My Hijackthis log - what to delete?

By PJPJ ยท 9 replies
Jun 26, 2005
  1. Hello experts of the forum,

    I found this site after discovering I have a trojan virus called twink64 or WIN32.delt.trojan.b or something like that. When I press control + alt + delete, I only see "comm" and "winamp" and "twink64" in the window, not the usual applications at all.

    Anyway, I followed the instructions on the site, made a HJT root folder on my C drive and ran the program. I saved the log in the same HJT folder.

    Here's my log in the txt attachment. What should I delete??


    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  3. PJPJ

    PJPJ TS Rookie Topic Starter

    Followed instructions, PLEASE check HJT log

    Hi realblackstuff,

    I followed all the instructions and ran Adaware and Spybot. Then Hijackthis again and deleted a lot of files, I think I got the twink64 file and some others too.

    Can you please check my HJT this? I think there is still something because when I press control+alt+delete I don't see any applications listed at all, as I normally would in the dialog box. I had one error message pop called "explorer" up with the message "this program has performed an illegal operation and will be shut down...". That was strange.

    Also, the "Running Processes" you see in my log don't show up in the HJT this where you could check them for fixing.

    Anyway, please check my log, it's realy short!!
    Thanks so much

    Attached Files:

  4. IronDuke

    IronDuke TS Rookie Posts: 856

    Tick & fix the following

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O1 - Hosts:
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Post a fresh log.
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I'm not sure about your new log, it has a funny smell...
    No Antivirus, way too many things gone after your first log...
    Clean format/install, before any other programs? You're wasting my time, if so.
  6. PJPJ

    PJPJ TS Rookie Topic Starter

    Sorry, but I really don't understand what you mean by "Clean format/install, before any other programs?". :confused: I ran Adaware and Spybot and HJT and "fixed" all the files that seemed dangerous according to the instructions. I also uninstalled (correctly from the control panel) a few programs like Adobe Reader that I can easily download from the net once this is all over, just to clean things up and make more sense of my log. I DO have an Antivirus installed on my computer.

    Anyway, I'll delete the files that IronDuke said and repost my log. I'm a little worried because if I delete all those files there really won't be much left!!

  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You removed Norton-Symantec/Zonealarm/Real Player/your printer/FTP-stuff/StarOffice and some other stuff.
    Your log LOOKS like a fresh install without any other programs added (yet), which made me suspicious.
    For all your efforts, it would probably have been easier to really do a fresh install.

    Anyway, after IronDuke's advised changes have been made, your PC is clean.
  8. PJPJ

    PJPJ TS Rookie Topic Starter

    OK, I fixed all the entries in my HJT log that IronDuke said to. I also re-installed my Antivirus and Acrobat Reader and set my homepage in MS Explorer to Strangely, I still don't see any entries listed when I press Control+Alt+Delete. Let's hope there are no more problems.

    I'm reposting my log for a final check, as IronDuke suggested. There are a lot more Running Processes than before.

    Thanks so much to IronDuke & realblack stuff for the help!!!!


    Attached Files:

  9. IronDuke

    IronDuke TS Rookie Posts: 856

    There's nothing there that shouldn't be. Once again it seems uncharacteristicly brief.
    You need to put a firewall back.
    Try also Ewido
  10. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    IronDuke, don't forget that W98se never showed much in HJT to start with.

    PJPJ, the log is clean indeed.
    Stop using IE, except for Windows-updates.
    Get Firefox instead! from
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...