TechSpot

Hijackthis Log - Worries about Diallers

By Cheeseweasel
Apr 8, 2006
  1. I was recently browsing the web, when I came along a perfectly harmless-looking website (if it helps, I was using firefox). The download window popped up, and it automatically accepted. The file downloaded and automatically ran itself.

    Obviously I was worried, but I noticed no real worries, It seemed to be an installer for a program. I looked at my desktop and had something called 'cmb<random string of alphanumeric characters>'. The picture above the text looked like a link to an IE site. As soon as I right clicked it to inspect the properties, it automatically opened the file.

    It came up with an Internet Explorer page - something to do with 'erotic'. I closed down the window, and again I now found a new icon (the picture was an IE link) on my desktop called 'Girls.exe'. On trying to delete both icons (I selected them both, hit the delete key and chose 'yes'), it told me that they both could not be deleted.

    I didn't click on it, instead, I went to 'add and remove programs' and deleted the program. On the A+R Programs menu, it didn't display the CMB program. It simply showed Girls. After deleting it, it said I had to restart my PC.

    I was worried by this because I thought it may have affected my bootup files. However, I reluctantly restarted the computer. It started up fine. Both icons had disappeared from my desktop and the add and remove programs menu. I downloaded and ran Hijackthis and could not see anything looking very suspicious, but just to be on the safe side, I decided to post my log here.

    Nothing has happened (yet) which is unusual since the problem occured. No popups, search bars etc. I'm using Firefox right now.

    Please could somebody analyze this log and tell me if any files on it look wrong? I'm worried I may have a dialler or another kind of irritating virus.

    Thankyou in advance,
    Cheeseweasel
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. Cheeseweasel

    Cheeseweasel TS Rookie Topic Starter

    Hijackthis Logfile (NO AUTOMESSAGES PLEASE)

    (log is attached)

    I've posted here twice and both times gotten the same automated message. I've done what it asks. SOMEONE PLEASE TELL ME WHAT TO DELETE. I'm constantly disconnected from the internet, and whenever I post the logfile, I get this automated message. Please could somebody help me.

    Thank you in advance,
    Cheeseweasel
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That wasn`t an automated message, it was a set of instructions for you to follow.

    I have merged your new thread into this one.

    I will analyse your HJT log and get back to your shortly.

    Regards Howard :)
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    SysProtect Free

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    i-hate-keyloggers.exe
    USYP.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

    O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Kieran\My Documents\i-hate-keyloggers.exe

    O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan

    O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan

    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab

    O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CAB

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sysprotect.com/scanner/pages/scanner/Sys ProtectScannerInstall.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACDFE96-DF1E-41BB-8158-FEB05263A1E8}: NameServer = 195.92.195.94 195.92.195.95<Only fix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\SysProtect Free
    C:\Documents and Settings\Kieran\My Documents\i-hate-keyloggers.exe

    Reboot into normal mode and turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log.


    Regards Howard :)

    This thread is for the use of Cheeseweasel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. Cheeseweasel

    Cheeseweasel TS Rookie Topic Starter

    New Log

    Hello again,
    Thank you so much, it seems to have worked. However, as soon as I connected to the internet, 10 seconds into my connection, it disconnected. But I have been running for about 20 minutes with no disconnections yet. I've attached another log. Sorry for getting slightly angry in my last post. I'll tell you if it goes wrong again.

    Thank you
    Cheeseweasel
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Cheeseweasel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...