Tech Support Forum - View Single Post

MicroBell · 05-31-2005, 07:43 PM

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..

If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the “autoclean” option when prompted to do so.

Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK..

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove MaxiFiles if listed. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\WINNT\system\astcg.exe

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.maxifiles.com/toolbar/si...id=%AffiliateID
R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll
O2 - BHO: (no name) - {31001E19-CDF4-AF30-9AD2-9C90C8004650} - C:\WINNT\cdmweb\fuisdkrlqj.dll
O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteotd32.exe
O4 - HKLM\..\Run: [wyhvhc] C:\WINNT\system32\wyhvhc.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe

Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directorys..ect enabled if it applys to your OS)

C:\winnt\system32\eliteotd32.exe
C:\WINNT\system32\wyhvhc.exe
C:\WINNT\cdmweb\fuisdkrlqj.dll
C:\Program Files\MaxiFiles\maxifiles.dll
C:\WINNT\VCMnet11.exe
C:\WINNT\system\astcg.exe
C:\Program Files\Common Files\mc-58-12-0000079-d.exe

Once done...reboot into normal mode and proceed with the next step.

Download ewido security suite from here… http://www.ewido.net/en/download/

Update it’s database from here.. http://www.ewido.net/en/download/updates/

Run a scan and let it clean the PC. Post a new hijackthis log when complete.

05-31-2005, 07:43 PM	#2 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,963 OS: Windows 7	Hi and Welcome to TSF Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log….. If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the “autoclean” option when prompted to do so. Open My Computer-->Tools-->Folder Options-->View-->Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files and click YES and then OK.. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove MaxiFiles if listed. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure) C:\WINNT\system\astcg.exe Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.maxifiles.com/toolbar/si...id=%AffiliateID R3 - URLSearchHook: MaxiFiles - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\MaxiFiles\maxifiles.dll O2 - BHO: (no name) - {31001E19-CDF4-AF30-9AD2-9C90C8004650} - C:\WINNT\cdmweb\fuisdkrlqj.dll O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteotd32.exe O4 - HKLM\..\Run: [wyhvhc] C:\WINNT\system32\wyhvhc.exe O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000079-d.exe Delete the following Files/Folders in RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directorys..ect enabled if it applys to your OS) C:\winnt\system32\eliteotd32.exe C:\WINNT\system32\wyhvhc.exe C:\WINNT\cdmweb\fuisdkrlqj.dll C:\Program Files\MaxiFiles\maxifiles.dll C:\WINNT\VCMnet11.exe C:\WINNT\system\astcg.exe C:\Program Files\Common Files\mc-58-12-0000079-d.exe Once done...reboot into normal mode and proceed with the next step. Download ewido security suite from here… http://www.ewido.net/en/download/ Update it’s database from here.. http://www.ewido.net/en/download/updates/ Run a scan and let it clean the PC. Post a new hijackthis log when complete. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder