TechSpot

  1. TechSpot Forums are dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot Forums are dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

I'm being attacked by ads

By tabdynamo ยท 14 replies
Oct 7, 2005
  1. attached is my HijackThis log file. the symptoms are this:

    -homepage on IE leads to patchyoursystem.com, yeah, f-ing bogus. :unch:
    -from time to time i'll receive message boxes about being infected with spyware, one says "for instant access click YES", there is no "YES" button, only an "OK" button. :haha:
    -from time to time i'll get various pop-ups about lame software and "hot dudes".

    HELP!
     

    Attached Files:

  2. tabdynamo

    tabdynamo TS Rookie Topic Starter

    Ps

    PS. i've tried several methods for fixing this from similar problems, as described around here. i'm guess i'm special today.
     
  3. Spike

    Spike TS Evangelist Posts: 2,168

    That log is pretty clean (very small. is it complete? I hope so! :D)

    boot into safemode and disable system restore

    go to start -> run and type in the following...

    regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

    run HJT and let it fix the following...
    C:\WINDOWS\system32\1024\ldF694.tmp
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

    delete the entire C:\Program Files\RXToolBar\ directory
    delete the file C:\WINDOWS\system32\1024\ldF694.tmp

    empty these files from that recycle bin.

    turn system restore back on, and reboot to normal mode.

    Let us know if this solves the prblem. If not, post another log.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You had Kazaa on your PC. We have a good Irish expression: eejit!

    Boot in Safe Mode, see how here.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the Process (if there) and click End Process for:
    ldF694.tmp
    hp4FEC.tmp
    intell32.exe

    Next, click on Start/Run and type in (followed by press Enter):
    regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    C:\WINDOWS\system32\1024\ldF694.tmp
    O2 - BHO: (no name) - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp4FEC.tmp
    O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    XP only: Delete ALL files from C:\WINDOWS\Prefetch.
    Boot normal. When all OK, switch System Restore back on.
     
  5. Spike

    Spike TS Evangelist Posts: 2,168

    Looks like I missed a whole lot of stuff last night.

    We live and learn ... :blush:
     
  6. tabdynamo

    tabdynamo TS Rookie Topic Starter

    problem still exists

    first of all, thanks for your help thus far guys. but the problem is still here.

    secondly. when attempting to perform RealBlackStuff and Spike's instructions (i combined them), i ran into these problems:

    >Next, click on Start/Run and type in (followed by press Enter):
    >regsvr32 /u C:\Program Files\RXToolBar\sfcont.dll

    ***LoadLibrary(C:/Program") failed - the specified module could not be found.***

    >Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................... .............................
    ***C:\WINDOWS\system32\1024\ldF694.tmp*** (this was not in the list.)

    >delete the entire C:\Program Files\RXToolBar\ directory

    ***this directory did not exist (i double checked to see that "show hidden files and folders" was active).***

    i'll run HJT again now and post my log file.

    thanks again guys.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open task manager, and stop these entries if there.

    C:\WINDOWS\system32\mssearchnet.exe
    C:\WINDOWS\system32\nvctrl.exe
    C:\WINDOWS\system32\hp4FEC.tmp

    Go into the above directories and delete mssearchnet.exe, and nvctrl.exe,and hpA6AF.tmp



    Regards Howard :) :)
     
  8. tabdynamo

    tabdynamo TS Rookie Topic Starter

    almost there

    i got my homepage back!

    most of the symptoms are gone accept for one that i've noticed thus far. a message box pops up from time-to-time saying :

    top title bar: microsoft internet explorer
    text in message box: for your instant access please click YES
    button: OK
    graphic: Triangle with exclamation inside.

    (aardvark = pro-recording soundcard.)

    attached is my current HJT log file.

    thanks again!
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    If you have an aardvark = pro-recording soundcard, then that message is legit.

    As far as I can tell, you HJT log looks clean.

    Regards Howard :) :)
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just as an after thought.

    If that message is annoying you.

    Click start/run, and type services.msc into the run box, and hit the enter key.

    When the services window opens, maximise it, and find the entry for Service: Aardvark Professional Audio Manager (aardvarkpm).

    Right click on it, and if it`s running select stop. Click on properties, and set the startup type to disabled. Click apply/ok.

    If after doing that, you experience any trouble with your soundcard, just reverse the procedure.

    Regards Howard :)
     
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Don't you think it's time to install an Antivirus program and a Firewall?
    You should not come back here until you protect your PC, we'd be wasting our time otherwise.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes RBS is spot on again lol

    Without a firewall and antivirus programme your system can be infected within seconds.

    You do have a responsibility to protect your computer.

    Regards Howard :cool:
     
  13. tabdynamo

    tabdynamo TS Rookie Topic Starter

    so you're saying "spybot" and "adaware" are not sufficient anti-virus software? are you also saying that the Win XP firewall is not sufficient as a firewall?

    if i need other programs i will get them, try the instructions again and hopefully you'll never hear from me on this again because, as you might have expected, all of the symptoms have returned. ARRGGGHH!

    ps. in order for me to fulfill my responsibility of having a stable machine, i must be properly informed as to how to do that! :stickout:
     
  14. Spike

    Spike TS Evangelist Posts: 2,168

    No, what they mean is that spybot and adaware are not anti-virus programs!

    Download avg free (http://free.grisoft.com/)

    and you could continue using the windows firewall 9which isn't really the best firewall in the world, but we'd advise using a third party one such as Sygate personal Firewall (http://soho.sygate.com/ - but get it quick before symantes turn it to crap! lol They own it now!)

    If you want, look at the Nice or Nasty Norton thread in The Meeting Spot. I posted a wide selection of links to various anti-viruses, firewalls, etc in it about 8 or so posts down.
     
  15. tabdynamo

    tabdynamo TS Rookie Topic Starter

    thanks spike

    i now have:

    AVG Free Edition Anti-Virus
    Agnitum Outpost Personal Firewall

    i have also repeated everyone's combined instructions above. so at this point it's 'wait and see'. how am i to know what to block if the firewall is questioning something?

    anyway, so far so good.

    thanks again.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...