Re: Browser HiJack-Help

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: H Leboeuf (NoAddress_at_generation.invalid)
Date: 06/27/04 

Date: Sun, 27 Jun 2004 09:06:56 -0400

The reason the Desktop get the temp files is because you have installed
HighjackThis in your Desktop folder.
Create a new folder C:\HJT ( or any other drive) and place the .exe file
there. Run it and all will be well. You can then clean your desktop. The
forum expert will ask you to do just that. So get head of the game. 

-- 
Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===
<anonymous@discussions.microsoft.com> wrote in message
news:2173901c45bc2$66553620$a601280a@phx.gbl...
> Thgis helped initially but I'm still not clean. I've run
> the whole procedure twice now and posted my results. Even
> ran CWS to be sure. I have noticed that this nasty thing
> causes HJT to create a backup of every file you delete.
> It plants them on the desktop. I delete those too before
> rebooting. Still, it doesn't take long for it to
> reactivate.
> Alice
> >-----Original Message-----
> >Thanks very much. I did post my log there yesterday but
> >they are truly swamped. I will do as you sggest./ At
> >least I feel like I'm trying to fix it.
> >>-----Original Message-----
> >>The normal procedure with CWShredder do not work on
> this
> >new nasty variant.
> >>
> >>Post your log at the forum. They are very busy with
> this
> >new infection.
> >>
> >>The correct way is to first to remove  these 02 and 04
> >entries.
> >>Note that xxxx.exe are random files created by the
> >malware. They are
> >>different on each computer.
> >>
> >>Run HijackThis again and place a check beside each of
> >the following items.
> >>Once done click the fix checked button.
> >>
> >>O2 - BHO: (no name) - {5E42E71F-1508-1D07-6338-
> >29CE7B59941D} -
> >>C:\WINDOWS\system32\xxxxx32.dll
> >>O4 - HKLM\..\Run: [xxxxx.exe] C:\WINDOWS\system32
> >\xxxxx.exe
> >>
> >>
> >>You will be asked to:
> >>
> >>Download About:Buster from either of the following
> >locations.
> >>
> >>http://www.atribune.org/downloads/AboutBuster.zip
> >>http://tools.zerosrealm.com/AboutBuster.zip
> >>
> >>
> >>Run AboutBuster.exe, click OK, then start, then OK.
> This
> >will scan your
> >>computer for the files responsible for hijacking your
> >home and/or search
> >>settings/page.
> >>
> >>Reboot and post a new HijackThis log along with the
> >report from
> >>About:Buster.
> >>
> >>With these instructions they will suggest the correct
> >files to be remove.
> >>
> >>Note also that you must not have any other infections
> >otherwise CWS will not
> >>be removed. These infections if present must be cleaned
> >first. Only your log
> >>will show if you still have anything to remove.
> >>
> >>-- 
> >>
> >>Henri Leboeuf
> >>Web page: http://www.colba.net/~hlebo49/index.htm
> >>===
> >>
> >>"AliceH" <anonymous@discussions.microsoft.com> wrote in
> >message
> >>news:2112201c45ac4$376da940$a601280a@phx.gbl...
> >>> This is what I have done . Have been struggling with
> >this
> >>> since Tuesday. offending page address is
> >>> res:hgvwq.dll/index.html#12802. I followed these
> >>> instructions from HiJack This to which I was referred
> >by
> >>> other newsgroup posters.
> >>> - Start the system in safe mode.
> >>> - Delete the appropriate DLL
> >>> - Open HiJack This and get rid of anything that does
> >not
> >>> belong.
> >>> - Change your startup page in IE back to normal.
> >>> - Run CWS Shredder just in case
> >>>
> >>> Cleared temporary internet files, cookies, etc.
> >>> - Restart to normal mode.
> >>> - Check for the DLL again, if it reapears delete it.
> >>> - Run HiJack This again - there should be minimal
> >changes
> >>> from the spyware this time (I had only two registry
> >>> entries changed).
> >>> - Open up IE and give it a go. After you open it up,
> >>> check HiJack this for trails of spyware"
> >>>
> >>> This does not work for me. I have also done it with
> >>> system restore off. This morning I finally got
> through
> >to
> >>> McAfee support. They had me scan, shutdown, disconnect
> >>> from internet, boot up, scan again with ie open. Nada.
> >>> When I went back to their e-ticket I was sent to MSN.
> >I'm
> >>> not a subscriber so I've popped back here. My last
> >>> critical upadate patch was installed on Wednesday.
> This
> >>> is serious. It's not even allowing me to get to sites
> I
> >>> do want to frequent. Please help.
> >>> Alice
> >>>
> >>
> >>.
> >>
> >.
> >

Relevant Pages

  • Re: Browser HiJack-Help
    ... These infections if present must be cleaned first. ... > instructions from HiJack This to which I was referred by ... > Cleared temporary internet files, cookies, etc. ... > - Check for the DLL again, ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: CWS..It Is All True
    ... Good to know the guys at spyware info are working on it. ... >>out there.With regards to the new CWS variant.I can ... >>alerted me to an attempted registry alteration.I denied ... >>The hijack took place,nonetheless.All Javacool's ...
    (microsoft.public.windowsxp.security_admin)
  • Re: cwshredder says to remove msjava.....
    ... Download "Hijack This!" ... Unzip the Download file in a NEW FOLDER that you can create before you start ... DO NOT install in your Desktop folder. ... Cws says to remove ms java to prevent it from ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • CWS..It Is All True
    ... out there.With regards to the new CWS variant.I can ... alerted me to an attempted registry alteration.I denied ... the change.I am also running Spyware Guard.Believe ... The hijack took place,nonetheless.All Javacool's Spyware ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Hijacked home page
    ... > My home page has been hijacked by CWS, and I cannot get rid ... > I have used Adaware.Spybot, CWS Shredder, Spyware Doctor and Spyware ... Maybe you should try Hijack ...
    (comp.security.misc)