1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(http://213.159.117.134/index.php) FINALLY I'm free

Discussion in 'Virus & Other Malware Removal' started by krw111, Aug 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. krw111

    krw111 Thread Starter

    Joined:
    Aug 5, 2004
    Messages:
    1
    I think I got it!!! at least on my machine.

    I run on Win98 SE. I used HijackThis but was not getting very far. My IE 6.0 home page was hijacked with (http://213.159.117.134/index.php). When I used Windows xplorer, most, if not all of the icons were gone and I would get locked up trying to exit the window. Javascript would not work on any webpage that I visited (for example I could not delete my Yahoo mail from my machine). But strangely what was working was, if I went to the START...RUN...BROWSE. I could control some of the windows function like I could not do using Win Explorer. I would also use a shortcut to Yahoo that I had on my desktop rather than use the IE icon so when I went on to the internet, it would not try to go to the homepage.

    So I got desperate. I'm not quite sure what did it but here is what I did. (I think this is everything)

    In normal mode...
    Using HJT, I took out just about everything on the list except for two or three items that I knew were good. I took out McAfee and others that you would not think to remove. I think I left taskmon.exe and my faxing program. There was also one protocol that would not come out by the name of V1MK.DLL. I also went to the config button on the lower right and changed all of the default search pages to a trusted site. I used Yahoo.

    I used SpyBot-Search & Destroy, it found some items but I am not sure if this was the one that did it. It found a number of things and cleaned it up.

    AdAware also cleaned a few things up for me but I am not sure that it was the one that did it.

    I did not use CWShredder. For some reason it would not work. I was getting a popup box that said "Unexpected error" no matter what I did. (CWShredder had previously worked in another hijack episode that I had).

    Clean out all temp folders and files, everywhere you can find them. Clean out the wastebasket.

    In Safe Mode...

    I ran HJT and SpyBot-Search & Destroy and AdAware again. In HJT, like I said, I took out just about everything. Remember I'm ready to punt and entirely reload windows and all programs so I'll try anything.

    Again,clean out all temp folders and files, everywhere you can find them. Clean out the wastebasket.

    And here is what I think was the clinker. In the windows folder, there was a filed called system.exe. It looked important. If I deleted it could be over. So, I changed the name to system.doc. Restarted in safe mode. Everything came up OK. I didn't have a few of the icons I am used to seeing in the system tray because I took almost everything out in HJT but that was OK. I ran HJT again and only a few items that I left were there.

    So now the test. Bring her up in normal mode.

    Oh yea! she's purrin.

    Got on the internet
    Homepage set to Yahoo
    Javascript is working again
    Icons appear in windows

    I was at it for over 2 weeks with this SH*T

    I don't know if these steps will work for you, but this is my story. If anybody wants to shoot me down, I don't give a rat's as! Do what you gotta do!

    Good luck!!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/258629

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice