TechSpot

Need help with ismon

By breezcool
Aug 25, 2006
  1. Infected by Ismon. Tried to remove but still getting pop-up and system is slow. My HJT log is attached
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    These should be applied in safe mode.


    This should be fixed (and the file deleted from that directory):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm


    Have you set the proxy server on purpose? If not, fix this:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.242.36.3:3128


    Fix this too, to be sure:

    R3 - URLSearchHook: (no name) - <default> - (no file)


    These are unknown to me:

    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://138.108.63.129/ePlayer/V3_2_0_0/ACNePlayer.cab

    O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    BroadJump\Client Foundation
    AWS\WeatherBug

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    CFD.exe
    Weather.exe

    Close task manager.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.242.36.3:3128<Only fix this, if you didn`t set this proxy yourself, or you don`t know what it is.

    R3 - URLSearchHook: (no name) - <default> - (no file)

    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O9 - Extra button: Help - {08F93E4B-4A2F-40CF-86DF-C60DB13902F3} - http://www.comcast.net/memberservices/ (file missing) (HKCU)

    O9 - Extra button: ComcastHSI - {35AEEB9D-7D23-43A2-98A0-EECF1769DABB} - http://www.comcast.net (file missing) (HKCU)

    O9 - Extra button: Support - {FDEBFFC1-560E-49FB-8B16-3ECEB03871AE} - http://www.comcastsupport.com (file missing) (HKCU)

    O15 - Trusted Zone: http://www.fortunerep.com

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/toolbar/webinstall.cab

    O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcast.net/anon.comcastonline2/onleng/downloads/VideoMail/vmLaunc her2.cab

    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://138.108.63.129/ePlayer/V3_2_0_0/ACNePlayer.cab

    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

    21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - (no file)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm

    C:\Program Files\AWS

    C:\Program Files\BroadJump

    Reboot your computer.

    Regards Howard :wave: :wave:
     
  4. breezcool

    breezcool TS Rookie Topic Starter

    Thanks for the help.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of breezcool only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...