Hijacked also

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dj110965

Thread Starter
Joined
Jan 21, 2003
Messages
29
I tried following your instruction about downloading hijackthis from spyware, but when I tried to unzip it I got an error message could not find file msvbvm60.dll what do I do about that?

My default page under internet options is hijacked.
http://freehqmovies.com/enter.php don't want that!!!
Window 98

Thanks
 

bassetman

Moderator (deceased) - Gone but never forgotten
Joined
Jun 7, 2001
Messages
47,973
Welcome to TSG!

Who's advice did you follow????

This shows 1 post.
 
Joined
Jun 27, 2002
Messages
6,167
I am not being a smartxxx but can't a vistor read posts and not register to post.

I know I haven't been here long but when I found this site I immediately registered so I don't really remember if you can browse without registering.

dj-Go here and download the file you need:

http://www.milori.com/developer/runtimes/
 
Joined
Jun 27, 2002
Messages
6,167
Tony

I was hoping you would come along. I have the msvbvm60.dll but not the VbRun60.exe. I have a VbRun300.dll thats looks real old. My hijack runs alright but would it be beneficial to dowload 60.exe.

Also I had a 40 and 50.dll and deleted them to see if they were needed or not. Still have them in the RB.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
It's not required to install them, but it certainly can't hurt

If the install process finds more recent versions of some of these files on your computer, it won't downgrade them, so there's no risk.

I usually advise folks to do it this way, as it's so much easier to install.

If you're not getting any "missing files" errors yourself , I'd just leave it as it is.
 

bassetman

Moderator (deceased) - Gone but never forgotten
Joined
Jun 7, 2001
Messages
47,973
Deke

I am not being a smartxxx but can't a vistor read posts and not register to post.
Deke, not sure if this was directed at me, but all I was asking was what instructions they had tried. I didn't know what post they were refering to.

John
 
Joined
Jun 27, 2002
Messages
6,167
John

No disrespect intended. I was referring to your comment about his having only 1 post . I actually couldn't remember if you could just browse and not register. Now that I think about it I see the number of members and vistors posted at the bottom of Home page. I should have used a question mark after that statement and it would have been a question as intended, instead of sounding like a smartxxx remark. Should have said "can a vistor read posts and not register to post"?

I apologize if it offended you.
 

bassetman

Moderator (deceased) - Gone but never forgotten
Joined
Jun 7, 2001
Messages
47,973
No foul, no harm! :cool:

Just checking it out! :D

John
 

dj110965

Thread Starter
Joined
Jan 21, 2003
Messages
29
This is the log file what should I do from here...thanks to all!!!



Logfile of HijackThis v1.91.2
Scan saved at 2:45:27 PM, on 01/21/2003
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.freehqmovies.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.freehqmovies.com/search/
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [mmpti] c:\windows\SYSTEM\m1mmpti.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\McAfee\VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rmmon] c:\windows\SYSTEM\mprmmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://clinicdownload.mcafee.com/molbin/Shared/ComCtl32.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/cccabs/CleverContent.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/098c74f252b482a7d503/netzip/RdxIE.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://fr4-download.nocreditcard.com/download/Object/ieaccess2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Man! You have the Yaha worm, and some spyware.

Do this:

Run Hijack This, and check ALL of the items in bold. Doublecheck so as to be sure not to miss a single one.
Next, shut down all Internet Explorer Windows, and have HT fix all checked.
Reboot when you're done.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL=http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.freehqmovies.com/search/

O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll

O4 - HKLM\..\RunServices: [WinServices] C:\WINDOWS\SYSTEM\WinServices.exe

O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://central1.clevercontent.com/c...everContent.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/098c74f252b482...etzip/RdxIE.cab
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://fr4-download.nocreditcard.co...t/ieaccess2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...uditControl.cab


After rebooting download and run the Yaha removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html

Good luck,
 

dj110965

Thread Starter
Joined
Jan 21, 2003
Messages
29
It looks like this issue has been resolved. I want to thank you for your support. I'm glad someone out there knew what to do and volunteered your expertise.


Again Thanks
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top