1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

First attempt at Hijack this (expert help for a beginner please)

By Travisss1313
Feb 11, 2005
  1. I have recently encountered a problem, my task manager and regedit will close within a second. I saw other people have had this problem. I downloaded to hijackthis program that others have said to do, i fixed the processes that i saw that mathed to DIY file in the forums here somewhere. here is a copy of my hjt scan, help is very much appreciated. Thanks.
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Boot in Safe Mode
    Switch off System Restore
    Press ctrl/alt/del and in Taskmanager try to stop:


    Next, run Hijackthis on its own and let it 'fix':
    C:\WINDOWS\system32\WINRAR32.EXE <<== Fake !! >>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vwvortex.com/
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
    O4 - HKLM\..\Run: [touristart.exe] C:\WINDOWS\system32\touristart.exe
    O4 - HKLM\..\Run: [bootoxk.exe] C:\WINDOWS\system32\bootoxk.exe
    O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
    O4 - HKCU\..\Run: [touristart.exe] C:\WINDOWS\system32\touristart.exe
    O4 - HKCU\..\Run: [bootoxk.exe] C:\WINDOWS\system32\bootoxk.exe
    O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE

    When done, delete the bold files.
    Boot normal.
    When all is OK, start System Restore.
  3. Travisss1313

    Travisss1313 TS Rookie Topic Starter

    Thank you very much. This will not damage my WinRar program at all? And mt deleating bold files, do you mean search for them and delete them manually?

    Ok, i did all taht in safe mode and everything seems to be working normall again. Thanks a lot! here is the new hjt summary.

    also, how can i deleat the C:/ type processes at the top of the summary, that dont show up on the actual scan? or do i need not worry about those.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    winrar.exe is the real program, WINRAR32.EXE is not.

    In Windows Explorer, make sure that the option to "show all files and folders, including hidden and system" is turned on.
    Or see here how to do that: http://www.bleepingcomputer.com/forums/tutorial62.html

    In Explorer, go to C:\WINDOWS\system32\ all files are in there, delete them manually.
    Then immediately empty your Recycle Bin.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...