Thread: Problems...
View Single Post
Old 07-15-2005, 12:41 AM   #2 (permalink)
MicroBell
Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,963
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..

Well...you got a few infections...so lets try to take some out.

Download CWShredder http://www.greyknight17.com/spy/CWShredder.exe

Right click a blank part of your desktop & select New->Folder. Call it SPFix. Go to http://www.derbilk.de/404.html and download SpSeHjfix. Get the one that's specified for your Operating System. So if you have Windows 98, get the one that's listed for Windows 98.

Disconnect from the net and close all programs. Run SpSeHjfix and click on 'Start Disinfection'. When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

Now run the CWShredder and hit the Fix button.

Reboot the PC.

Please download nailfix at one of these locations…
http://www.noidea.us/easyfile/file.p...50515010747824
http://users.pandora.be/bluepatchy/nailfix.exe

Unzip it to the desktop (If you got the exe..don't run it yet)but do NOT run it yet.

Reboot into safe mode.

Go to Start->Run and type Services.msc then hit Ok

Scroll down and find the service called: System Startup Service (SvcProc)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows


Now double-click on Nailfix.cmd in that Nailfix folder (or the exe). Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.


Run hijackthis and fix the following (If still listed)...


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Andy\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {FE9D850F-7548-4677-B4B1-3A2A0E3D6D25} - C:\WINDOWS\System32\igan.dll (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

C:\WINDOWS\svcproc.exe <--delete that file
C:\WINDOWS\System32\igan.dll <--delete that file

Now reboot back to normal mode and post a new hijackthis log...and SpSeHjfix log from the first tool.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!





Spyware/Adware Removal Tools
Hijackthis
Ad-aware SE
Spybot Search&Destroy
SpywareBlaster
CWShredder
MicroBell is offline