Hijacker help please.

Discussion in 'adware, spyware & hijack cleaning' started by Tyreabusa, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    undefinedundefined

    Hi. As a new member to the forum I am desperate for help. I have read through so many answers left by Pieter from Holland and so many others as well. But after deleting the c_10230.dll and spad, my computer still wont access the internet. Basically, I cant download any of the fixes that have been recommended. I have Norton Internet Security 2004, Norton Antivirus 2004, Adaware 6, Spybot search and Destroy, and SpyKiller on my computer but none have sorted the problem either. I think there is a registry problem but without accessing the internet I am stuck !! Is there anything that anone can help me with or should I just re-load XP again ? Aside from that, can anyone recommend another web browser that is immune to all these problems ?? Thanks for any help that you can give.

    Nick
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Tyreabusa,

    Twpo programs you ca try. Download them to floppy and run them on the infected computer.

    Download and run: CWShredder
    http://www.computercops.biz/zx/phoenix22/cws.zip
    Use the Fix button and follow the instructions you will receive.

    Download and run:
    http://www.hometownohio.com/faq/files/WinsockXPFix.exe

    If that does no help, in IE click Tools > Internet-options > Connections tab > LAN settings > remove the checkmark for the proxy if prsent
    And one the Programs tab click Reset Websettings.

    Regards,

    Pieter
     
  3. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    Thanks for the help Pieter but neither CW shredder or Winsockfix helped. I reset the settings on IE but that hasnt had any effect at ell either. I still cant get onto the internet but this is the strange thing. When I click to open IE, it searches for the home page and after a while it states "the page cannot be displayed ( or any page at all ) . I then cant close the IE page by using the red cross at top of page. It takes about 8 clicks to close the page. o_O What I did notice is that while it was searching for the page, another site was diplayed in the bottom of the screen and that downloaded ! I think there must be something on my computer allowing illicit software to load but not official pages. Would that make sence ?? Just run adware 6 again and nothing was found. I am using a D-Link wireless router with firewall built in. I can access the admin page for the router. CW Shredder came up with a window when it had finished saying "Runtime error 53". :doubt:
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    It does make sense, yes. Were you able to update AdAware?
    In other words, can that sort of contact be made as well?

    Click > Start > Run > copy&paste regedit /e c:\prefixes.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\URL\Prefixes"

    This will produce the file c:\prefixes.txt
    Can you post what is says?

    Regards,

    Pieter
     
  5. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    I cant copy and paste it as I am using my lap top for these messages but here's what it says:

    ab (default) reg_sz ( value not set )
    ab FTP reg_sz ftp://
    ab gopher reg_sz gopher://
    ab home reg_sz http://
    ab mosaic reg_sz http://
    ab www reg_sz http://

    Adaware could not be updated. Nothing can be updated as IE wont allow access. Thanks for your time Pieter.

    Nick
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Now I'm stuck.

    To get the facts straight.

    -The internet connection was broken (when? Any ideas on how it happened are welcome. It is not in CWS's interest to take you offline. They make money by getting you to places you would normally not want to go)
    -You tried to remove CWS files, but that didn't help.
    -We have tried CWShredder and WinsockFix and checked all the IE settings I could think off.
    -You can get to the admin page of the router so it's not a network problem. You did check if the properties of the internet connection were all still as required?

    Regards,

    Pieter
     
  7. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    The internet connection was broken when I received a hijacker. As soon as I got it I couldnt search for anything else. Even changing the address to search didnt allow progress. The address bar on Control Panel was stuck on the hijacker address.. I have lately received jsconsole.dll, c_10230.dll and Spad. NAV got rid of JS Console but wont remove C_10230. Nor will any other programme that I have. I went in and removed the Spad file in C:/Spad as suggested.

    Email settings are OK although I have just found out that I cant send or receive email either. Am I getting close to throwing the computer out the window or should I re-install XP ?
     
  8. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    Pieter,

    I ran Bill James registry search that I found on another thread and its found 2 jsconsole.dll files !!!! How do I get rid of them ?? Is this causing the problem ??

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "jsconsole.dll" 23/06/2004 20:08:10

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D158B6-2E9F-4774-8BBF-713F760D74A0}\InprocServer32]
    @="C:\\WINDOWS\\System32\\jsconsole.dll"

    [HKEY_USERS\S-1-5-21-507921405-1935655697-854245398-1004\Software\Microsoft\Search Assistant\ACMru\5603]
    "000"="jsconsole.dll"

    Thanks,

    Nick
     
  9. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    Pieter I give up ! I just reloaded XP in the hope that it would cure the problem but no change at all !!

    HELP ,

    Nick
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    jsconsole was part of the problem, but I don't think it was cause for not being able to connect.

    What do you mean exactly by reloaded XP?

    Regards,

    Pieter
     
  11. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    I took the XP c/d and reloaded it. I thought it would re load IE , reset the registry and cure the problem but no difference !
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  13. Tyreabusa

    Tyreabusa Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    13
    Pieter,

    I'd like to thatnk you so much for your help but I'm afraid I just dont have any more time to deal with this problem, so I'm taking the computer to my local dealer to sort out. All the help you have given has been spot on in finding the hijackers and has been most appreciated. One last question. What can I do to stop the hijackers getting to me again ?? I run IE6 with XP service pack 1, NAV, NIS, hardware firewall.......is there a deifinate fix ??

    Nick :D
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
Thread Status:
Not open for further replies.