Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi People hope your all ok?
Ok my problem is my internet explorer browser keeps loading up pop ups all on its own, i am an aol user and dont use explorer. It tries to load them even when im not online as in the task management screen (proceses) it keeps coming up with iexplore. I have read all the posts on same subject and have done all the things you mention, like spyware etc.. And still no joy, its at the stage where my computer is running emensley slow and when on the internet about every 5mins the same pop ups apear, they are basically ones saying u have won this etc.. etc.. Im going nuts over this proplem and i would greatly appreciate any advice or suggestions you have as im at a loss. Im not very computer iliterate but i have included my hijackthis log so if anyone knows where the problem is and what i should do that would be appreciated, the problem started yesterday after i caught my little brother and his m8s looking at adult sites, hope someone can help many thanx
aLogfile of HijackThis v1.97.7
Scan saved at 06:05:22, on 19/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\windows\system32\mscolour.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\CTHELPER.exe
C:\Program Files\Agfa\AgfaCam\AgfaCLnk.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\WINDOWS\TVTMD.exe
C:\windows\system32\win32us.exe
C:\windows\system32\win32gb.exe
C:\windows\system32\mscnt.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\KMaestro\WTS_KEY.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\AOL 7.0\waol.exe
C:\unzipped\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesten.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesten.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://thesten.com/main/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesten.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.rightfinder.net/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=27D4DC52-180F-4D4E-B48C-3F1AB5538CD6&version_id=18
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hairy Bollocks
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.rightfinder.net/search/
F1 - win.ini: run=c:\windows\system32\mscolour.exe
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DNSErr object - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\WINDOWS\DNSErr.dll
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {c08527ab-9984-4a1c-a47f-4e1809938d39} - C:\DOCUME~1\Sputnik\APPLIC~1\kwsoafooss.dll (file missing)
O3 - Toolbar: ldreestoanq - {5eff70bd-8815-4ff4-b11b-3f0b842d0c4d} - C:\DOCUME~1\Sputnik\APPLIC~1\kwsoafooss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Program Files\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
O4 - HKLM\..\Run: [win32us] c:\windows\system32\win32us.exe /noconnect
O4 - HKLM\..\Run: [win32gb] c:\windows\system32\win32gb.exe /noconnect
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Sputnik\LOCALS~1\Temp\DELDIR0.exe" "C:\Program Files\McAfee\McAfee Shared Components\Central"
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install026.exe
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_42/QDow.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF99973C-1404-11D0-8F00-00AA00BBF119} (ESB Control) - http://esb.alcena.com/esb.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6E80C10-13FC-4658-8D2B-EF26E310FE8A}: NameServer = 195.93.49.134
O19 - User stylesheet: C:\WINDOWS\my.css
Untill someone can lookup all the porn stuff that needs to be deleted with HiJack this, try running CWshredder.exe once and see if it can remove some of it. Then download a new copy of AD-Aware_v6 and install it and then update it online and run a full scan and delete all the items it finds, reboot and run it again.
0 
Hi Jack thanx for response, i have now done that but they are still appearing. They are not porn pop ups just things saying u have won certain prizes etc.. and a msn one with all the smiley msn chat ickons. I have done all you said and have taken another hijackthis log so if anyone knows what shouldnt be there or has any other suggestions that would be so appreciated. Many kind regards
Logfile of HijackThis v1.97.7
Scan saved at 14:16:59, on 19/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\windows\system32\mscolour.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\CTHELPER.exe
C:\Program Files\Agfa\AgfaCam\AgfaCLnk.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\KMaestro\KMaestro.exe
C:\MMaestro\BWheel35.exe
C:\WINDOWS\TVTMD.exe
C:\windows\system32\win32us.exe
C:\windows\system32\win32gb.exe
C:\windows\system32\mscnt.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\KMaestro\WTS_KEY.exe
C:\Program Files\AOL 7.0\aoltray.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\unzipped\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=27D4DC52-180F-4D4E-B48C-3F1AB5538CD6&version_id=18
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hairy Bollocks
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.freeserve.com/
F1 - win.ini: run=c:\windows\system32\mscolour.exe
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\ieasst.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {c08527ab-9984-4a1c-a47f-4e1809938d39} - C:\DOCUME~1\Sputnik\APPLIC~1\kwsoafooss.dll (file missing)
O3 - Toolbar: ldreestoanq - {5eff70bd-8815-4ff4-b11b-3f0b842d0c4d} - C:\DOCUME~1\Sputnik\APPLIC~1\kwsoafooss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)
O3 - Toolbar: (no name) - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Program Files\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [TVTMD] C:\WINDOWS\TVTMD.exe
O4 - HKLM\..\Run: [win32us] c:\windows\system32\win32us.exe /noconnect
O4 - HKLM\..\Run: [win32gb] c:\windows\system32\win32gb.exe /noconnect
O4 - HKLM\..\Run: [Mscnt] c:\windows\system32\mscnt.exe /noconnect
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Mscolour] c:\windows\system32\mscolour.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Sputnik\LOCALS~1\Temp\DELDIR0.exe" "C:\Program Files\McAfee\McAfee Shared Components\Central"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF99973C-1404-11D0-8F00-00AA00BBF119} (ESB Control) - http://esb.alcena.com/esb.ocx
0
Your system is full of spyware. Go here:
http://www.pacs-portal.co.uk/startup_pages/startup_full.php
and check against items marked against 04 in your log. Fix any lines that are spyware.
In addition, this line looks suspicious:
F1 - win.ini: run=c:\windows\system32\mscolour.exeIf you do not know what this is then I would recommend to fix that line.
0
Hiya thanx for the post, i went to the website but didnt understand where to find the information about the 04 lines. I had a look around there forums aswell and also posted another msg there but no one has replied. But i have now installed spyware blaster but am still getting the pop ups. I appreciate your help. Do you have any other ideas by any chance?
0
Hi it seems to be working fine now, thank you ever so much for your help as i would have been at a loss if you hadent pointed me in the right direction. Thanx again take care
0
HELP. IE Internet Options to reset my default homepage is GRAYED OUT!! AND..there's this different page for my homepage,default-homepage-network.com. I ran sypbot, fixed probs on it, it's already on the 'Lock startup/homepage changes'..ran The Cleaner, Tried to download HijackThis, gave me an error msg after I did, so cant use it...HELP!
0
close win32gb.exe with the task manager, it souns like you have the startpage d. java trojan, i had that virus a few days ago
and these files were also infected:
C:/WINDOWS/SYSTEM/27853029.exe:-Infected with: Startpage D.
C:/WINDOWS/SYSTEM/Lexbac.exe infected with: downloader Lexbac.A
C:/WINDOWS/SYSTEM/Lexbacc.exe infected with: downloader LexupA
C:/WINDOWS/SYSTEM/66079348.exe infected with: Trojan Horse Startpage D.
C:/WINDOWS/SYSTEM/Win32gb.exe infected with: downloader Dluca H.
C:/WINDOWS/SYSTEM/winpup.exe
infected with: Trojan Horse Startpage D.I hope that helps, i used AVG 6.0 free edition to get rid of the virus
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
