homepage hijacked

Discussion in 'adware, spyware & hijack cleaning' started by jon pahl, Jan 21, 2004.

Thread Status:
Not open for further replies.
  1. jon pahl

    jon pahl Guest

    Hello,

    I'm having a problem with my homepage being reset, a constant dialer pop-up that won't go away, 7-10 sites added to my favorites list, and the same 2 icons added to my desktop every time I start up my computer.

    I've run Ad-aware and Hijackthis.

    However, after running Ad-aware, a MS error box came up that said The system has recovered from a serius error. Then the MS diagnostic page said the error was caused by Zonealarm (which i could've sworn was OFF when I ran the above programs.

    This was the error message code:

    BCCode:76 BCP1:00000000 BCP2:ff9bf020 BCP3:00000003

    BCP4:00000000 OSVer 5_1_2600 SP:1_0 Product:768_1



    Here's the log (hopefully) from Hijackthis:


    Logfile of HijackThis v1.97.7
    Scan saved at 5:34:36 AM, on 1/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\essspk.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
    C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    C:\Windows\system32\HpSrvUI.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\ZoneLabs\MINILOG.EXE
    C:\WINDOWS\System32\PackethSvc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allneedsearch.com/spm.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allneedsearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allneedsearch.com/spm.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://allneedsearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://t.rack.cc/h.php?aid=420
    O1 - Hosts: 69.56.223.196 t.rack.cc
    O1 - Hosts: 69.56.223.196 www.alfa-search.com
    O1 - Hosts: 69.56.223.196 webcoolsearch.com
    O1 - Hosts: 69.56.223.196 in.webcounter.cc
    O1 - Hosts: 69.56.223.196 i-lookup.com
    O1 - Hosts: 69.56.223.196 www.hand-book.com
    O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
    O1 - Hosts: 69.56.223.196 allneedsearch.com
    O1 - Hosts: 69.56.223.196 nativehardcore.com
    O1 - Hosts: 69.56.223.196 teen-biz.com
    O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
    O1 - Hosts: 69.56.223.196 best.royalsearch.net
    O1 - Hosts: 69.56.223.196 default-homepage-network.com
    O1 - Hosts: 69.56.223.196 xwebsearch.biz
    O1 - Hosts: 69.56.223.196 www.rightfinder.net
    O1 - Hosts: 69.56.223.196 www.search-1.net
    O1 - Hosts: 69.56.223.196 www.searchv.com
    O1 - Hosts: 69.56.223.196 www.websearch.com
    O1 - Hosts: 69.56.223.196 mysearchnow.com
    O1 - Hosts: 69.56.223.196 www.therealsearch.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 find.microgirls.com
    O1 - Hosts: 69.56.223.196 super-spider.com
    O1 - Hosts: 69.56.223.196 www.searching-the-net.com
    O1 - Hosts: 69.56.223.196 www.firstbookmark.com
    O1 - Hosts: 69.56.223.196 just.find-itnow.com
    O1 - Hosts: 69.56.223.196 www.find-itnow.com
    O1 - Hosts: 69.56.223.196 qwertysearch123.biz
    O1 - Hosts: 69.56.223.196 www.search-space.com
    O1 - Hosts: 69.56.223.196 www.windowws.cc
    O1 - Hosts: 69.56.223.196 aifind.info
    O1 - Hosts: 69.56.223.196 www.find4u.net
    O1 - Hosts: 69.56.223.196 find4u.net
    O1 - Hosts: 69.56.223.196 www.lookfor.cc
    O1 - Hosts: 69.56.223.196 www.008i.com
    O1 - Hosts: 69.56.223.196 www.viewpornkey.com
    O1 - Hosts: 69.56.223.196 www.hugesearch.net
    O1 - Hosts: 69.56.223.196 www.novafuck.com
    O1 - Hosts: 69.56.223.196 www.seznam.cz
    O1 - Hosts: 69.56.223.196 aifind.cc
    O1 - Hosts: 69.56.223.196 www.onet.pl
    O1 - Hosts: 69.56.223.196 teenhqpics.com
    O1 - Hosts: 69.56.223.196 www.ttjj.com
    O1 - Hosts: 69.56.223.196 www.search-dot.com
    O1 - Hosts: 69.56.223.196 www.search-and-go.com
    O1 - Hosts: 69.56.223.196 www.slotch.com
    O1 - Hosts: 69.56.223.196 www.2fastsearch.net
    O1 - Hosts: 69.56.223.196 awebfind.biz
    O1 - Hosts: 69.56.223.196 www.power-search.info
    O1 - Hosts: 69.56.223.196 www.naver.com
    O1 - Hosts: 69.56.223.196 www.daum.net
    O1 - Hosts: 69.56.223.196 www.ohcorea.com
    O1 - Hosts: 69.56.223.196 www.hao123.com
    O1 - Hosts: 69.56.223.196 58q.com
    O1 - Hosts: 69.56.223.196 www.hotwebsearch.com
    O1 - Hosts: 69.56.223.196 www.startium.com
    O1 - Hosts: 69.56.223.196 www.gajai.com
    O1 - Hosts: 69.56.223.196 www.wazzupnet.com
    O1 - Hosts: 69.56.223.196 freshvideogals.com
    O1 - Hosts: 69.56.223.196 www.xgmm.com
    O1 - Hosts: 69.56.223.196 searchmyrequest.com
    O1 - Hosts: 69.56.223.196 yourbookmarks.ws
    O1 - Hosts: 69.56.223.196 wmmse.com
    O1 - Hosts: 69.56.223.196 link.startmake.com
    O1 - Hosts: 69.56.223.196 www.boredlife.com
    O1 - Hosts: 69.56.223.196 approvedlinks.com
    O1 - Hosts: 69.56.223.196 www.nkvd.us
    O1 - Hosts: 69.56.223.196 www.8095.com
    O1 - Hosts: 69.56.223.196 www.dreamwiz.com
    O1 - Hosts: 69.56.223.196 ie-search.com
    O1 - Hosts: 69.56.223.196 auto.ie.searchforge.com
    O1 - Hosts: 69.56.223.196 search.psn.cn
    O1 - Hosts: 69.56.223.196 www.couldnotfind.com
    O1 - Hosts: 69.56.223.196 www.iquicksearch.com
    O1 - Hosts: 69.56.223.196 1-se.com
    O1 - Hosts: 69.56.223.196 www.spidersearch.com
    O1 - Hosts: 69.56.223.196 search.ieplugin.com
    O1 - Hosts: 69.56.223.196 itseasy.us
    O1 - Hosts: 69.56.223.196 searchbar.findthewebsiteyouneed.com
    O1 - Hosts: 69.56.223.196 www.searchxl.com
    O1 - Hosts: 69.56.223.196 www.hotsearchbox.com
    O1 - Hosts: 69.56.223.196 www.searchforge.com
    O1 - Hosts: 69.56.223.196 www.omega-search.com
    O1 - Hosts: 69.56.223.196 searchcentrix.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~2\Owner\APPLIC~1\MICROS~1\Office\Excel10.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
    O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe
    O4 - Global Startup: winlogon.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O15 - Trusted Zone: *.offshoreclicks.com
    O15 - Trusted Zone: *.teensguru.com
    O16 - DPF: {11111111-1111-1111-1111-111259006862} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f11139.exe
    O16 - DPF: {11111111-1111-1111-1111-114897265168} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.008k.com/partner/inst/f22776.exe
    O16 - DPF: {44EF3799-53A0-4D7A-BD9F-DC103F2FB8D9} (MSN Money QuickList) - http://fdl.msn.com/public/investor/v13/investor.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37476.6146643519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25A474D0-E965-4CC0-8E30-9FF1C381A3CD}: NameServer = 65.43.19.26 206.141.192.60
    O17 - HKLM\System\CS1\Services\Tcpip\..\{25A474D0-E965-4CC0-8E30-9FF1C381A3CD}: NameServer = 65.43.19.26 206.141.192.60
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jon,

