HiJack This Help?

By tyns
Mar 30, 2006
  1. I am having this trouble with one of my clients.
    The are getting pop-ups with koalabingo, partypoker.. etc.. in IE. (even though I repeatedly tell them NOT to use IE, they do)

    anyhow.. I can run spybot, windows defender, virusscan.. all check out okay.. but when I go to run adaware.. it find 2 items.. then suddenly blue screens windows.

    I have looked at the Hijack this log, it looks pretty normal to me.. If anyone can provide any help that would be great.

    I am remotely trying to assess this system.. so I am unable to reboot the computer in safe mode to test with the procedures outlined in the instruction for posting a hijack this log in safe mode :( ..

    Attached Files:

  2. Spike

    Spike TS Evangelist Posts: 2,168

    Seeing as you are trying to do this remotely....

    I would highly reccomed that you run a trend micro online scan on the target machine, and also install Ewido to it ans scan with that. Beyond this, I haven't picked out every little thing from the log because of the fact that you are doing this remotely, but the major issues I feel are below...

    The following are very much suspect...
    O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\ssttt.dll

    O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll

    The following are suspect unless you know what they are...
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

    URL deliberately voided
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcom to Techspot.

    Your system is infected with the vundo trojan.

    Go HERE and follow the instructions.

    Then, go HERE and follow the instructions exactly.

    Post a fresh HJT, only after you have completed the above.

    Regards Howard :wave: :wave:
  4. tyns

    tyns TS Rookie Topic Starter

    Thank You Kindly

    Thank You Kindly!

    I will give it a try.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...