Hi There,
I have been infected with this mirc32 virus as well same as the other guy, all spyware programs cant sort it and it hijacks my browser and sets a new home page, also Trend micro keeps saying someones trying to get a credit card details, i got it downloading a torrent on mininova
same as the other guy it is in c:windows:system32:include
i have read your way to fix this but i dont understand what HJT is? Can you please explain
Many Thanks
Gaggy
re your post below
#39 09-05-2006, 12:36 PM
howard_hopkinso
TS Special Forces Join Date: Aug 2004
Location: Colne, Lancs, England.
Posts: 11,520
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
c:\windows\system32\include
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
__________________
I have been infected with this mirc32 virus as well same as the other guy, all spyware programs cant sort it and it hijacks my browser and sets a new home page, also Trend micro keeps saying someones trying to get a credit card details, i got it downloading a torrent on mininova
same as the other guy it is in c:windows:system32:include
i have read your way to fix this but i dont understand what HJT is? Can you please explain
Many Thanks
Gaggy
re your post below
#39 09-05-2006, 12:36 PM
howard_hopkinso
TS Special Forces Join Date: Aug 2004
Location: Colne, Lancs, England.
Posts: 11,520
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
c:\windows\system32\include
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Post a fresh HJT log and let me know how your system is running.
Regards Howard
This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
__________________