    Download and run: http://www.merijn.org/files/CWShredder.exe

    Then reboot and delete:
    - the added favorites
    - C:\WINDOWS\System32\drivers\etc\hosts <= unless you use that for something useful.

    Run HijackThis again and post a new log.

    Regards,

    Pieter
     
  3. jonpahl

    jonpahl Guest

    follow-up on homepage

    Pieter,

    I ran the Shredder.exe program, and that seemed to take care of most of the problem.

    However, I wasn't quite sure where I would go exactly to delete the
    C:\windows|system32\drivers\ect\hosts....I ended up going into the Hijackthis menu and deleted all the Findbabesnow/yourperfectsearch,
    ect....

    Here's the last log from Hijackthis.

    I hope I didn't screw up anything in my system.

    Anyway, thanks a lot for the help.

    Jon

    Logfile of HijackThis v1.97.7
    Scan saved at 10:51:15 PM, on 1/21/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\essspk.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
    C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    C:\Windows\system32\HpSrvUI.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\ZoneLabs\MINILOG.EXE
    C:\WINDOWS\System32\PackethSvc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\WINDOWS\system32\RadioSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
    O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
    O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [PowerDirector] C:\WINDOWS\Temp\TPDIR\setup.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O15 - Trusted Zone: *.offshoreclicks.com
    O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
    O16 - DPF: {44EF3799-53A0-4D7A-BD9F-DC103F2FB8D9} (MSN Money QuickList) - http://fdl.msn.com/public/investor/v13/investor.cab
    O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37476.6146643519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25A474D0-E965-4CC0-8E30-9FF1C381A3CD}: NameServer = 65.43.19.26 206.141.192.60
    O17 - HKLM\System\CS1\Services\Tcpip\..\{25A474D0-E965-4CC0-8E30-9FF1C381A3CD}: NameServer = 65.43.19.26 206.141.192.60
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re:follow-up on homepage

    Hi jonpahl,

    You just took the long way by deleting them one by one. No problem.

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items I quoted above in HijackThis, close all windows except HijackThis and click Fix checked.

    Then reboot.

    Regards,

    Pieter
     
  5. e-liam

    e-liam Spyware Fighter

    Joined:
    Dec 10, 2003
    Posts:
    2
    Hi Jonpahl,

    Now you've got rid of CWS, you should download all critical updates from MS. CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. Go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

    Cheers

    Liam
     
Thread Status:
Not open for further replies.