ExitExchange Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Figment

Thread Starter
Joined
Dec 2, 2004
Messages
12
Heya Fellas.
Somehow, I got this Exitexchange thing going on and I can't seem to ditch it. Hijack this doesn't come up with anything, and neither does Adaware. (Both are fully updated)
Basically what happens is every 4 or 5 pages I hit, I get redirected to some Exitexchange page. I can't find anything online about it, and wondered if anyone else has had this issue, and has gotten rid of it.
Please help!
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, I see plenty of info about Exitexchange, a hundred threads or so on other forums...

It looks like it involves removing the malware and restoring the HOSTS file, you have run AdAware...is that all you tried? Did you set it up correctly, fun a Full scan, with the latest updates? (Not saying it would fix everything, just that it helps to have it set right and fully updated)

SpyBot is pretty good tool to have...

www.majorgeeks.com

In the Spyware Tools section, SpyBot Search and Destroy v. 1.3

Also- most of the results I looked at in threads with Exitexchange had hijacks of the HOSTS file> you may need this, to create a new HOSTS file:

http://members.aol.com/toadbee/hoster.zip

Unzip the files to a folder.
Run the Hoster and click *Restore Original Hosts* and press "OK" then Exit the Hoster.


To really accomplish anything else, you will have to post a Hijackthis log from version 1.99, found here:

www.radiosplace.com

You must run it from it's own folder, create a new folder, rename it to something like HijackT, a permanent location such as My Documents or Program Files, or on the root of C: would be good, download hijackthis.exe to that folder and run it from there. Choose "Scan and save a log" and copy/paste the log in a reply here.
 

Figment

Thread Starter
Joined
Dec 2, 2004
Messages
12
Ok, I ran HJT again, and as stated before it comes up with Zilch. Here's my HJT log

Logfile of HijackThis v1.99.0
Scan saved at 3:28:19 PM, on 1/26/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\valve\steam\steam.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Stuff\files\antispyware stuff\hijack this\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE


I also ran the Hoster program and restored my original hosts file, so I guess we'll see what happens. I'm going to run adaware again and see what happens.
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Do the redirects happen on FireFox, or just IE?

You have patched win2k only as far as Service Pack 2, I am wondering if getting 3 and 4 might help...but, there could be a reason you have not put them on, do you know of any?
 

Figment

Thread Starter
Joined
Dec 2, 2004
Messages
12
The redirects happen in Firefox. I have't used IE in a while. As for the service packs, If I go past SP2, Windows starts acting funny, and I start getting alot of errors. (going to XP soon) I do alot of multimedia and graphics stuff, which 2K doesn't seem to like. I've found by only updating to SP2, I don't get the errors that I do if I fully update.

I ran the hoster program, and so far, it seems to have possibly worked. I've not seen ExitExchange in about 15 pages, so maybe it's gone now. I guess we'll see. Thanks for the tip
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Hope it stays gone for you...thanks for the details about everything- glad to help. Stop in anytime!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top