1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[resolved] Help with IE hijacker(hijackthis logfile included)

Discussion in 'Virus & Other Malware Removal' started by 123abc, Feb 13, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. 123abc

    123abc Thread Starter

    Joined:
    Jul 29, 2004
    Messages:
    25
    running 98se with IE 6sp1 and after running hijack this with no success, I've posted my problem on here.
    <When I open IE my home page is changed to "about: blank" but has the title "search for..." and has a really generic looking search engine. I ran hijack this and it went away until I restarted, and the n it came back.
    Also if I go to control panel/add-remove programs it has a program in the list as "Uninstall Search Assistant" but if I click "Add-Remove" it reads "uninstal failed" so here's my log from hijack this if anyone can help me out here it would be really appreciated...thanks>
    <<--LOG FILE-->>
    Logfile of HijackThis v1.99.0
    Scan saved at 1:34:09 AM, on 2/13/2005
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMP\YCOMP_5.5.7.0_YPSR_1.11_US_SETUP_.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    <<--End of Logfile-->>
    what's up with that last thing? I know it's where my problem is coming from but how can I get rid of it?!
    I think "SE. DLL, DllInstall has something to do with why it keeps coming back...please respond to this ASAP this comp, while it is one of my older one's is still one of my faves.
    thanks again-
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Restart in safe mode

    Empty the folder C:\WINDOWS\TEMP
     
  3. 123abc

    123abc Thread Starter

    Joined:
    Jul 29, 2004
    Messages:
    25
    I've tried everything, I've used every program you can think of... I can't reformat, I have all my pictures and stuff and programs i don't have the regestration codes to anymore, and all this stuff I can't save on my other computer...
    the file "se.dll" keeps coming back it's for a program called Search Assistant, but it's not by cool web search as far as I can tell, and whenever you delete it, it will come back as much as 2 or 3 days later, but it always comes back...
    On every other forum I've been to, people are having the same problem with this thing that I am, they get rid of it and think it's gone, and then it comes back. does anyone know how to fix this?!

    (If you could give some advice ASAP I'd really appreciate it.)
    thanks-
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I've asked someone to look at your log so please do this.

    Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

    Install the program and launch it.

    On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

    In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

    Deselect Search for negligible risk entries.

    To start the scan, click the Next button.

    When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

    Reboot.
    ____________________________

    Create a permanent folder on your hard drive like c:\program files\hjt.
    Download Hijackthis and click "Save", direct it to the permanent folder you created. Double click on hijackthis.exe and select "Do a system scan and save a logfile". This log will open in notepad. Copy and paste the log back here for review.
    Don't make any changes until instructed to do so.

    **Note this is a new version of HJT so please do the download.


    Run it in normal mode and post the entire log. Also if you have disabled anything with msconfig enable those as well.
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Wher the heck are all your startups? You should at least have SysTray and Scanreg loading. Have you disabled those? Also where is your antivirus and firewall? You have absolutely nothing running to protect you. Surfing the net like that is like dancing in a mine field! :eek:

    Click here to download StartDreck.

    UnZip the startdreck.zip file first. DoubleClick: 'StartDreck.exe'
    First click on the config button.
    Now click the Unmark all button
    Put a check by these boxes only:
    *Registry->run keys
    *Registry->Browser helper objects
    *System/drivers> Running processes
    hit >ok.

    Now click the Save button to save that log. Go to the StartDreck folder and find the Startdreck.log file.

    Copy and Paste the contents of that log back here and await further instructions.
     
  6. 123abc

    123abc Thread Starter

    Joined:
    Jul 29, 2004
    Messages:
    25
    well, I found where the pesky little thing was and edited it right out of the registry! it had a command line called "sp.dll, dllinstall" which was making it come back, so I deleted it and it's been about a week and it hasn't come back yet!
    thanks anyway
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329961

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice