Re: HijackThisLog Analysis - Ccdesign : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Re: HijackThisLog Analysis - ccdesign

Date: Sunday, 20 June, 2004 4:14 AM

I would remove the following entries... I don't thrust these embedded
searches - even it is microsoft.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\SYSTEM\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://magicsearch.us/browser/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://magicsearch.us/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://allaboutsearching.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://magicsearch.us/browser/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://magicsearch.us/browser/

You should reboot the machine.
The run another hijack, you to verify that these entries can be removed
successfully.

The following entries are Internet Explorer toolbar - do you use them? If
not, then you can
proceed to remove the following entries...

O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-D6F5-F66EA787AD2D} -
C:\PROGRA~1\POWERS~1\TOOLBAR\PWRSBIKD.DLL
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} -
C:\PROGRAM FILES\SEP\SEP.DLL

Restart your machine again.
Start your internet explorer, to see if the bar were removed.

This entries look like spyware.... I suggest that you remove one at a
time - restarting your computer each time.

O4 - HKLM\..\Run: [rF4U36l] SQLRSHU.EXE
O4 - HKCU\..\Run: [MSConfig Manager] C:\WINDOWS\MSUPDATE.EXE
O4 - HKCU\..\Run: [aov8RWJpO] WNA0_QCX.EXE
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe

The following entries I have never come across...
LSP = Layered Service Provider
WinSock = Windows Sockets application
It may be use in some special commuication software...

O10 - Unknown file in Winsock LSP: c:\windows\system\cdlsp.dll

Let's hope this work out for you.

Post your comment

Mail this page