16.131 livesexlist.com
    O1 - Hosts: 66.40.16.131 lanasbigboobs.com
    O1 - Hosts: 66.40.16.131 thumbnailpost.com
    O1 - Hosts: 66.40.16.131 adult-series.com
    O1 - Hosts: 66.40.16.131 www.livesexlist.com
    O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
    O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
    O1 - Hosts: 66.40.16.131 www.adult-series.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???????\WkDetect.exe
    O4 - HKCU\..\Run: [iedll] C:\Program Files\Windows Media Player\iedll.exe
    O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related (HKLM)
     
  2. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    Run HJT again and tic all those 01 entries. But the problem I think is caused by this browser hijacker, so tic it for a fix too.

    O4 - HKCU\..\Run: [iedll] C:\Program Files\Windows Media Player\iedll.exe

    Remember to close all browsers when you run HJT.
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    After fixing the entries BillC suggested you'd better delete the:

    The C:\Program Files\Windows Media Player\iedll.exe file.

    Also if you didn't place this restriction on IE yourself you need to fix this one too:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Is that the full HJT log?
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173385

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice