PPRuNe Forums - View Single Post - E-Liam - another hijack if you have time
Thread: E-Liam - another hijack if you have time
View Single Post
Old 24th Jan 2005, 19:51
  #3 (permalink)  
E-Liam
 
Join Date: Jan 2004
Location: Bracknell UK
Posts: 357
Likes: 0
Received 0 Likes on 0 Posts
Hi Ausatco,

Your suspicions are correct, re the 01 and 08.. :ok: :)

You'll notice that I've highlighted Messenger+ to be fixed. Unless you know for sure that you took the option of not allowing their sponsor to also download Lop with the Messenger download, then get rid of it, and reinstall, making sure NOT to load anything except the Messenger program itself.

The first thing you need to do, is to place Hijack This in it’s own folder (e.g. C:\HJT\….) so it can generate backup files to the same folder; needed should an entry be accidentally deleted. Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hllldqpjnfowqzxsmoed.com...br /> MlbSH.php

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: (no name) - {AA84E9F2-248C-BA21-67B6-FB36144A5C0F} - C:\DOCUME~1\Hammond\APPLIC~1\PINGFI~1\bend gpl.exe

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [OSS] c:\winnt\system32\ossproxy.exe -boot

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-au\msnappau.exe"

O4 - HKLM\..\Run: [live each vc load] C:\Documents and Settings\All Users\Application Data\isopopliveeach\Two spam.exe

O4 - HKCU\..\Run: [GrimBird] C:\DOCUME~1\Hammond\APPLIC~1\GLOBAL~1\vc rdr drv.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm300

O14 - IERESET.INF: START_PAGE_URL=http://www

Next, please double click on the My Computer icon on the desktop. Go to Tools | Folder Options, click on the View tab and make sure that Show hidden files and folders is checked. Also uncheck Hide protected operating system files. Now click Apply to all folders, then click Apply then OK.

Then boot into safe mode, (see here for info if needed) and delete the entire contents of the C:\Windows\Temp (or C:\WINNT\Temp) folder, but not the folder itself. Next please find and delete the following bolded files...

c:\winnt\system32\ossproxy.exe

..and these folders...

C:\Program Files\MyWay

C:\DOCUME~1\Hammond\APPLIC~1\PINGFI~1

C:\Program Files\Messenger Plus! 3

C:\Documents and Settings\All Users\Application Data\isopopliveeach

C:\DOCUME~1\Hammond\APPLIC~1\GLOBAL~1

Then please boot back into normal mode and download AdAware SE from here.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
· Automatically save log-file
· Automatically quarantine objects prior to removal
· Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :
· Scan Within Archives
· Scan Active Processes
· Scan Registry
· Deep Scan Registry
· Scan my IE favorites for banned URL’s
· Scan my Hosts file

· Under Click here to select drives + folders, choose:
· All of your hard drives | Proceed

3. Click on the Advanced button on the left and select:
· Include additional process information
· Include additional file information
· Include environment information

4. Click the Tweak button and select:
· Under the Scanning Engine:
· Unload recognized processes & modules during scan
· Include additional Ad-aware settings in logfile
· Under the Cleaning Engine:
· Let Windows remove files in use at next reboot

5. Click on Proceed to save the settings.

6. Click Start and on the next screen choose:
· Use Custom Scanning Options

7. Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Next, please reboot again and download Spybot - Search & Destroy 1.3 from here: if you haven't already got the program.

Click on Updates | Download Updates, and follow the prompts.

Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.

Next reboot and go here, and run the online virus scan; choosing the Autoclean option just before clicking the Scan button.

Next, download and run CCleaner. If you have certain cookies you want to retain, then click on the Options button before running, and move across the ones that you want to keep...

Then please post a new log for a final once over. :)

Cheers

Liam
E-Liam is offline