morpeous03
Posts: 9 +0
Hi RealBlackStuff,
--- from your last messaged to me..
Follow these instructions EXACTLY
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files as an attachment.
And read a few of the other Rootkit posts!
-------
I have followed the steps but still, I got the file "c:\windows\system32\remon.sys". And also I read some of your post about Rootkits, none of those files exist in my pc.
Please help me, my pc is really becoming problematic since I got this virus.
unable to sent files and download files, and frequently I need to shut it down.
-- another problem, I can't attached my HJT log file.. I keep getting 'BAD Request - Your browser sent a request that this server could not understand Apache Server at www.techspot.com Port 80"
Can you please make this thread as an exemption and please kindly look at my log. Thanks
----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:20:59 PM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\javapanel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=7826020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
--- from your last messaged to me..
Follow these instructions EXACTLY
How to remove Begin2Search/Coolwebsearch and Other Nasties
Then see How to post your Hijackthis log-files as an attachment.
And read a few of the other Rootkit posts!
-------
I have followed the steps but still, I got the file "c:\windows\system32\remon.sys". And also I read some of your post about Rootkits, none of those files exist in my pc.
Please help me, my pc is really becoming problematic since I got this virus.
unable to sent files and download files, and frequently I need to shut it down.
-- another problem, I can't attached my HJT log file.. I keep getting 'BAD Request - Your browser sent a request that this server could not understand Apache Server at www.techspot.com Port 80"
Can you please make this thread as an exemption and please kindly look at my log. Thanks
----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:20:59 PM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\javapanel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hot-searches.com/index.php?v=6&aff=7826020
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:8080
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
