My very hijacked computer, help needed please :)

By Romial
Feb 12, 2005
Topic Status:
Not open for further replies.
  1. Hiya, normally I don't have any problems, but I just started using this old machine again and I thought I had it properly protected from these kind of attacks, but looks like I forgot to protect it, whoops. So anyways here's the problem I'm getting now. I'm getting an 'Explorer' error when I first boot up to desktop, I get it in safe mode too. Doesn't say what caused it though, just explorer. And here is my hijack this. This is after running ad-aware SE and it being updated. Seems like everytime I reboot, they come back. What should I do?

    Oh, and I'm running WIN98SE too.
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Welcome to TechSpot

    Boot in Safe Mode
    UNinstall the Google-bar, it is an outdated version anyway.
    Decide if you really want it again, then get Version 2. (only after cleaning up first!)

    Run Hijackthis on its own and let it 'fix':
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {CEA438E1-7BE0-11D9-B697-00A0E315BE94} - C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
    O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll
    O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe boln.dll, DllRegisterServer
    O15 - Trusted Zone: *.iframe.biz
    O15 - Trusted Zone: *.newiframe.biz
    O15 - Trusted Zone: *.sp2****ed.biz
    O15 - Trusted Zone: *.sp2admin.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.c4tdownload.com
    O15 - Trusted Zone: *.overpro.com
    O15 - Trusted Zone: *.megapornix.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
    O15 - Trusted Zone: *.admin2cash.biz
    O15 - Trusted Zone: *.private-iframe.biz
    O15 - Trusted Zone: *.private-dialer.biz
    O15 - Trusted Zone: *.bettersearch.biz
    O15 - Trusted Zone: *.addictivetechnologies.com
    O15 - Trusted Zone: *.crazywinnings.com
    O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.213/users/alex/web/axe/x.chm::/update.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

    When done, delete this file:
    C:\WINDOWS\SYSTEM\boln.dll
    and see if you have anything like d: oo.mht. If so delete as well.

    Now surf to www.grisoft.com and get the free AVG antivirus. Or buy a commercial package (NOT Norton). Install it, update faithfully and run regularly.
    Oh, and stop using Internet Explorer, except for Windows-updates.
    Install Firefox from www.getfirefox.com and use that from now on!
  3. Phantasm66

    Phantasm66 Newcomer, in training Posts: 6,504

    Or, alternatively, just abandon that installation and reinstall the operating system and all software, if you can. Immediately patch, and regularly run the tools mentioned in the post above. Backup good known system states with drive image or norton ghost, and restore immediately if you find something bad has gotten onto your machine.

    To be honest, with Windows 98, you are kind of fighting a loosing battle. Its not maintained with all of these up to date security fixes anymore, meaning things that exploit well known flaws can be used often to do horrible things to boxes like yours.

    Problem is, if its an older machine and you install XP, so you can get all of these updates, it will probably run like crap on your machine.

    If you follow the steps in paragraph one you might be OK for a while.

    You might want to think about buying a new machine. If you are just an occassional web surfer, etc then there are some really good cheap notebooks on the market right now. You might want to upgrade the RAM, but that's cheaply done as well.
  4. Romial

    Romial Newcomer, in training Topic Starter

    Well I'm not gonna use firefox and I'm not going to reinstall windows. So other than that, I did as you said. I worked on it a little myself and ran an anti-virus and got rid of the explorer error pop up box. I don't know how to UNinstall the googletoolbar as when I go to add/remove programs, google isn't on there. But there is a folder in the program files that only has 1 file in it, and that is Googletoolbar1.dll Should I delete that and let hijack this fix everything google, then update to the newest one? Also, why am I loading at 640x480 and only with 18 colors? I know this is an old computer, but it used to run on 800x600 and 32 bit colors, and everytime I try to fix it and hit reply, it wants me to restart and when I restart it doesn't change. And why am I being asked to log in everytime I load windows? That didn't happen before either, how do I fix that? So that's the only probs I have right now. I'm including the newest hijack this file too.
  5. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    To uninstall (or update) the Google Toolbar, look here: http://toolbar.google.com/faq.html

    Looking at your new logfile, did you mark ALL the indicated HJT items?

    Boot in Safe Mode again and let HJT 'fix':
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    O2 - BHO: (no name) - {CEA438E1-7BE0-11D9-B697-00A0E315BE94} - C:\WINDOWS\SYSTEM\GDIP.DLL (file missing)
    O2 - BHO: sr - {5742F79A-1D91-42c4-990C-B46CF55A6478} - C:\WINDOWS\NOTFI.DLL (file missing)
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\SYSTEM\boln.dll (file missing)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

    Rightclick anywhere on the desktop, select Properties/Settings tab. Move the slider to 800x600 and select the number of colours you want. Confirm.

    Go to MS website and get Tweakui for W98. Install it. Then run it from the Control Panel. Go to tab Logon and click the appropriate box.

    And if you get infected again, remember what we said about Firefox!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.