TechSpot

help with highjack -- highjackthis.txt attached

By redjoy
Oct 15, 2005
  1. Hi:

    Please help -- I tried the instructions posted before but still have the virus.

    thanks lots
    redjoy
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First of all, please do NOT open a new thread for every post you make!

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /S/ Service needs to be stopped
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - (no file)

    /P/ STOP the Process for every following single xxx.exe and .pif file if there. WATCH THE SPELLING CAREFULLY!
    O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.71.exe
    O4 - HKLM\..\Run: [Satin] csmsn.exe
    O4 - HKLM\..\Run: [Config Loader] scvhost.exe <<== Careful!
    O4 - HKLM\..\Run: [Distributed Transaction Coordinator System] cliconfgh.exe
    O4 - HKLM\..\Run: [Configuration Loader] sw32.exe
    O4 - HKLM\..\Run: [Microsoft Internet] spolws.exe
    O4 - HKLM\..\Run: [Microsoft Explorer] msl.exe
    O4 - HKLM\..\Run: [COM+ System Applications] lsas.exe
    O4 - HKLM\..\Run: [Microsoft Update Machine] systemse.exe
    O4 - HKLM\..\Run: [Msgn] C:\WINNT\SYSTEM32\tstorm.exe
    O4 - HKLM\..\Run: [contime] C:\winnt\system32\contime.exe
    O4 - HKLM\..\Run: [New Csnm Manager] csmn.exe
    O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
    O4 - HKLM\..\Run: [System Service] schost.exe
    O4 - HKLM\..\Run: [System Update Service] update.pif
    as well as for svcproc.exe

    /S/ STOP the Service for every following single xxx.exe and .pif file if there. WATCH THE SPELLING CAREFULLY!
    O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.71.exe
    O4 - HKLM\..\RunServices: [Satin] csmsn.exe
    O4 - HKLM\..\RunServices: [Config Loader] scvhost.exe <<== Careful!
    O4 - HKLM\..\RunServices: [Configuration Loader] sw32.exe
    O4 - HKLM\..\RunServices: [Microsoft Internet] spolws.exe
    O4 - HKLM\..\RunServices: [Microsoft Explorer] msl.exe
    O4 - HKLM\..\RunServices: [COM+ System Applications] lsas.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Machine] systemse.exe
    O4 - HKLM\..\RunServices: [New Csnm Manager] csmn.exe
    O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
    O4 - HKLM\..\RunServices: [System Service] schost.exe
    O4 - HKLM\..\RunServices: [System Update Service] update.pif
    as well as for svcproc.exe

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: COM+ System Applications (COMS) - Unknown owner - C:\WINNT\System32\lsas.exe" -service (file missing)
    O23 - Service: Microsoft NetWork FireWall Services - Unknown owner - NetServices.exe (file missing)
    O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo.exe (file missing)
    O23 - Service: Query Service - Unknown owner - C:\WINNT\system32\com1\dragoon\SS.BAT (file missing)
    O23 - Service: sdktemp - Unknown owner - C:\WINNT\debughlp.exe (file missing)
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
    O23 - Service: Configuration Loader (sw3) - Unknown owner - C:\WINNT\System32\sw32.exe" -service (file missing)
    O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe (file missing)
    O23 - Service: Windows Product Activation (wpa) - Unknown owner - C:\WINNT\system32\wpa.exe (file missing)
    .............................................................................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...