Re: HijackThisLog Analysis - Amanda : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Re: HijackThisLog Analysis - Amanda

Date: Sunday, 13 June, 2004 10:58 PM

I have removed the ok entries from the list below. Leaving those bad entries that needs attention:

Step1

What you should do is to use Hijack to remove those entries - best it to it one or two entries at a time - rebooting between. Hijack provides a backup of the removed entries, so just incase your wrongly removed them, you could reinstate them back.

Step2

After that, (remember to reboot) download stringer
http://www.mac-net.com/183869.page
and do a cleansweep / review delete infected files.
reboot

Step3

Update your AGV and then do a scan one more time.
reboot

Step4

Download AD-AWARE
http://www.mac-net.com/292482.page
Update the data file and run the scan.

Hope this procedure works for you. Good Luck.

--------

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} -
C:\WINDOWS\systb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [tkbsjmj] C:\WINDOWS\tkbsjmj.exe
O4 - HKLM\..\Run: [hmfaxgh] C:\WINDOWS\hmfaxgh.exe
O4 - HKLM\..\Run: [nyt] C:\WINDOWS\nyt.exe

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common
Files\GMT\GMT.exe

O8 - Extra context menu item: Web Savings -
file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm

Post your comment

Mail this page