Highjackthis and spyware removal resources and tips.

October 16th, 2005, 12:13 pm

free download manager is a decent one and from what my roomate tells me contains no adware. search it on - c-net to find the download.

October 30th, 2005, 11:11 am

avast! Self-Cleaner
This tool is made by the anti-virus company "avast!" This will search your whole computer thoroughly. Any viruses that it picks up will be reported to you.

http://files.avast.com/files/eng/aswclnr.exe

December 3rd, 2005, 6:36 am

Logfile of HijackThis v1.99.1
Scan saved at 9:13:44 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ASUSKBService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\jona\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=219.142.40.82:80
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{88D76665-037B-4E6B-9C41-988AF85E15F5}: NameServer = 140.114.63.1,140.114.64.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32CAD17-6D7A-4BFC-89DE-6F991140D89A}: NameServer = 140.114.63.1,140.114.64.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - C:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

December 3rd, 2005, 7:19 am

I would suggest you to read these before posting HijackThis log
http://www.ozzu.com/ftopic34568.html
http://www.ozzu.com/ftopic31034.html

Then please create a new topic, describe in brief about the problem and post a fresh new log(full log along with the header). It is better for many of the cases to take a log in safe mode.

Well, it doesnt show up any potetially dangerous entry. You can fix this instead.

Quote:

O3 - Toolbar: Underground Toolbar - {CCA00000-0000-0000-0000-000000000000} - C:\PROGRA~1\UNDERG~1\update.dll
Though this toolbar removal is under debate but I suggest to delete that

December 2nd, 2006, 2:00 am

Avast is great yes, but I have found AVG to be a little more friendly, fast and is updated frequently by their servers, you can get it from http://www.softe.org along with other tools for spyware removal and such,
remember to use a firewall, I use Filseclab, its free and gives super protection, you can also get that at softe.org

good luck

January 18th, 2007, 2:26 am

try sypwareterminator , i highly recommend it.

February 27th, 2007, 1:13 am

I am using Spyware terminator and i found it is better than Spybot S&D

May 14th, 2007, 10:59 am

great link mate! it is the right time to patch my OS!

May 15th, 2007, 7:31 pm

Hi!

Well, I've had good results with these two tools:

- SpywareBlaster.
- Spybot S&D.

They're for free, by the way.
Hope they're useful!

May 16th, 2007, 9:13 am

Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers

September 12th, 2007, 4:08 pm

faith1986 wrote:

Wooow, this is an amazing list!

If you allow me I have another FREE links:

AVG Free Anti-Spyware
PC Tools Antivirus
Infected Or Not
Panda ActiveScan

Cheers

Which is better from the list you recommend ? I am finding a free and good anti-virus because I suspect my computer is infected but my current spybot search and destory cannot detect it.

November 1st, 2007, 1:54 pm

hi guys, i am one of the new members of this forum and i really like it cause i can share my knowledge with you and i also learn some new tricks.
anyway, i've been reading this threat and is interesting; however, i decided i wanna share some other tricks to defeat viruses, spyware and trojans.

all your tips are very good but sometimes anti-viruses and other programs can get the job done completely, i know this, for i got infected with a program that totally hijacked my computer at work and it did a mess with my computer, eventually i tried to use my anti-spyware (windows defender, ad-aware etc) but none of these tools helped me at all. if you have similar problems to the ones i just described then don't get crazy. try to get as much information as you can from those programs, such as the name of the virus etc, (the most important part to me). and if the location of the files.

this information is really important, for you can get more information from there. so how can you get rid of those programs with that information and a few other tricks. well the first thing i would do is to try to get as much info as i can (like i said) then try to deny your system to access those files. sometimes you can't delete the files that belong to the virus because the system itself is using them. you can try to kill explorer.exe and then try to delete the files from the command prompt, but if you can't then use a program called "UNLOCKER" that program is great to unlock filed that are bing use in your system, after you unlock those files you will be probably be able to delete them without any problems.

if you can't do that then like i said try to deny your system to access those files, so how can you do this, well this is gonna work in windows xp pro and 2003, it is not gonna work in home edition unless you use the command prompt.

to deny access to fiules just go to the the folder options then go to view and uncheck the box that says"use simple file sharing"
that is gonna create a new tab in the properties of all the files in your computer, the tab name is "security" if you know about that is not a big deal but it is off by default in windows. now right click omn the files that belong to the virus or trojan and go to properties and click on the security tab. there you can deny access tyo any user account to that files (not recommended if you are trying to use that for security against other admin users, for they can override that security, for they have admin rights) anyway, there just uncheck the box that allow your system to access those files and check the one that says "deny";likewise, only let checked the box that allow your username to acccess that files.

after you do that with all the files that belong to the virus, just reboot your computer. after that your computer will not be able to access those files because you just denied access to them, then just go to the location of those files and delete them manually. this is a great trick that has worked for me 100%, i figured it out how to do this, when i got infected by a piece of spyware that no antyspyware could delete.

after you do this then, run your antivirus or antispyware to delete the mini files that are not working anymore because you don't have the main files that were infecting your computer, now your antivirus should not have any problems deleting the rest of the files such as registry keys and things like those.

