patchyoursystem.com

Status
Not open for further replies.
D

davio

Posts: 8   +0
Hey there,
I have this awful problem where somesort of trojan or spyware program has glued itself to my internet explorer. Everytime I start it up, it redirects me to patchyoursystem.com! It's killing me!

Well anyways, it sends some sick ads and stuff of that sort. If anyone could help me remove this atrocious beast, I'd appreciate it!

Thanks in advance,
Davio
 
Could you please post a Hijack This log as a txt attachment so that we can have a look what's there.
 
ok, according to this thread here (have a read of it as well) i would suggest removing the following:

...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL....
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL ....
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar ....
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar ....
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page ....
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext ....
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - ....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - .....
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - ....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - ....
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - ....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - ....
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - ....
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - ....
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - ....
...................................................................................................


you might need to download the following if you haven't already done so:
LSP Fix from here


and GET FIREFOX

If i were you i would wait until someone with more experience backs me up but the above should be what needs to be deleted. :grinthumb:

GET FIREFOX
 
boot into safe mode, disable system restore, and open task manager...

end the following if running
weather.exe
BearShare.exe

go to add/remove programs, and uninstall anything to do with
weatherbug

run hjt, and fix (check the square box next to the appropriate entry. When done, hit the fix button) the following entries...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us7.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpB387.tmp
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\adwarealert.Exe -boot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

ALL 016 entries

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Delete all files above that have been made bold. Where a directory has been made bold, delete the whole directory.

delete the contents of
C:\windows\prefetch
C:\windows\temp (except for those files with todays date, ie, 15th october (as was before mindignt) or 16th october)
C:\Documents and Settings\[username]\Local Settings\Temp (repeat for each username on the computer)

Clear your temporary internet files and cookies.

when done, reboot, scan your computer with HJT, and post a fresh log.
 
he he. No guarentee I got them all (though I firmly believe I did, minus some of the spyware removal apps that weren't specifically nasty). I'm confident I did though.
 
Sorry to put a damper on your spirits!

Uninstall this crap as well:
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
 
Ah. So it IS spyware. I did think it was a little dubious, but a quick ggogle (not that I looked too deeply) told me that it was legit. (Though I wass still dubious).

Again, we live and learn. thanks :)
 
Thanks for everyones help. I finally removed this beast, this awful beast! It required evido, safe moding, and all that other crap. I'm just glad my Internet Explorer no longer goes to patchyoursystems.com

Again thanks to everyone who helped :)
 
Status
Not open for further replies.

Similar threads

Julio Franco
Why Twitch fans donate money to wealthy streamers
Replies
21
Views
4K
TheDreams
TheDreams
Julio Franco
I've played 30 hours of Metal Gear Solid V: The Phantom Pain and it's friggin' great
Replies
10
Views
3K
fimbles
fimbles
G
Inactive Task Manager not working all of a sudden
Replies
15
Views
3K
Jay Pfoutz
Jay Pfoutz

Latest posts

Back