Home > Hijackthis Log > HijackThis Log - Think I May Have A Worm. Please Help!

HijackThis Log - Think I May Have A Worm. Please Help!

Messenger] sodj.exeshouldn't be there ... First, check if you have the latest version of CWShredder. If the step above was required, it may be necessary to repeat the prior steps in the Environment Variables dialog box -- time will tell.b. I didn't even notice that link... weblink

To help Bleeping Computer better assist you please perform the following steps: *************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or I already have CCleaner, so I will use that first. Back to top #3 SifuMike SifuMike malware expert Staff Emeritus 15,385 posts OFFLINE Gender:Male Location:Vancouver (not BC) WA (Not DC) USA Local time:05:03 AM Posted 29 December 2007 - 03:49 Questions about CoolWebSearch: What is your connection to cool-search.net? http://www.bleepingcomputer.com/forums/t/49566/hijackthis-log-please-help-diagnose/

Click OK. If you do, contact InterMute and ask them for help. Several functions may not work. You can also complain to CoolWebSearch itself and ask for the offending 'affiliate' to be shut down for spreading viruses.

Please refer to our CNET Forums policies for details. unique 7.03.2007 13:58 Hi QUOTEYou can "pack" it this way:http://forum.kaspersky.com/index.php?showtopic=13881, please send it to the lab. Mirrors: Alternate official download locations for FixIEDef.exe http://it-mate.co.uk/downloads/fixiedef/fixiedef.exe http://hosts-file.net/download/fixiedef/fixiedef.exe http://avant.it-mate.co.uk/?c=Download&f=Tools/FixIEDef http://archives.mysteryfcm.co.uk/?f=Securi...pyware/FixIEDef Double-click FixIEDef.exe, this will create a folder named FixIEDef on your Desktop. I thought I deleted !!!thank you Valeria Back to top #7 -David- -David- Members 10,603 posts OFFLINE Gender:Male Location:London Local time:01:03 PM Posted 23 April 2006 - 08:57 AM Hi

Lookup the domain you were hijacked to (or any domain affiliated with CWS) and complain to their registrar or upstream provider. How can I do something to combat this strain of browser hijacking trojans? Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". sorry!!

Secondly, disabling Java might be a good idea since there have been reports of infections even on fully patched systems. Don Pelotas 6.03.2007 21:19 QUOTE(unique @ 6.03.2007 15:07)I have tried superantispyware, it didn't pick anything up unfortunately When you say "pack the file" do you mean zip it to you? Please re-enable javascript to access full functionality. You should see an icon for it in your taskbar - right click on it and click exit.* Please download ATF Cleaner by Atribune.Don't run it yet.*Now start a new scan

How do I uninstall CWShredder? If you believe it is a newly discovered startup, please let me know about it. smile.gifI did send it to the lab on Monday at 3.45pm I received a reply this morning but I don't quite understand the reply (probably me being a bit thick) it Click Tools and Preferences.

Click on Delete Files make sure you get all offline content as well. http://advancedcomputech.com/hijackthis-log/hijackthis-log-please-help.html VISTA Users: Right-click on FixIEDef.bat and select "Run as Administrator". After this, delete HijackThis.exe. Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion

Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Why am I getting error #75 (Path/File access) in modMain_CheckOther1Item()? NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. check over here I can do that if you pm me your email address?

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. We also will pay you 5% of the revenues earned by every webmaster you referred to us. By sandymeads in forum PressF1 Replies: 21 Last Post: 22-08-2003, 05:12 PM Speed Freak mail hijack By Jim B in forum PressF1 Replies: 7 Last Post: 01-04-2003, 05:31 PM Bookmarks Bookmarks

just send the file lucian said to the lab and if it is malicious, you helped kaspersky get slightly closer to the 100% mark ...

I've tried many diffrent things through norton and tried the IEDefender removal steps on this site, and I still have it.When I ran the IEDefender tutorial none of those files were To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546383 <<< CLICK THIS LINK If you no longer need help, then all And clean out your %Userprofile%\Local Settings\Temp folder. after getting the computer back up...I was getting attacked again while downloading up-dates for windows XP.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress As I said, I'm a complete novice the link there should explain how to send a file. regsaver.com or regfixes.com or adsbuster.com etc..." Is it a kind of worm? this content Create Account How it Works Javascript Disabled Detected You currently have javascript disabled.

Windows XP handles zipped archives natively, but you still have to copy the files in a zipped archive to a separate folder to avoid losing them in the browser cache. As I said, I'm a complete novice unique 5.03.2007 18:32 QUOTE(lodore @ 5.03.2007 15:25)looks clean to me but i dont know what system files windows 2k is meant to have.i mainly None. If its not malicious, no need to worry unique 6.03.2007 14:32 QUOTE(dawgg @ 5.03.2007 22:45)NO AntiVirus catches 100% of malicious files...

All email is read. If you are getting this error:An unexpected error has occurred at procedure: modRegistry_GetFirstSubFolder(sFolder=C:\Documents and Settings\\Application Data\Mozilla\Profiles\default) Error #5 - Invalid procedure call or argument Then you are running an older version Why is HijackThis closing suddenly when I run it? What command line parameters does HijackThis accept?

HijackThis targets only browser hijacking methods, not trojans or viruses. Ask someone who knows. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. Hijackthis Log: Please Help Diagnose Started by valeria , Apr 12 2006 09:05 AM Please log in to reply 8 replies to this topic #1 valeria valeria Members 5 posts OFFLINE

Thank you for using Bleeping Computer, and have a great day! Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!Reboot your computer into Safe Mode. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy If you need this topic reopened, please contact a staff member.

unique 6.03.2007 16:10 QUOTE(lucianbara @ 6.03.2007 12:47)well panda has a habbit of detecting a lot of things as susspicious.what information do you get from the file if you right click it Click here to Register a free account now! Mozilla Family of Browsers Crazy Browser Opera Here is the Hijack This Log that I ran: Logfile of HijackThis v1.99.1 Scan saved at 6:37:14 AM, on 7/3/06 Platform: Windows 98 Gold Don Pelotas 5.03.2007 19:47 Next time please post in the virus-related issue's if you want help with an infection!

Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".