TechSpot

Please Read My Hijack This Log...Having major problems with yyy65 and other spyware

By SpaceMonkey
Mar 7, 2006
  1. heres the log...
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

  3. SpaceMonkey

    SpaceMonkey TS Rookie Topic Starter

    the look2me virus scanner did not work...it loaded then I pressed run task and ok, but it never came back up. I did the other things you said though. Heres my new log.

    Thanks
     
  4. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    yyy65 fix (newer) - thanks howard.....

    Please download Look2Me-Destroyer.exe to your desktop.

    * Close all windows before continuing.
    * Double-click Look2Me-Destroyer.exe to run it.
    * Put a check next to Run this program as a task.
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the Remove L2M button.
    * You will receive a Done Scanning message, click OK.
    * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
     
  5. SpaceMonkey

    SpaceMonkey TS Rookie Topic Starter

    I have done all that and still it won't work...
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager and end process for(if there).

    ptsnoop.exe
    winupdates.exe
    SYSC00.exe
    zkrgcc.exe
    KEYBOARD1.exe
    MOUSEPAD.exe
    ibm00003.exe
    ONCEJUGS.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insight Broadband

    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [winupdates] \winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [zkrgcc] C:\WINDOWS\SYSTEM\zkrgcc.exe
    O4 - HKLM\..\Run: [keyboard] C:\\KEYBOARD1.exe
    O4 - HKLM\..\Run: [mousepad] C:\\MOUSEPAD.exe
    O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00003.exe"
    O4 - HKCU\..\Run: [book blah] C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe

    O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com

    O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

    Click the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\ptsnoop.exe
    winupdates.exe
    C:\WINDOWS\SYSC00.exe
    C:\WINDOWS\SYSTEM\zkrgcc.exe
    C:\\KEYBOARD1.exe
    C:\\MOUSEPAD.exe
    C:\WINDOWS\SYSTEM\ibm00003.exe
    C:\WINDOWS\APPLIC~1\DRAWSI~1\ONCEJUGS.exe

    Reboot into normal mode.

    Regards Howard :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.