Options

Desktop Background is hijacked from Downloader YK virus

Unknown
edited June 2005 in Spyware & Virus Removal
This is a great site and y'all are doing great work and was wondering if someone could help me. A trojan horse virus took over my pc and left some screen on my desktop warning me of spyware in bad english. Well after running AVG free virus scan 5 times which found a total of 7 items, adaware se 5 times which found a total of 15-20 items, spybot seek and destroy 4 times with a total of 20 items and stinger with no results i beleive that i may be clean. I also after running all of those(the last time in safe mode) i then proceeded to run hijack this. but now my desktop background won't go back to normal. what do i do? please help if you can it would be greatly appreciated. here's my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:17 AM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Documents and Settings\JIM\My Documents\HIjack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dogpile.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 213.219.251.78 www.google.com
O1 - Hosts: 213.219.251.78 google.com
O1 - Hosts: 213.219.251.78 www.google.co.uk
O1 - Hosts: 213.219.251.78 google.co.uk
O1 - Hosts: 213.219.251.78 www.google.ca
O1 - Hosts: 213.219.251.78 google.ca
O1 - Hosts: 213.219.251.78 www.google.es
O1 - Hosts: 213.219.251.78 google.es
O1 - Hosts: 213.219.251.78 www.google.de
O1 - Hosts: 213.219.251.78 google.de
O1 - Hosts: 213.219.251.78 www.google.fr
O1 - Hosts: 213.219.251.78 google.fr
O1 - Hosts: 213.219.251.78 www.google.com.au
O1 - Hosts: 213.219.251.78 google.com.au
O1 - Hosts: 213.219.251.79 www.yahoo.com
O1 - Hosts: 213.219.251.79 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 213.219.251.81 astalavista.com
O1 - Hosts: 213.219.251.81 www.astalavista.com
O1 - Hosts: 213.219.251.81 astalavista.box.sk
O1 - Hosts: 213.219.251.81 www.astalavista.box.sk
O1 - Hosts: 213.219.251.81 cracks.com
O1 - Hosts: 213.219.251.81 www.cracks.com
O1 - Hosts: 213.219.251.80 www.msn.com
O1 - Hosts: 213.219.251.80 msn.com
O1 - Hosts: 213.219.251.80 search.msn.com
O1 - Hosts: 213.219.251.80 www.search.msn.com
O1 - Hosts: 213.219.251.80 go.com
O1 - Hosts: 213.219.251.80 www.go.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118985950515
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

thanks

Comments

  • Buckeye_SamBuckeye_Sam Columbus, Ohio
    edited June 2005
    Place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 213.219.251.78 www.google.com
    O1 - Hosts: 213.219.251.78 google.com
    O1 - Hosts: 213.219.251.78 www.google.co.uk
    O1 - Hosts: 213.219.251.78 google.co.uk
    O1 - Hosts: 213.219.251.78 www.google.ca
    O1 - Hosts: 213.219.251.78 google.ca
    O1 - Hosts: 213.219.251.78 www.google.es
    O1 - Hosts: 213.219.251.78 google.es
    O1 - Hosts: 213.219.251.78 www.google.de
    O1 - Hosts: 213.219.251.78 google.de
    O1 - Hosts: 213.219.251.78 www.google.fr
    O1 - Hosts: 213.219.251.78 google.fr
    O1 - Hosts: 213.219.251.78 www.google.com.au
    O1 - Hosts: 213.219.251.78 google.com.au
    O1 - Hosts: 213.219.251.79 www.yahoo.com
    O1 - Hosts: 213.219.251.79 yahoo.com
    O1 - Hosts: 66.218.75.184 mail.yahoo.com
    O1 - Hosts: 213.219.251.81 astalavista.com
    O1 - Hosts: 213.219.251.81 www.astalavista.com
    O1 - Hosts: 213.219.251.81 astalavista.box.sk
    O1 - Hosts: 213.219.251.81 www.astalavista.box.sk
    O1 - Hosts: 213.219.251.81 cracks.com
    O1 - Hosts: 213.219.251.81 www.cracks.com
    O1 - Hosts: 213.219.251.80 www.msn.com
    O1 - Hosts: 213.219.251.80 msn.com
    O1 - Hosts: 213.219.251.80 search.msn.com
    O1 - Hosts: 213.219.251.80 www.search.msn.com
    O1 - Hosts: 213.219.251.80 go.com
    O1 - Hosts: 213.219.251.80 www.go.com
    O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
    O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab




    Download Hoster.

    http://www.funkytoad.com/download/hoster.zip

    This will restore your original Host files.
    Run the program and press Restore Original Hosts and press OK.




    Reboot and post a new hijackthis log.
Sign In or Register to comment.