Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [FIXED] My Hijack log

[Fixed] Hijackthis! Logs - [FIXED] My Hijack log posted in the Security & Safety forums; I have some sort of hijacker. I get alerts that thnall is trying to do something along with aurareco.exe. All from a temp file....

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 08-04-2005
Wes-o's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 20
Wes-o - See this Members User comments on their Profile page
Send a message via Yahoo to Wes-o
Default [FIXED] My Hijack log
I have some sort of hijacker. I get alerts that thnall is trying to do something along with aurareco.exe. All from a temp file.
Attached Files
File Type: txt hijackthis84.txt (10.0 KB, 2 views)


  #2  
Old 08-04-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: My Hijack log

Let's see if whe can clean that up.


First download nailfix:

Nailfix


Then before using Hijack This Can you please do this for me:


Show hidden files and folders:


For XP:

1.On the Tools menu in Windows Explorer, click Folder Options.
2.Click the View tab.
3.Under Hidden files and folders, click Show hidden files and folders.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.



Then disable system restore to prevent re-infection.
(if you have/use it.)
(you can turn it back on when youre pc is clean).


How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.


And then do some pre-work clean up


In safemode: (hit f8 when booting up)

empty the C:\windows\prefetch folder ,
empty the c:\windows\temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files folder EXCEPT the content.ie5 folder (may be hidden).
(replace administrator with youre user name) and (replace windows with winnt if needed)

And close all instances of IE and OE ,then go to: Control Panel / Internet Options / General tab ,
Click the "Delete Files" button.
When prompted place a check in: "Delete all offline content", click OK. This removes the junk files such as downloaded files,
zero byte files created by Outlook Express and many other hidden files that reside in your cache.


Then still in safemode , run the nailfix and after that fix these with hijackthis:


e:\windows\system32\auttude.exe
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\Nail.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\uqcqo.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: MapQuest Toolbar - {4E7BD74F-2B8D-469E-A0EC-FE6EA084B77D} - E:\PROGRA~1\mqtbar2\mqtbar2.dll
O3 - Toolbar: MapQuest Toolbar - {4E7BD74F-2B8D-469E-A0EC-FE6EA084B77D} - E:\PROGRA~1\mqtbar2\mqtbar2.dll
O4 - HKLM\..\Run: [qxzzjoe] e:\windows\system32\auttude.exe r
O4 - HKCU\..\Run: [LDM] \Program\
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O23 - Service: System Startup Service - Unknown - e:\windows\SvcProc.exe




Then delete these from youre windows folder:

Nail.exe
SvcProc.exe

And delete this one from youre windows/system32 folder:

auttude.exe



After that re-boot and please post a new log.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #3  
Old 08-06-2005
Wes-o's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 20
Wes-o - See this Members User comments on their Profile page
Send a message via Yahoo to Wes-o
Default Re: My Hijack log
Here's my latest log.
Attached Files
File Type: txt hijackthis81045.txt (10.5 KB, 2 views)


  #4  
Old 08-06-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: My Hijack log

There is more bad stuff in there then the firts log.. Can you please post a new log with the latest version of hijackthis , to make sure it doesn't mis anything?
See for a link below.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #5  
Old 08-07-2005
Wes-o's Avatar
Bronze Member
  
Join Date: Jun 2005
Posts: 20
Wes-o - See this Members User comments on their Profile page
Send a message via Yahoo to Wes-o
Default Re: My Hijack log
Okay. Here it is.
Attached Files
File Type: txt hijackthis8732.txt (11.6 KB, 2 views)


  #6  
Old 08-07-2005
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,044
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default Re: My Hijack log
Youve been busy! its alot cleaner and no more Nail infection

Im gona repeat a few things just to be sure:

Before using Hijack This Can you please do this for me:


Show hidden files and folders:


For XP:

1.On the Tools menu in Windows Explorer, click Folder Options.
2.Click the View tab.
3.Under Hidden files and folders, click Show hidden files and folders.
4.If you see a warning message, click Yes.
5.Click Apply.
6.Click OK.


Then disable system restore to prevent re-infection.
(if you have/use it.)
(you can turn it back on when youre pc is clean).


How to disable system restore:

WinXP.

Click the Start button.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.


And then do some pre-work clean up


In safemode: (hit f8 when booting up)

empty the C:\windows\prefetch folder ,
empty the c:\windows\temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temp folder ,
empty the C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files folder EXCEPT the content.ie5 folder (may be hidden).
(replace administrator with youre user name) and (replace windows with winnt if needed)

And close all instances of IE and OE ,then go to: Control Panel / Internet Options / General tab ,
Click the "Delete Files" button.
When prompted place a check in: "Delete all offline content", click OK. This removes the junk files such as downloaded files,
zero byte files created by Outlook Express and many other hidden files that reside in your cache.


Then still in safemode , fix these with hijackthis:


O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O2 - BHO: MapQuest Toolbar - {4E7BD74F-2B8D-469E-A0EC-FE6EA084B77D} - E:\PROGRA~1\mqtbar2\mqtbar2.dll (file missing)
O3 - Toolbar: MapQuest Toolbar - {4E7BD74F-2B8D-469E-A0EC-FE6EA084B77D} - E:\PROGRA~1\mqtbar2\mqtbar2.dll (file missing)
O4 - HKLM\..\Run: [wwqmwu] e:\windows\system32\kbbfxjc.exe r
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "E:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O20 - Winlogon Notify: Hints - E:\WINDOWS\system32\pprfproc.dll


Then delete from youre e:\windows\system32 folder:

kbbfxjc.exe
pprfproc.dll

And from youre E:\WINDOWS\Downloaded Program Files folder:

UWFX5LP_0001_0803NetInstaller.exe

Then reboot and post a new log please.







__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

« [FIXED]i need help!! | [Fixed] Please advise me on my HJT log! »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 10:18 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top