TechSpot

Help!! Smitfraud-C Tollbar888 Takeing over my comp

By Wulfsfather
May 19, 2007
Topic Status:
Not open for further replies.
  1. Welll thats what it seems like Some how my brother is getting past the passworded welcome screen and useing P2P long story short this thing keeps opeing IE windows and redirecting me sometimes to stuff I dont want like Syware filled antivirus programs for sell Here is a Hijack this log and a Spybot S&D log Sypbot seems to be the only thing picking this up and I tried a Smitfix program to no help.
  2. momok

    momok TS Rookie Posts: 2,272

    Hi Wulfsfather and welcome to techspot. =)

    Please do not copy and paste logs in the future. Instead attach the .log or .txt files as attachments.

    You are running an outdated version of HijackThis.
    You can obtain the latest version from the link in my signature.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    setup

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hnxxlkqj.dll",realset

    Close HJT.


    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\WINDOWS\system32\iifghih.dll
    C:\WINDOWS\system32\hnxxlkqj.dll

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Do not copy and paste the logs. The utilities can be downloaded from the links in my signature.


    Regards,
    Your friendly Momok =)

    This thread is for the use of wulfsfather only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Wulfsfather

    Wulfsfather TS Rookie Topic Starter

  4. momok

    momok TS Rookie Posts: 2,272

    Hi,

    Your logs look clean now.

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly Momok =)

    This thread is for the use of Wulfsfather only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. Wulfsfather

    Wulfsfather TS Rookie Topic Starter

    OK srry if this is the wrong post to ask in but, I have it to when you come to the welcome screen need a password to enter the desktop my acc is the admin acc, but some how my brother is able to create another acc while im at work and is useing my computer to use P2P stuff anf that i think is the source of my probs. Anyway i can prevent him from doing this?


    Edit nvm think I got it he was login into safemode and yuseing the admin acc to make a new one I changed name of admin acc and passworded it
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.