rightfinder - what a pest

Discussion in 'adware, spyware & hijack cleaning' started by jackafrica, Nov 22, 2003.

Thread Status:
Not open for further replies.
  1. jackafrica

    jackafrica Registered Member

    Joined:
    Nov 22, 2003
    Posts:
    12
    Hi All Learned Ones,
    I've had rouble with rightfinder coming up as my home page, using MS Internet Explorer. I've installed Ad-aware and Hijack This, run them both.
    Here is the log file of what Hijack This has identified - after some deletions by me.
    Is there anything in this logfile below which looks suspicious ( or perhaps shouldn't be there ) to you? Am running VET as my anti virus software.
    Thanks, I appreciate the help you offer in this forum, even though my knowledge is limited.
    Logfile of HijackThis v1.97.7
    Scan saved at 7:36:52 PM, on 22/11/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\SBPCI\CTMIX32.EXE
    C:\WINDOWS\SYSTEM\VETMSG9X.EXE
    C:\VET\VETTRAY.EXE
    C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\E_S10IC2.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
    O4 - HKLM\..\Run: [Vet Alert] C:\WINDOWS\System\VetMsg9x.exe
    O4 - HKLM\..\Run: [VetTray] C:\VET\VETTRAY.EXE
    O4 - HKLM\..\Run: [lar] C:\WINDOWS\DESKTOP\LLASS.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [lar] C:\WINDOWS\DESKTOP\LLASS.EXE
    O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\ADDCLASS.EXE
    O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://ebay.sj.ipixmedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/sa/common/common/bin/cabsa.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB


    Thanks, look ofrward to your reply
    Regards
    jackafrica
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi jackafrica,

    Welcome at Wilders. :)

    To get rid of the rightfinder hijack, please download, unzip and run CWShredder written by Merijn (creator of HijackThis)

    But you also seem to have a trojan: http://www.sophos.com/virusinfo/analyses/trojinora.html

    Have HijackThis Fix:
    O4 - HKLM\..\Run: [lar] C:\WINDOWS\DESKTOP\LLASS.EXE

    and after a reboot follow additional instructions here: http://www.sophos.com/virusinfo/analyses/trojinora.html

    Regards,

    Pieter
     
  3. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Welcome from me, too Jack, and let us know if that gets ya runnin' smooth again!
     
  4. jackafrica

    jackafrica Registered Member

    Joined:
    Nov 22, 2003
    Posts:
    12
    Thanks Pieter and Detox,
    Looks as though, with your help in directions ( and the very useful programs ), the beastie is gone. Must confess to be somewhat disappointed my VET anti virus program did not alert me of the infection. Given that updates are run every day, this program would seem to be lacking. Looks like a new learning curve for me :)
    Again, my heartfelt thanks for helping me.
    Best regards
    jackafrica
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi jackafrica,

    Glad we could help. :)

    Regards,

    Pieter
     
  6. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Good to hear; gave pieter another cookie but I'm afraid he's gonna get chunky with all those :eek:
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Never fear Detox,

    I'm one of those annoying people that can eat all they want without gaining an ounce. :p
     
  8. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi jackafrica
    You might want to install an Anti Trojan program. Not all AV's detect Trojans.
    Dolf
     
Thread Status:
Not open for further replies.