1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked also

Discussion in 'Web & Email' started by dj110965, Jan 21, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. dj110965

    dj110965 Thread Starter

    Joined:
    Jan 21, 2003
    Messages:
    29
    I tried following your instruction about downloading hijackthis from spyware, but when I tried to unzip it I got an error message could not find file msvbvm60.dll what do I do about that?

    My default page under internet options is hijacked.
    http://freehqmovies.com/enter.php don't want that!!!
    Window 98

    Thanks
     
  2. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Welcome to TSG!

    Who's advice did you follow????

    This shows 1 post.
     
  3. Deke40

    Deke40

    Joined:
    Jun 27, 2002
    Messages:
    6,096
    I am not being a smartxxx but can't a vistor read posts and not register to post.

    I know I haven't been here long but when I found this site I immediately registered so I don't really remember if you can browse without registering.

    dj-Go here and download the file you need:

    http://www.milori.com/developer/runtimes/
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    About the msvbvm60 error, do this:

    Download the MS visual basic 6.0 runtime files

    Just doubleclick after downloading, and let it install.


    You'll be able to run Hijack This afterwards.
     
  5. Deke40

    Deke40

    Joined:
    Jun 27, 2002
    Messages:
    6,096
    Tony

    I was hoping you would come along. I have the msvbvm60.dll but not the VbRun60.exe. I have a VbRun300.dll thats looks real old. My hijack runs alright but would it be beneficial to dowload 60.exe.

    Also I had a 40 and 50.dll and deleted them to see if they were needed or not. Still have them in the RB.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It's not required to install them, but it certainly can't hurt

    If the install process finds more recent versions of some of these files on your computer, it won't downgrade them, so there's no risk.

    I usually advise folks to do it this way, as it's so much easier to install.

    If you're not getting any "missing files" errors yourself , I'd just leave it as it is.
     
  7. Deke40

    Deke40

    Joined:
    Jun 27, 2002
    Messages:
    6,096
    Thanks Tony.
     
  8. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    Deke, not sure if this was directed at me, but all I was asking was what instructions they had tried. I didn't know what post they were refering to.

    John
     
  9. Deke40

    Deke40

    Joined:
    Jun 27, 2002
    Messages:
    6,096
    John

    No disrespect intended. I was referring to your comment about his having only 1 post . I actually couldn't remember if you could just browse and not register. Now that I think about it I see the number of members and vistors posted at the bottom of Home page. I should have used a question mark after that statement and it would have been a question as intended, instead of sounding like a smartxxx remark. Should have said "can a vistor read posts and not register to post"?

    I apologize if it offended you.
     
  10. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    No foul, no harm! :cool:

    Just checking it out! :D

    John
     
  11. dj110965

    dj110965 Thread Starter

    Joined:
    Jan 21, 2003
    Messages:
    29
    This is the log file what should I do from here...thanks to all!!!



    Logfile of HijackThis v1.91.2
    Scan saved at 2:45:27 PM, on 01/21/2003
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.topsearcher.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.freehqmovies.com/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.freehqmovies.com/enter.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.freehqmovies.com/search/
    O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.EXE
    O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
    O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://clinicdownload.mcafee.com/molbin/Shared/ComCtl32.cab
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/cccabs/CleverContent.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/098c74f252b482a7d503/netzip/RdxIE.cab
    O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Man! You have the Yaha worm, and some spyware.

    Do this:

    Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
    Next, shut down all Internet Explorer Windows, and have HT fix all checked.
    Reboot when you're done.

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.topsearcher.com/ie/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.freehqmovies.com/enter.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.freehqmovies.com/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.freehqmovies.com/search/

    O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll

    O4 - HKLM\..\RunServices: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe

    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/c...everContent.cab
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/098c74f252b482...etzip/RdxIE.cab
    O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://fr4-download.nocreditcard.co...t/ieaccess2.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...uditControl.cab


    After rebooting download and run the Yaha removal tool:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html

    Good luck,
     
  13. dj110965

    dj110965 Thread Starter

    Joined:
    Jan 21, 2003
    Messages:
    29
    It looks like this issue has been resolved. I want to thank you for your support. I'm glad someone out there knew what to do and volunteered your expertise.


    Again Thanks
     
  14. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    No prob! :)

    Glad to hear you were able to get rid of it.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijacked
  1. Goingstrong
    Replies:
    4
    Views:
    479
  2. TreesaD
    Replies:
    3
    Views:
    397
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice