Hijacker help please.

undefinedundefined

Hi. As a new member to the forum I am desperate for help. I have read through so many answers left by Pieter from Holland and so many others as well. But after deleting the c_10230.dll and spad, my computer still wont access the internet. Basically, I cant download any of the fixes that have been recommended. I have Norton Internet Security 2004, Norton Antivirus 2004, Adaware 6, Spybot search and Destroy, and SpyKiller on my computer but none have sorted the problem either. I think there is a registry problem but without accessing the internet I am stuck !! Is there anything that anone can help me with or should I just re-load XP again ? Aside from that, can anyone recommend another web browser that is immune to all these problems ?? Thanks for any help that you can give.

Nick

 

Hi Tyreabusa,

Twpo programs you ca try. Download them to floppy and run them on the infected computer.

Download and run: CWShredder
http://www.computercops.biz/zx/phoenix22/cws.zip
Use the Fix button and follow the instructions you will receive.

Download and run:
http://www.hometownohio.com/faq/files/WinsockXPFix.exe

If that does no help, in IE click Tools > Internet-options > Connections tab > LAN settings > remove the checkmark for the proxy if prsent
And one the Programs tab click Reset Websettings.

Regards,

Pieter

 

Thanks for the help Pieter but neither CW shredder or Winsockfix helped. I reset the settings on IE but that hasnt had any effect at ell either. I still cant get onto the internet but this is the strange thing. When I click to open IE, it searches for the home page and after a while it states "the page cannot be displayed ( or any page at all ) . I then cant close the IE page by using the red cross at top of page. It takes about 8 clicks to close the page. What I did notice is that while it was searching for the page, another site was diplayed in the bottom of the screen and that downloaded ! I think there must be something on my computer allowing illicit software to load but not official pages. Would that make sence ?? Just run adware 6 again and nothing was found. I am using a D-Link wireless router with firewall built in. I can access the admin page for the router. CW Shredder came up with a window when it had finished saying "Runtime error 53".

 

It does make sense, yes. Were you able to update AdAware?
In other words, can that sort of contact be made as well?

Click > Start > Run > copy&paste regedit /e c:\prefixes.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\URL\Prefixes"

This will produce the file c:\prefixes.txt
Can you post what is says?

Regards,

Pieter

 

I cant copy and paste it as I am using my lap top for these messages but here's what it says:

ab (default) reg_sz ( value not set )
ab FTP reg_sz ftp://
ab gopher reg_sz gopher://
ab home reg_sz http://
ab mosaic reg_sz http://
ab www reg_sz http://

Adaware could not be updated. Nothing can be updated as IE wont allow access. Thanks for your time Pieter.

Nick

 

Now I'm stuck.

To get the facts straight.

-The internet connection was broken (when? Any ideas on how it happened are welcome. It is not in CWS's interest to take you offline. They make money by getting you to places you would normally not want to go)
-You tried to remove CWS files, but that didn't help.
-We have tried CWShredder and WinsockFix and checked all the IE settings I could think off.
-You can get to the admin page of the router so it's not a network problem. You did check if the properties of the internet connection were all still as required?

Regards,

Pieter

 

The internet connection was broken when I received a hijacker. As soon as I got it I couldnt search for anything else. Even changing the address to search didnt allow progress. The address bar on Control Panel was stuck on the hijacker address.. I have lately received jsconsole.dll, c_10230.dll and Spad. NAV got rid of JS Console but wont remove C_10230. Nor will any other programme that I have. I went in and removed the Spad file in C:/Spad as suggested.

Email settings are OK although I have just found out that I cant send or receive email either. Am I getting close to throwing the computer out the window or should I re-install XP ?

 

Pieter,

I ran Bill James registry search that I found on another thread and its found 2 jsconsole.dll files !!!! How do I get rid of them ?? Is this causing the problem ??

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "jsconsole.dll" 23/06/2004 20:08:10

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D158B6-2E9F-4774-8BBF-713F760D74A0}\InprocServer32]
@="C:\\WINDOWS\\System32\\jsconsole.dll"

[HKEY_USERS\S-1-5-21-507921405-1935655697-854245398-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="jsconsole.dll"

Thanks,

Nick

 

Pieter I give up ! I just reloaded XP in the hope that it would cure the problem but no change at all !!

HELP ,

Nick

 

jsconsole was part of the problem, but I don't think it was cause for not being able to connect.

What do you mean exactly by reloaded XP?

Regards,

Pieter

 

I took the XP c/d and reloaded it. I thought it would re load IE , reset the registry and cure the problem but no difference !

 

Can you get a HijackThis log out of that thing?

http://home.planet.nl/~kleyn080/hijackthisexplanation.html

Download it to a floppy and save the log to the same floppy.

Regards,

Pieter

 

Pieter,

I'd like to thatnk you so much for your help but I'm afraid I just dont have any more time to deal with this problem, so I'm taking the computer to my local dealer to sort out. All the help you have given has been spot on in finding the hijackers and has been most appreciated. One last question. What can I do to stop the hijackers getting to me again ?? I run IE6 with XP service pack 1, NAV, NIS, hardware firewall.......is there a deifinate fix ??

Nick

 

A definite fix, no, but please read: Why did I get infected in the first place

It worked for me sofar.

Regards,

Pieter