TechSpot

Buffer Overrun.....& hijackers

By hollywood691
Dec 18, 2006
  1. I have run and scanned to death! I did what I shouldn't have and dl'd a boo-boo. I keep getting this buffer overrun error. I know it's a browser hijacker thing, but can't find it. It also has my computer running at a turtles pace slowww. I have posted an HJT log, if I can get a hand, I would appreciate it very much!


    Brent
     
  2. Rik

    Rik Banned Posts: 3,814

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. hollywood691

    hollywood691 TS Rookie Topic Starter

    Ok.......

    Here is as requested. Still running at a turtles pace.........havn't noticed any pop ups, or the error, just running slowwww.


    Brent
     
  4. Rik

    Rik Banned Posts: 3,814

    In the instructions you were told to rename hijackthis.exe to hijackthis1991.exe. It is very important to do this as some spyware can hide from hjt if it isn't renamed.

    From your log - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

    I also would like to see your AVG antispyware log as asked for in my previous post.


    This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. hollywood691

    hollywood691 TS Rookie Topic Starter

    Sorry, I didn't read that. I had ran it straight from the zip is why it was in Temp folder.......I extracted it, renamed it and ran it again.......Also thought I had attached the other file......Here it is.


    Brent
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Buyertools Reminder

    Close control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINNT\system32\isibuphk.dll

    O8 - Extra context menu item: amazon Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm

    O8 - Extra context menu item: amazon Start Search - C:\Program Files\Buyertools Reminder\Searchamazon.htm

    O20 - Winlogon Notify: winorl32 - winorl32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Buyertools Reminder<Delete the entire folder.
    C:\windows\system32\blank.htm

    Delete all files in AVg Antispyware quarantine.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\WINNT\system32\isibuphk.dll

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. hollywood691

    hollywood691 TS Rookie Topic Starter

    we sped up some!!

    But I still have text in different things that are links?????
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Have HJT fix this inactive entry.

    O2 - BHO: metaspinner GmbH - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~2.DLL (file missing)

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. hollywood691

    hollywood691 TS Rookie Topic Starter

    What makes different words in a post show up as a link??? when you mouseover a small window pops up say something about an advertisment.

    If I refresh page it will change words..????
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s called Intellitext and is part of Techspots advertising. It`s absolutely nothing to worry about. See HERE for more info.

    Regards Howard :)

    This thread is for the use of hollywood691 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. hollywood691

    hollywood691 TS Rookie Topic Starter

    HAHAHA!!! Shewwww! Great! I guess I am all clean, ..........So I want to say thank you very much for ya'lls help here. I havn't done this in a long time and am usually pretty careful about what I download and click on......I just got careless.


    Again many thanks,!
    Merry Christmas,

    Brent
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...