Options

bestfriends.scr

I tried following the guide that was alreayd listed ont hsi site for removing this pesky virus but I was unable to remove it. I have posted my HJT log below in the hopes that someone can help me. Any help would be appreciated...

i've also run the latest version of Ad-aware and Spybot. i've even tried running other programs off of download.com such as spyware doctor. I've also run mcaffee and gotten nowhere with it.


Logfile of HijackThis v1.97.7
Scan saved at 7:27:55 PM, on 10/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\BSPLAYER.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O1 - Hosts: 66.98.194.40 giveupalready.com www.giveupalready.com mail.giveupalready.com irc.giveupalready.com webmail.giveupalready.com chat.giveupalready.com
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetStartup -s
O4 - HKLM\..\Run: [BS Player] BSPLAYER.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [BS Player] BSPLAYER.EXE
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Comments

  • LincLinc Owner Detroit Icrontian
    edited October 2004
    Welcome to Short-Media!

    It's the BS Player. Remove these:

    O4 - HKLM\..\Run: [BS Player] BSPLAYER.EXE
    O4 - HKCU\..\RunOnce: [BS Player] BSPLAYER.EXE

    Do you have New.net starting up on purpose? If not remove this also:

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NewDotNet\newdotnet6_38.dll,NewDotNetS tartup -s

    And you can remove this just to tidy up a little:

    O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing

    That should fix you right up :) Let us know if that solves it.

    I also recommend reading this article to help prevent another problem in the future: Defeating Spyware
Sign In or Register to comment.