TechSpot

  1. TechSpot Forums are dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot Forums are dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

SVKP that wont go away

By bryanatonu
Oct 24, 2005
  1. Caught by Norton at every startup from Hacktool.rootkit

    Logfile of HijackThis v1.99.1
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Please follow the Read: How to... posts at the top of this forum!
     
  3. bryanatonu

    bryanatonu TS Rookie Topic Starter

    I went through that whole process from the thread above and still no luck. It just keeps coming back. I have also tried using adaware, spybot, ewido, ccleaner, and spyware doctor. Still everytime on startup i get a svkp that is found in my system32. I attached my most recent hijackthis results if anyone can help
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Follow these instructions EXACTLY
    Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

    while doing that, fix these as well:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netscape.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122504444078
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O23 - Service: GMN - Unknown owner - C:\DOCUME~1\BRYANP~1\LOCALS~1\Temp\GMN.exe (file missing)
    O23 - Service: UTOBCIY - Unknown owner - C:\DOCUME~1\BRYANP~1\LOCALS~1\Temp\UTOBCIY.exe (file missing)
     
  5. bryanatonu

    bryanatonu TS Rookie Topic Starter

    I think it's gone

    I followed all the steps to that removal and I think I got rid of it. Well it didn't pop up in my antivirus detection on startup anyway. I posted my most recent Hijackthis just in case though. Thanks for everything, I'll make sure I have a Guiness on your behalf this weekend
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Fat lot of good that does ME!
    You're clean.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...