TechSpot

Got some problems here. ;P

By RyuuKa
Aug 2, 2006
  1. Hey guys, Im new in this forum, I really, really need some help, I have read the rules and everything and here is the Screenshot and the Hijackthis Log.

    Here is what happened, I have just got this thing since I opened a website on G00gle.com, sudddenly, it just started with that, this thing is driving me crazy coz' it keeps with pop-ups of new malwares and everything.

    Edit: And this thing called "Virus Alert!" its a false alert, if you click in it, it opens a new website, just look at the description in the ScreenShot.

    My Tools:

    NOD32 as Anti-Virus
    Outpost as Firewall
    System Mechanic 6 as Diagnostic Tool
    Windows Washer as Easier Clutter Cleaning

    I'll wait for you guys answer.. thanks alot!
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow all the instructions exactly.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of RyuuKa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. RyuuKa

    RyuuKa TS Rookie Topic Starter

    Seriously, dont you think I tried it?
    Man, I cant open the IE browser required for those Online Scans. I REALLY REALLY need some help, this is my family PC ;/~
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Skip the online scans and follow the rest of the instructions.

    Regards Howard:)
     
  5. RyuuKa

    RyuuKa TS Rookie Topic Starter

    The Ewido Anti-Virus doesn't clean the Trojan I have in here.

    The following malwares that cant be clean or quarantened are:

    Trojan.Small
    Adware.Generic

    Soon, I will post here the Scanlog.txt.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I need the Ewido log and a fresh HJT log after you`ve finished with the instructions.

    Regards Howard :)
     
  7. RyuuKa

    RyuuKa TS Rookie Topic Starter

    Omg, I just opened the Tool2 and it is a Virus called Porn something. My antivirus said it was a high risk one. :dead:
     
  8. RyuuKa

    RyuuKa TS Rookie Topic Starter

    Oh my god, I cant believe it. I got everything working, perfectly, PC usage 0%, not 100% anymore, the AutoWeb isnt showing up anymore, there are no trojans too, nothing!

    Everything was the Tool1 you posted at the ishost.exe guy, it was the same problem I HAD!

    Thanks alot my friend.

    Edit: And here is the Hijacklog:
     
  9. Rage_3K_Moiz

    Rage_3K_Moiz Sith Lord Posts: 5,431   +28

    Have u considered changing ur browser. It's probably the root of all the problems. Mozilla Firefox is a superb alternative. Get it here.
    www.getfirefox.com
     
  10. RyuuKa

    RyuuKa TS Rookie Topic Starter

    I got firefox, its really good.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Tool2 is the VirtumunodoBeGone tool. It helps to remove the Virtumundo infection. It most definitely isn`t a virus. Your antivirus programme has given you what is called a false positive.

    In any case you shouldn`t be following instructions from someone elses HJT thread.

    I am going to merge this post into you existing HJT thread.

    Regards Howard :)
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCMTR.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm (file missing)

    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP5.cab

    O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.84.224/OCX/gwnet.cab

    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab

    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab

    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab

    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab

    O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

    O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS\system32\EZTOOL~1.DLL

    O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

    O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

    O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    ALCMTR.EXE Search your system for this file and delete all instances of it. I know it`s a Realtek file, but it does need to be deleted. It`s classified as spyware.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\system32\hsppp.dll
    C:\WINDOWS\system32\EZTOOL~1.DLL

    Once your system has rebooted, turn system restore back on and post a fresh HJT log.

    Let me know how your system is running.

    Regards Howard :)

    This thread is for the use of RyuuKa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. RyuuKa

    RyuuKa TS Rookie Topic Starter

    Here, I did everything, and oh my god, once again, I got not even 1 warning now! But, first, I need you to check the Hijacklog :)

    Is it going to survive???? :haha:
    Here:
     

    Attached Files:

  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very well done. Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of RyuuKa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...