Need help with ismon

breezcool · Aug 25, 2006

Infected by Ismon. Tried to remove but still getting pop-up and system is slow. My HJT log is attached

Mictlantecuhtli · Aug 26, 2006

These should be applied in safe mode.

This should be fixed (and the file deleted from that directory):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

Have you set the proxy server on purpose? If not, fix this:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.242.36.3:3128

Fix this too, to be sure:

R3 - URLSearchHook: (no name) - <default> - (no file)

These are unknown to me:

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://138.108.63.129/ePlayer/V3_2_0_0/ACNePlayer.cab

O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)

howard_hopkinso · Aug 26, 2006

Hello and welcome to Techspot.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

BroadJump\Client Foundation
AWS\WeatherBug

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

CFD.exe
Weather.exe

Close task manager.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.242.36.3:3128<Only fix this, if you didn`t set this proxy yourself, or you don`t know what it is.

R3 - URLSearchHook: (no name) - <default> - (no file)

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - Global Startup: Digital Line Detect.lnk = ?

O9 - Extra button: Help - {08F93E4B-4A2F-40CF-86DF-C60DB13902F3} - http://www.comcast.net/memberservices/ (file missing) (HKCU)

O9 - Extra button: ComcastHSI - {35AEEB9D-7D23-43A2-98A0-EECF1769DABB} - http://www.comcast.net (file missing) (HKCU)

O9 - Extra button: Support - {FDEBFFC1-560E-49FB-8B16-3ECEB03871AE} - http://www.comcastsupport.com (file missing) (HKCU)

O15 - Trusted Zone: http://www.fortunerep.com

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab

O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comcastonline2/onleng/downloads/VideoMail/vmLaunc her2.cab

O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://138.108.63.129/ePlayer/V3_2_0_0/ACNePlayer.cab

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

C:\Program Files\AWS

C:\Program Files\BroadJump

Reboot your computer.

Regards Howard :wave: :wave:

breezcool · Aug 27, 2006

Thanks for the help.

howard_hopkinso · Aug 27, 2006

No problem.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of breezcool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

TechSpot

Need help with ismon

breezcool Newcomer, in training

Mictlantecuhtli TS Special Forces

howard_hopkinso Newcomer, in training

breezcool Newcomer, in training

howard_hopkinso Newcomer, in training