Buffer Overrun.....& hijackers

Status
Not open for further replies.
H

hollywood691

Posts: 6   +0
I have run and scanned to death! I did what I shouldn't have and dl'd a boo-boo. I keep getting this buffer overrun error. I know it's a browser hijacker thing, but can't find it. It also has my computer running at a turtles pace slowww. I have posted an HJT log, if I can get a hand, I would appreciate it very much!


Brent
 
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok.......

Here is as requested. Still running at a turtles pace.........havn't noticed any pop ups, or the error, just running slowwww.


Brent
 
In the instructions you were told to rename hijackthis.exe to hijackthis1991.exe. It is very important to do this as some spyware can hide from hjt if it isn't renamed.

From your log - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

I also would like to see your AVG antispyware log as asked for in my previous post.


This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Sorry, I didn't read that. I had ran it straight from the zip is why it was in Temp folder.......I extracted it, renamed it and ran it again.......Also thought I had attached the other file......Here it is.


Brent
 
Hello and welcome to Techspot.

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Buyertools Reminder

Close control panel.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINNT\system32\isibuphk.dll

O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm

O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm

O20 - Winlogon Notify: winorl32 - winorl32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Buyertools Reminder<Delete the entire folder.
C:\windows\system32\blank.htm

Delete all files in AVg Antispyware quarantine.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

This is the filepath you need to enter into killbox.

C:\WINNT\system32\isibuphk.dll

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :wave: :wave:

This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

Have HJT fix this inactive entry.

O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
What makes different words in a post show up as a link??? when you mouseover a small window pops up say something about an advertisment.

If I refresh page it will change words..????
 
That`s called Intellitext and is part of Techspots advertising. It`s absolutely nothing to worry about. See HERE for more info.

Regards Howard :)

This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
HAHAHA!!! Shewwww! Great! I guess I am all clean, ..........So I want to say thank you very much for ya'lls help here. I havn't done this in a long time and am usually pretty careful about what I download and click on......I just got careless.


Again many thanks,!
Merry Christmas,

Brent
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
539
Mark Fuller
M
midian182
Windows 11 global user share hits all-time high as Edge loses out to Safari
Replies
4
Views
532
mattferg
mattferg
D
Cruise denies its driverless car hampered emergency crews after mass shooting in San Francisco
Replies
4
Views
470
ScottSoapbox
S

Latest posts

Back