Options

Hey guys, cant Run Iexplorer or Mozilla firefox. virus keeps closing them. (error )

Unknown
edited November 2005 in Spyware & Virus Removal
Every time i open IE or firefox

I get a error report and it closes .

I ran yahoo anti spy *newest) and hijack this.


I am using the Bitcomet browser and its working fine. I believe i got this virus software from BITCOMET and thier torrent sites. F*kin ****. cant do anything these days.

Please help thanks.

Comments

  • Rosati
    edited November 2005
    Logfile of HijackThis v1.98.2
    Scan saved at 3:59:54 PM, on 11/3/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Um9iIFJvc2F0bw\command.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\aktjvre.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\gfqtgkp.exe
    C:\WINDOWS\etb\pokapoka79.exe
    C:\Program Files\Aim95\aim.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\UNZIPPED\HIJACK~1\HijackTh.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1stsearchportal.com/sp2.php
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [gfqtgkp] C:\WINDOWS\gfqtgkp.exe
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\gdsdxd.exe reg_run
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim95\aim.exe
    O20 - AppInit_DLLs: repairs302972955.dll
  • Rosati
    edited November 2005
    Bump.
  • Rosati
    edited November 2005
    BumPP PLz
  • TroganTrogan London, UK
    edited November 2005
    Go here and download the lastest version of HJT.

    Post a new HJT log here :)
  • Rosati
    edited November 2005
    Logfile of HijackThis v1.99.1
    Scan saved at 1:04:16 PM, on 11/4/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Um9iIFJvc2F0bw\command.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\aktjvre.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\gfqtgkp.exe
    C:\WINDOWS\etb\pokapoka79.exe
    C:\Program Files\Aim95\aim.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\UNZIPPED\HIJACK~1\HijackTh.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1stsearchportal.com/sp2.php
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [gfqtgkp] C:\WINDOWS\gfqtgkp.exe
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\gdsdxd.exe reg_run
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [Windows Accelerators ] c:\unzipped\keylogv6\ksv6.exe
    O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\Aim95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim95\aim.exe
    O20 - AppInit_DLLs: repairs302972955.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iIFJvc2F0bw\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aktjvre.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
  • TroganTrogan London, UK
    edited November 2005
    Please move HJT to its own folder on your C: so backups can be created. Do this before continuing.
    ===

    Run HiJackThis then:

    1. Click "Open the Misc Tools Section"
    2. Click "Open Process manager"

    -

    Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

    C:\WINDOWS\Um9iIFJvc2F0bw\command.exe

    Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
    ===

    Check the following in HJT and click 'Fix Checked'

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1stsearchportal.com/sp2.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.1stsearchportal.com/sp2.php

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

    O4 - HKLM\..\Run: [gfqtgkp] C:\WINDOWS\gfqtgkp.exe
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\gdsdxd.exe reg_run
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [Windows Accelerators ] c:\unzipped\keylogv6\ksv6.exe
    O4 - HKLM\..\Run: [System service79] C:\WINDOWS\etb\pokapoka79.exe
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

    O20 - AppInit_DLLs: repairs302972955.dll

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iIFJvc2F0bw\command.exe
    ===

    View hidden files and folders - explained here
    ===

    Find and Delete the following:

    C:\Program Files\SurfSideKick 3 << this folder
    C:\WINDOWS\gfqtgkp.exe << this file
    C:\WINDOWS\System32\gdsdxd.exe << this file
    c:\unzipped\keylogv6 << this folder
    C:\WINDOWS\etb\pokapoka79.exe << this file
    ===

    You should update windows ASAP. Go to Windows Update and download ALL critical updates and service packs.
    ===

    Post a new HJT log after :)
  • Rosati
    edited November 2005
    1st issue. cant kill that process. says windows is protecting it.


    Thanks btw
  • Rosati
    edited November 2005
    Im in safe mode now.

    heres m y log file. cant delete command.exe surfsidekick.dll's and repairs.54564 ... .dll causes an error in HJT and tells me to email the programmer of hjt.

    this thing is a bitch. And when my computer idles. I get Popups from Internet explorer saying it performed an error when its not even open.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:26 PM, on 11/5/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\BitComet\BitComet.exe
    C:\HijackTh.exe

    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\Aim95\\DeadAIM.ocm",ExportedCheckODLs
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: ktrc.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O20 - AppInit_DLLs: repairs302972955.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9iIFJvc2F0bw\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\aktjvre.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE




    thanks mate.
  • TroganTrogan London, UK
    edited November 2005
    Can you do a few things please

    1) Enable everything on startup.
    • Go to Start > Run
    • Type msconfig
    • Click on the Startup Tab
    • Click Enable All
    • Reboot when prompted

    2) Post a new HJT log :)
  • Rosati
    edited November 2005
    Thanks trogan...


    gimme a minute.
Sign In or Register to comment.