1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

ExitExchange Help

Discussion in 'Virus & Other Malware Removal' started by Figment, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. Figment

    Figment Thread Starter

    Dec 2, 2004
    Heya Fellas.
    Somehow, I got this Exitexchange thing going on and I can't seem to ditch it. Hijack this doesn't come up with anything, and neither does Adaware. (Both are fully updated)
    Basically what happens is every 4 or 5 pages I hit, I get redirected to some Exitexchange page. I can't find anything online about it, and wondered if anyone else has had this issue, and has gotten rid of it.
    Please help!
  2. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, I see plenty of info about Exitexchange, a hundred threads or so on other forums...

    It looks like it involves removing the malware and restoring the HOSTS file, you have run AdAware...is that all you tried? Did you set it up correctly, fun a Full scan, with the latest updates? (Not saying it would fix everything, just that it helps to have it set right and fully updated)

    SpyBot is pretty good tool to have...


    In the Spyware Tools section, SpyBot Search and Destroy v. 1.3

    Also- most of the results I looked at in threads with Exitexchange had hijacks of the HOSTS file> you may need this, to create a new HOSTS file:


    Unzip the files to a folder.
    Run the Hoster and click *Restore Original Hosts* and press "OK" then Exit the Hoster.

    To really accomplish anything else, you will have to post a Hijackthis log from version 1.99, found here:


    You must run it from it's own folder, create a new folder, rename it to something like HijackT, a permanent location such as My Documents or Program Files, or on the root of C: would be good, download hijackthis.exe to that folder and run it from there. Choose "Scan and save a log" and copy/paste the log in a reply here.
  3. Figment

    Figment Thread Starter

    Dec 2, 2004
    Ok, I ran HJT again, and as stated before it comes up with Zilch. Here's my HJT log

    Logfile of HijackThis v1.99.0
    Scan saved at 3:28:19 PM, on 1/26/2005
    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
    C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Stuff\files\antispyware stuff\hijack this\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE

    I also ran the Hoster program and restored my original hosts file, so I guess we'll see what happens. I'm going to run adaware again and see what happens.
  4. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Do the redirects happen on FireFox, or just IE?

    You have patched win2k only as far as Service Pack 2, I am wondering if getting 3 and 4 might help...but, there could be a reason you have not put them on, do you know of any?
  5. Figment

    Figment Thread Starter

    Dec 2, 2004
    The redirects happen in Firefox. I have't used IE in a while. As for the service packs, If I go past SP2, Windows starts acting funny, and I start getting alot of errors. (going to XP soon) I do alot of multimedia and graphics stuff, which 2K doesn't seem to like. I've found by only updating to SP2, I don't get the errors that I do if I fully update.

    I ran the hoster program, and so far, it seems to have possibly worked. I've not seen ExitExchange in about 15 pages, so maybe it's gone now. I guess we'll see. Thanks for the tip
  6. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Hope it stays gone for you...thanks for the details about everything- glad to help. Stop in anytime!
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323464

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice