Please check my Hijackthis log

By Martini
Apr 6, 2009
  1. I followed the 8 steps.

    When I did a scan with Avira, it found TR/Crypt.XPACK.Gen
  2. touch

    touch TS Rookie Posts: 978

    Hello Martini

    Run a scan with HijackThis. Check the following and hit 'Fix checked'
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O20 - AppInit_DLLs:

    Reboot to safe mode ->
    Restart your computer.
    When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows Xp Advanced Options menu.
    Select the option for Safe Mode using the arrow keys.
    Then press enter on your keyboard to boot into Safe Mode.

    Find and delete this folder:
    C:\Program Files\Search Settings

    Reboot normally. Attach fresh hijackthis log, and tell where TR/Crypt.XPACK.Gen are found - Filename and location ? Also tell how your computer are running.
  3. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Did all of the above.

    I attached the log from the Avira scan I did before I started this thread.

    It seems to be running fine both before and after I made the above changes.

    Thank you so much!
  4. touch

    touch TS Rookie Posts: 978

    Sounds good :)

    Click Start, point to Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.
    Click the drive you want to scan, and wait while the program calculates how much disk space is available for cleanup.
    To delete obsolete files, click the Disk Cleanup tab, select the check boxes of the files that you want to remove, click OK, and then click Yes.

    I suggest you read Tony KleinĀ“s article :
    So how did I get infected in the first place ->

    If you have any comments or questions, feel free to post back
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...