Hi There,

I have been infected with this mirc32 virus as well same as the other guy, all spyware programs cant sort it and it hijacks my browser and sets a new home page, also Trend micro keeps saying someones trying to get a credit card details, i got it downloading a torrent on mininova

same as the other guy it is in c:windows:system32:include

i have read your way to fix this but i dont understand what HJT is? Can you please explain

Many Thanks

Gaggy

re your post below




#39 09-05-2006, 12:36 PM
howard_hopkinso
TS Special Forces Join Date: Aug 2004
Location: Colne, Lancs, England.
Posts: 11,520


You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

F3 - REG:win.ini: run=c:\windows\system32\include\svchost.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

c:\windows\system32\include

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of ldd only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
__________________

"i have read your way to fix this but i dont understand what HJT is? Can you please explain

hjt= hijack this. its a programme that show what is or may be running inside your pc maliciouse or otherwise, and by using this programme it can be more often than not fixed. get it!!!!

it scans your pc on demand, you save a log and then post it to be analyzed , more than likely by 'howard', he will then give you more instructions on the fix. you should receive notification by e-mail when he has responded. it is however that all instructructions must be followed to the letter to complete the fix.

Hi there. Take a read of this and try to follow all the instructions.. then post a HJT log here as a .txt attachment for one of us to read.

Follow these instructions BEFORE posting your HJT log.

Hello and welcome to Techspot.

You shouldn`t be following instructions that are designed for someone else.

Instead, go HERE and follow the instructions exactly.

Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of gaggy only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.