HijackThis Log

[depository]

Today my computer was "attacked" if you will. Multiple trojans, viruses, hijack attempts, random popups, and a bunch of dll's and exe's that i was scared to even touch.

I've used multiple programs from Download.com once i found out that my normal anti-virus wasn't working, and I've gotten rid of a few things. But some of these things are stubborn. I've noticed some .exe's in my C:\ folder, and dll's that are in Windows, among other things in that folder. I've tried everything I could do with my limited computer knowledge but it's not working.

I was on the verge of reformatting my computer, but I decided to post this as a last-ditch effort. And as you can notice in the log, I have a bunch of security programs installed. Thanks in advance!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with quite a collection of nasties.

Go HERE and follow the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:

 

[depository]

Hm..

Hoo...I cannot thank you enough. Sorry I didn't abide by the rules! But I guess it was worth posting because HijackThis still found some things that wouldn't be fixed...

I'm suspicious of isafe.exe, relocater.exe (Which comes up on the task manager...but when I end it, it comes back.), and vsmon.exe.

Also just noticed...My C:\ drive is yet again full of .exes that I did -not- put there...and they seem like the same ones that were there before the cleanup.

C:\defender26.exe
C:\drsmartload1.exe
C:\drsmartload45a.exe
And more of these...

Overall I got rid of a lot of things, but I'm still worried about these problems that still exist.

EDIT: Well, it seems like I'm back where I started; it's come to my attention that all these scans i've done were all for naught. I had a period of time where my computer was working perfectly, but just now, I've been having a huge outburst of ads coming out of nowhere. I'm afraid that the file, relocator.exe, was a backdoor like I suspected..because that's the only file that was noticeably left after all the scans that I did (Along with a couple of Command Service things that I wasn't able to delete with Spybot..).

Speaking of Spybot, I'm doing a scan right now and I already have 15 entries of CoolWWWSearch...I don't know how it got on here if it wasn't from a file, I haven't even visited any internet sites. I'll do another HijackThis scan later to see if this problem shows up on there.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html





Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

relocater.exe
defender26.exe
drsmartload1.exe
drsmartload45a.exe


Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: Remote Procedure Call (RPC) Relocator (RpcRelocator) - Unknown owner - C:\WINDOWS\relocater.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\relocater.exe
C:\defender26.exe
C:\drsmartload1.exe
C:\drsmartload45a.exe

Reboot into normal mode and turn system restore back on.

You need to reinstall Zonealarm as there is a file missing. Also, Vsmon.exe is not nasty, it`s the main executable for Zonealarm. Isafe.exe is also part of Zonealarm.

Post a fresh HJT log.


Regards Howard

 

[depository]

Oh wow. Thanks a lot. I had to delete more .exe's that I had in my C drive that I didn't list. I cannot thank you enough!

 

[howard_hopkinso]

Your HJT log is now clean.

Regards Howard

 

[depository]

Hey, I hope that this thread isn't -too- old for you to notice, but..

My computer has ben running pretty good since I cleaned it out, even got a bunch of disk space that the viruses were taking up.

But something weird's been going on...ever since then, I haven't been able to really connect to some things. Nearly all of my online games that I used to play all the time and some programs aren't able to connect. Do you know anything about this and what could be wrong..?

 

[howard_hopkinso]

Please post a fresh HJT log and I`ll take a look for you.

Regards Howard

 

[depository]

Hm, I figured out that my firewall was blocking these things from working. AVG, that is.

 

[howard_hopkinso]

I take it your problem is solved then?

Regards Howard

 

[depository]

For the most part, yeah. But I don't want to leave my computer vulnerable.

 

[howard_hopkinso]

Try downloading the Free Zonealarm firewall from HERE.

See if you still have problems with that.

What version of AVG are you using?

Regards Howard