TechSpot

mirc32 virus

By gaggy
Sep 9, 2006
  1. Hi There,

    I have been infected with this mirc32 virus as well same as the other guy, all spyware programs cant sort it and it hijacks my browser and sets a new home page, also Trend micro keeps saying someones trying to get a credit card details, i got it downloading a torrent on mininova

    same as the other guy it is in c:windows:system32:include

    i have read your way to fix this but i dont understand what HJT is? Can you please explain

    Many Thanks

    Gaggy

    re your post below




    #39 09-05-2006, 12:36 PM
    howard_hopkinso
    TS Special Forces Join Date: Aug 2004
    Location: Colne, Lancs, England.
    Posts: 11,520


    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    c:\windows\system32\include

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard

    This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
    __________________
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    "i have read your way to fix this but i dont understand what HJT is? Can you please explain

    hjt= hijack this. its a programme that show what is or may be running inside your pc maliciouse or otherwise, and by using this programme it can be more often than not fixed. get it!!!!

    it scans your pc on demand, you save a log and then post it to be analyzed , more than likely by 'howard', he will then give you more instructions on the fix. you should receive notification by e-mail when he has responded. it is however that all instructructions must be followed to the letter to complete the fix.
     
  3. N3051M

    N3051M TS Evangelist Posts: 2,115

  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You shouldn`t be following instructions that are designed for someone else.

    Instead, go HERE and follow the instructions exactly.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of gaggy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...