2) another tip i would suggest is to use bootable operating systems such as knoppix or your own bootable cd such as the one that you can create with "pebuilder". PEBUILDER is a great program to create your own windows bootable cds, as you might already know there are many portable antiviruses and antispyware, so you can use them from your bootable cd and delete all the viruses that are in your computer, this will work pretty good because your system is not gonna be using the files, for you are using your system to run your bootable operating system not the one installed in your hard drive. Likewise, you can delete the files manually once you know where they are and the name of them. if you decide to built your windows bootable cd with pebuilder, look for the hundreds and hunderds of plugins for your cd, there are plugins even to create admin accounts in your operating system that is install in your computer, this is great when you can't remember your administrator password or when you wanna bet the password of other accounts in the computer by getting the hashes from your new admin account and cracking them.

another tool you can use is one of those "hiren's versions" that are out there, this is basically the same as having a bootable cd, but the only difference is that "hiren" has the antiviruses included within it, and some other great tools such as poartition magic and some other recovery programs.

another great tool that i love is a progrtam called "sandboxie" http://www.sandboxie.com/

this program is great because it creates a buffer in your computer in which you can run programs, when you run the program in that buffer created by sandboxie, the program is not able to infect, damage or affect your computer. so for instance if you think you might be getting viruses from your internet explorer, you can run internet explorer or mozilla from sandboxie,so that all the coockies, viruses, activex programs, or any other program that think you get from the net throught your browser will be totally delete it when you close sandproxy, all those viruses will go directly to the buffer, so they will never touch your any files in your hard drive. those viruses or program will not have any power on your computer because they are not written in your hard driove, but in the buffer. it is also great to test programs such as viruses and programs that you think are trojans etc.

also try to check what ports are open in your computer, for it can help you to see if you have a backdoor open in your computer, this is not gonna guaranty you don't have a trojan, for they can hide themselves sometimes; however, it will help you to find the ones that are not hiding from you. it is also good to take a snapshot of the processes running in your computer, just open your taskbar and maximize the windows then take a snapshot and save it, then if you see that something is going on wwith your computer then just check that pic that you had of your processes running in your computer and compare the ones that are in the pic with the ones that are running now in your computer, that might help you to see what processes might be affecrting your computer.

if you have a virus that is not letting you use your task manager then don't use the windows task manager, i recomment you use the ones from systernals http://www.microsoft.com/technet/sysint ... lorer.mspx
it is a great program that will give you much more info about all the processes running in your computer, it will also show you a bar that tells you what processes has been using more cpu cycles in your computer. it can also hijack your windows taskbar, so that every times you press ctrl alt delete, it will appear instead of the windows taskmanager.

try to use a good firewall, do not use the one that comes from windows, i also recomment you don't use zonealarm firewall because you will get problems to connect to the internet from times to time. you will have to set many thing to the firewall to work properly in your computer, i recomment you use the comodo firewall http://www.personalfirewall.comodo.com/
it is a great firewall, and creating the rules for it is very easy and does not take a lot of time.
i recommend you block icmp traffic in your computer, with the comodo firewall you can block icmp traffic coming to your computer not the one sleaving from your computer. i say this because i read on the new that new trojans are able to be activated by icmp traffic, which is a protocol not very observed by many firewalls.

if you are really afraid of viruses and trojans, then try to use a user account in your computer, not the admin account. i know this is a pain in the @## but if you want to have admin rights in your computer then just use the "ruin as" command that is given to you when you right click on a program when using a user account, if you don't like that then create a shortcut to command prommt, then open it by using the "run as" command and leave it open while you use your computer, then just type in the your cmd shell the name of the programs you wanna use with admin rights in your computer and command prompt will open them with admin rights without asking you everytime for the password and username.

i also recomment you never use internet explorer, usefirefox with the plugin to block scripts, that is good because you will not have to worry much about java scripts and activex programs running in your computer without you knowing about them.

if i remember more things i will post them, i am sorry if my post is taking so much space, sorry about that.

i hope i was helpful and that my tips can help you at least a little bit to get rid of viruses or spyware in your computer.

cya

November 1st, 2007, 2:04 pm

oh sorry , for those with very powerful computer, you might wanna use virtual computer. try to create a virtual computer of windows xp or 2003 with with virtual computer 2007 then use the converter of vmware to convert that virtualc omputer to vmware format, then just use vmware player to use your virtual computer. this is good because anything the you do in that virtual commputer does not affect your physical computer, unless it crashes, it might use more cpu cycles but at least you don't get infected with any viruses. then only probelsm is that if you get a virus in your virtual computer it will be there untill you use an antivirus to delete it, that is not good if you wanna tranfer files from your virtual computer to your physical computer. if you don't weanna have those problems then just create your virtual computer with "virtual computer 2007 from microsoft(free)" and use your virtual computer with that program, just check the box that says undo changes, in the menu. every time you shut down your virtual computer it will automatically delete any changes you made to it, including viruses and trojans and anything like it.

if you wanna use linux then you should use vmplayer. you can't just use linux if you don't have the files to use it. al you need is sa linux iso image and a vmware files to run that linux image, if you wanna have those vmware files you need to get the workstation program created by them; however, you can get them for free in some websites so that you don't have to have the workstation version. i will upload my file so that you can download it, just let me know if somebody needs it so that i can upload it to one of those websites and you can download it.

cya

November 27th, 2007, 4:41 pm

no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat

[spork]

November 27th, 2007, 8:40 pm

halen wrote:

no offense man, but this threat was created to be some kind of tutorial for people, not to post your problems but your solutions and suggestions. if you have a problem with your computer, then create a new threat

No offense either, but it would be nice if you'd start spell-checking your posts before you submit them.