Help ! find4u has got me.

Computing.Net > Forums > Security and Virus > Help ! find4u has got me.

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Help ! find4u has got me.

Name: deedlane
Date: February 3, 2004 at 01:09:17 Pacific
OS: windows me
CPU/Ram: inlel(r) celeron (tm) pro

Comment:

Hi, i am a new computer user and have been taken over by find4u, i would appreciate any help in gitting rid of this.
Many thanks

Sponsored Link

Ads by Google

Response Number 1

Name: Imp
Date: February 3, 2004 at 02:08:10 Pacific

Reply:

Hello Deedlane,
Find4u is a trojan horse...
I suggest you download Trojan Remover 6.16 this program is a 30 days trial freeware, but fully updated.
Read well the "helpme" file to use correctly the two scans provided by the program, one to check your memory RAM, second one to hunt, detect and eradicate the worm hidden somewhere into your hard drive.
Good Luck

Response Number 2

Name: Valerie (by Garibaldi)
Date: February 3, 2004 at 12:44:06 Pacific

Reply:

Install an anti-hijack prog like Browser Hijack Blaster or use Spybot S&D to lock your homepage setting otherwise you will be hijacked again & again.
Good luck
V...

Response Number 3

Name: Abnormal
Date: February 3, 2004 at 13:24:05 Pacific

Reply:

Hi deedlane, download cwshredder and
double click to open it, click fix->
and let it clean, exit the program and
restart your computer.
cwshredder.exe
Good luck

abnormal

Response Number 4

Name: deedlane
Date: February 5, 2004 at 09:05:40 Pacific

Reply:

many thanks for your replies.
Tried cwshredder & trojan remover, trojan remover found a thing called JEEM, cw removes 4 or 5 things, but find4u comes back when i reboot.
Have downloaded hijackthis and obtained log file would this be of use.
many thanks

Response Number 5

Name: Abnormal
Date: February 5, 2004 at 10:06:41 Pacific

Reply:

Post your log, we will find the problem.
I have an idea, but the log will tell more.

net md walkman mz-ne410 software e5d141.tmp virus pchealth	mdm7 works calendar file net.exe net1.exe
See More

Response Number 6

Name: Abnormal
Date: February 5, 2004 at 18:46:56 Pacific

Reply:

Having problems posting your log?
Instructions here.

Response Number 7

Name: deedlane
Date: February 6, 2004 at 08:54:08 Pacific

Reply:

Thanks for advice
Log enclosed
Logfile of HijackThis v1.97.7
Scan saved at 16:53:11, on 06/02/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMON98.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\SYSTEM\SBMX.exe
C:\WINDOWS\SYSTEM\EUSEXE.exe
C:\PROGRAM FILES\INTEL\INTEL(R) ACTIVE MONITOR\IMONTRAY.exe
C:\WINDOWS\SYSTEM\PROMON.exe
C:\PROGRAM FILES\SONNETECH\COLORIFIC\PROGRAM\HGCCTL95.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.exe
C:\PROGRAM FILES\HACE\CONTROLFREAK\WCFMAN.exe
C:\WINDOWS\SYSTEM\CTFMON.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe
C:\PROGRAM FILES\PREVENTON\PERSONAL FIREWALL\PFWALL.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\WINDOWS\TEMP\~E5D141.TMP
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net/indexa.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.btinternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SBMX] C:\WINDOWS\SYSTEM\sbmx.exe
O4 - HKLM\..\Run: [ICH Synth] eusexe.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.exe
O4 - HKLM\..\Run: [Cosmi Firewall] C:\PROGRAM FILES\COSMI\FIREWALL\firewall.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.exe
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [IMON] C:\Program Files\Intel\Intel(R) Active Monitor\imon98.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.exe
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ControlFreak] C:\Program Files\HACE\ControlFreak\WcfMan.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: Preventon Personal Firewall.lnk = C:\Program Files\Preventon\Personal Firewall\PFwall.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.btinternet.com/
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38017.1478240741

Response Number 8

Name: Abnormal
Date: February 6, 2004 at 10:54:50 Pacific

Reply:

Put a check mark next to these, click
"fix checked" next reboot, restart.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/indexa.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net/indexa.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/indexa.htm
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.exe
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
Run cwshredder again, good luck.

abnormal

Response Number 9

Name: deedlane
Date: February 9, 2004 at 03:22:54 Pacific

Reply:

dear abnormal
followed your instructions and find4u is no more.
many thanks for the advice.

Response Number 10

Name: Abnormal
Date: February 9, 2004 at 09:22:55 Pacific

Reply:

Thank you for posting back, recently people are not posting back to my answered posts, I do not have
these problems and a follow up may keep me helping. Glad it worked for you..

Follow some tips under my name, to stay safe.

Good luck

abnormal

Sponsored Link

Ads by Google

Switch Off Norton 2003 Sc...

Help to remove spyware

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Help ! find4u has got me.

Finf 4u has got me

Summary

www.computing.net/answers/security/finf-4u-has-got-me/11082.html

find4u has me

Summary

www.computing.net/answers/security/find4u-has-me/9253.html

web coders, ever heard of this?

Summary

www.computing.net/answers/security/web-coders-ever-heard-of-this/11304.html

From the Geek Dictionary
Freeware - Freeware refers to software that is distributed and available for use at no...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Do we need another router?

Monitor all white

Windows Shells

Vundo Crashed Computer

Help for a Noob

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE