TechSpot

SVKP that wont go away

By bryanatonu
Oct 24, 2005
  1. Caught by Norton at every startup from Hacktool.rootkit

    Logfile of HijackThis v1.99.1
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Please follow the Read: How to... posts at the top of this forum!
     
  3. bryanatonu

    bryanatonu TS Rookie Topic Starter

    I went through that whole process from the thread above and still no luck. It just keeps coming back. I have also tried using adaware, spybot, ewido, ccleaner, and spyware doctor. Still everytime on startup i get a svkp that is found in my system32. I attached my most recent hijackthis results if anyone can help
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Follow these instructions EXACTLY
    Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

    while doing that, fix these as well:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122504444078
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O23 - Service: GMN - Unknown owner - C:\DOCUME~1\BRYANP~1\LOCALS~1\Temp\GMN.exe (file missing)
    O23 - Service: UTOBCIY - Unknown owner - C:\DOCUME~1\BRYANP~1\LOCALS~1\Temp\UTOBCIY.exe (file missing)
     
  5. bryanatonu

    bryanatonu TS Rookie Topic Starter

    I think it's gone

    I followed all the steps to that removal and I think I got rid of it. Well it didn't pop up in my antivirus detection on startup anyway. I posted my most recent Hijackthis just in case though. Thanks for everything, I'll make sure I have a Guiness on your behalf this weekend
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Fat lot of good that does ME!
    You're clean.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...