yuhmee

Discussion in 'adware, spyware & hijack cleaning' started by pandah, Mar 15, 2004.

Thread Status:
Not open for further replies.
  1. pandah

    pandah Guest

    -The original problem was spyware called "yuhmee", it redirects most of my Internet Explorer URLs to a search site full of advertisments.
    I've run the lastest updates of both 'spybot'-which didn't help and 'adaware'. At the moment I'm not sure if I still have the same problem, but I would like to get my registry checked just in case. There also seems to be a problem with my host file.


    Logfile of HijackThis v1.97.7
    Scan saved at 6:29:08 PM, on 15/03/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\System32\realupd.exe
    C:\Program Files\BlackICE\blackice.exe
    C:\Program Files\BlackICE\blackd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\Documents and Settings\Rob Hamilton\My Documents\Setup, cracks and zips\Setups\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O1 - Hosts: 66.98.178.19 06272002-dbase.hitcountz.net
    O1 - Hosts: 66.98.178.19 1ca.cqcounter.com
    O1 - Hosts: 66.98.178.19 2001-007.com
    O1 - Hosts: 66.98.178.19 ad-logics.com
    O1 - Hosts: 66.98.178.19 ad.trafficmp.com
    O1 - Hosts: 66.98.178.19 adclient.rottentomatoes.com
    O1 - Hosts: 66.98.178.19 adcounter.globeandmail.com
    O1 - Hosts: 66.98.178.19 adcounter.theglobeandmail.com
    O1 - Hosts: 66.98.178.19 adlog.com.com
    O1 - Hosts: 66.98.178.19 admanmail.com
    O1 - Hosts: 66.98.178.19 ads.specificpop.com
    O1 - Hosts: 66.98.178.19 adtech.de
    O1 - Hosts: 66.98.178.19 askmen.thruport.com
    O1 - Hosts: 66.98.178.19 banner.0catch.com
    O1 - Hosts: 66.98.178.19 bilbo.counted.com
    O1 - Hosts: 66.98.178.19 c1.statcounter.com
    O1 - Hosts: 66.98.178.19 c1.thecounter.com
    O1 - Hosts: 66.98.178.19 c2.gostats.com
    O1 - Hosts: 66.98.178.19 c2.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.thecounter.com
    O1 - Hosts: 66.98.178.19 c3.xxxcounter.com
    O1 - Hosts: 66.98.178.19 cashcounter.com
    O1 - Hosts: 66.98.178.19 cgi.hotstat.nl
    O1 - Hosts: 66.98.178.19 clit6.sextracker.com
    O1 - Hosts: 66.98.178.19 clit8.sextracker.com
    O1 - Hosts: 66.98.178.19 cookies.cmpnet.com
    O1 - Hosts: 66.98.178.19 counter.aaddzz.com
    O1 - Hosts: 66.98.178.19 counter.bloke.com
    O1 - Hosts: 66.98.178.19 counter.hitslink.com
    O1 - Hosts: 66.98.178.19 counter.yadro.ru
    O1 - Hosts: 66.98.178.19 counter14.sextracker.com
    O1 - Hosts: 66.98.178.19 counter16.bravenet.com
    O1 - Hosts: 66.98.178.19 counter17.bravenet.com
    O1 - Hosts: 66.98.178.19 counter2.hitslink.com
    O1 - Hosts: 66.98.178.19 counter26.bravenet.com
    O1 - Hosts: 66.98.178.19 counter32.bravenet.com
    O1 - Hosts: 66.98.178.19 counter34.breavenet.com
    O1 - Hosts: 66.98.178.19 counter41.bravenet.com
    O1 - Hosts: 66.98.178.19 counter47.bravenet.com
    O1 - Hosts: 66.98.178.19 counter6.sextracker.com
    O1 - Hosts: 66.98.178.19 counter8.bravenet.com
    O1 - Hosts: 66.98.178.19 data.coremetrics.com
    O1 - Hosts: 66.98.178.19 delivery.loopingclick.com
    O1 - Hosts: 66.98.178.19 dwclick.com
    O1 - Hosts: 66.98.178.19 ebay.doubleclick.net
    O1 - Hosts: 66.98.178.19 ehg-amerix.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-bestbuy.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-crain.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-dig.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-eckounlimited.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-espn.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-idg.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-liveperson.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-oreilley.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-space.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-sportsline.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-techtarget.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-tigerdirect.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-uniontrib.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg-viacom.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.commjun.hitbox.com
    O1 - Hosts: 66.98.178.19 ehg.hitbox.com
    O1 - Hosts: 66.98.178.19 fastclick.net
    O1 - Hosts: 66.98.178.19 fcstats.bcentral.com
    O1 - Hosts: 66.98.178.19 flycast.com
    O1 - Hosts: 66.98.178.19 g-wizzads.net
    O1 - Hosts: 66.98.178.19 gostats.com
    O1 - Hosts: 66.98.178.19 gtcc1.acecounter.com
    O1 - Hosts: 66.98.178.19 hc2.humanclick.com
    O1 - Hosts: 66.98.178.19 hit2.hotlog.ru
    O1 - Hosts: 66.98.178.19 hit37.chark.dk
    O1 - Hosts: 66.98.178.19 hitbox.com
    O1 - Hosts: 66.98.178.19 hits.webstat.com
    O1 - Hosts: 66.98.178.19 images.dailydiscounts.com
    O1 - Hosts: 66.98.178.19 imp.clickability.com
    O1 - Hosts: 66.98.178.19 impacts.alliancehub.com
    O1 - Hosts: 66.98.178.19 insightfirst.com
    O1 - Hosts: 66.98.178.19 int.sitestat.com
    O1 - Hosts: 66.98.178.19 jkearns.freestats.com
    O1 - Hosts: 66.98.178.19 linktrack.bravenet.com
    O1 - Hosts: 66.98.178.19 logs.comics.com
    O1 - Hosts: 66.98.178.19 m1.nedstatbasic.net
    O1 - Hosts: 66.98.178.19 media101.sitebrand.com
    O1 - Hosts: 66.98.178.19 mediatrack.revenue.net
    O1 - Hosts: 66.98.178.19 mt122.mtree.com
    O1 - Hosts: 66.98.178.19 nedstat.s0.nl
    O1 - Hosts: 66.98.178.19 nl.sitestat.com
    O1 - Hosts: 66.98.178.19 partner.alerts.aol.com
    O1 - Hosts: 66.98.178.19 paxito.sitetracker.com
    O1 - Hosts: 66.98.178.19 perso.estat.com
    O1 - Hosts: 66.98.178.19 pmg.ad-logics.com
    O1 - Hosts: 66.98.178.19 postclick.adcentriconline.com
    O1 - Hosts: 66.98.178.19 prof.estat.com
    O1 - Hosts: 66.98.178.19 s10.sitemeter.com
    O1 - Hosts: 66.98.178.19 s11.sitemeter.com
    O1 - Hosts: 66.98.178.19 s12.sitemeter.com
    O1 - Hosts: 66.98.178.19 s13.sitemeter.com
    O1 - Hosts: 66.98.178.19 s14.sitemeter.com
    O1 - Hosts: 66.98.178.19 s15.sitemeter.com
    O1 - Hosts: 66.98.178.19 s16.sitemeter.com
    O1 - Hosts: 66.98.178.19 s2.statcounter.com
    O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\5330\redirect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [CFIMP] C:\WINDOWS\CFIMP.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\BlackICE\blackice.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB


    Cheers
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,427
    Location:
    Netherlands
    Hi pandah,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R3 - Default URLSearchHook is missing
    All the O1 - Hosts: entries
    O2 - BHO: (no name) - {9819C369-5F62-4D37-9A42-44043A742C1E} - c:\progra~1\ddm\5330\redirect.dll

    O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
    O4 - HKLM\..\Run: [CFIMP] C:\WINDOWS\CFIMP.exe

    O4 - HKCU\..\Run: [RealUpdater] C:\WINDOWS\System32\realupd.exe

    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

    Then reboot and delete:
    C:\program files\ddm <= entire folder
    C:\WINDOWS\System32\realupd.exe

    Regards,

    Pieter
     
  3. pandah

    pandah Guest

    thankyou muchly
     
  4. slammer_JvA

    slammer_JvA Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    1,588
    Location:
    Below sea-level. Safe and sound behind our dikes:
    Re: THANK YOU yuhmee

    Dear Pandah,

    As you noticed, you've come to the right place, with great people, great experts, and great advice.
    A month ago I also experienced simular problems with that nasty YUHMEE.
    Somehow I "stumbled" :rolleyes: onto this forum, and it has been one of the best lucky punches I had for years on the net :) !

    *** That's why I shout a firm: THANK YOU YUHMEE.com ! ;) :D :D :D ***

    Why?

    Because if it wasn't for their :mad:annoying spyware activities :mad: I would never had been served with so much expert help and knowledge already; I would never had met these fantastic people here! :D *puppy*
    Besides that, this has given me a treasure of links on this -alas- very important subject /threat and all that comes with it.

    I'm still learning every day - and I love it! :-*

    As a bonus you'll meet new people, some of which I already consider new online friends.

    That is why I hope you return, so we can welcome you as a member. CU @ Wilders!
    Don't be shy...look around, ask whatever you want: We all have to start somewhere.
    You'll find your way - like we all did.

    ENJOY :): It's a feast.

    Take care Pandah.

    Regards,
    slammer ;)

    (Only downside may be....lack of sleep, and possible 'addiction'. But there's help for that too, here + plenty of other pleasant "nut-cases" around. :D)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.