Jump to content

Hijack this will not run


Recommended Posts

After posting in the forum last night I got a responce to install Hijack this by Pcillen. I was unable to run hijack this. I have been working in safe mode. below is my post from yesterday for more detail.

I noticed after browsing around in my search engine yesterday (FireFox, yahoo search) My yahoo search looked messed up. when u search a site it takes you to a advertising site. I had this issue once before, I was told it was Malware infecting my browser..I was instrued to DL Malwarebytes & disable 3rd party sites. That worked for that issue. But this time I wasnt even able to OPEN malwareBytes. I was able to do virus check with my Pclllen software & pulled up nothing both in normal & safe mode. I have done a system restore, that did not work. I eventually found how to open Malware bytes by creating a short cut & changing its name(seems this virus affects certain programs u try & lanuch). I ran a full scan with malwareBytes with no success of catching the virus. When I am in Normal mode, my PC will shut down & I get the horrible blue screen of death that reads: River_Irql_not_less_or equal. So i know there is still something invading my PC even though my virus software is not picking it up. I really dont want to go through the trouble of uninstalling windows & re loading windows..Any advice?? Please help.

Link to post
Share on other sites

.I am unsure how to change the order.

To change the boot order, you must enter the BIOS. Reboot your computer and just after the initial screen, start tapping the Delete key (most of the time).

Using your arrow keys, you can select the category Usually the first of second one on the left) you want and hit Enter.

Make you changes, then Exit/Save changes

Link to post
Share on other sites

Thank you so much for the advice I found the .sys file & wiped it out followed by a scan & found 10 dirty files. I think I am clean!! System seems to be working great again. Below are my logs..Thanks again!! you saved my pc!

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/18 18:56

Program Version: Version 1.2.3.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\system32\UACbdveiqxf.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACbekvpphb.db

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACjbvwuwsf.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACmhlvdmpr.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UAColwmqhin.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uactmp.db

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACubrxdksf.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACvwubkrwx.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACymverqpm.dll

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACysiullop.log

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC66a4.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC83f5.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACmfxylkya.sys

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Lindsey\Local Settings\Temp\UAC9b9b.tmp

Status: Invisible to the Windows API!

Malwarebytes' Anti-Malware 1.34

Database version: 1866

Windows 5.1.2600 Service Pack 3

3/18/2009 7:19:17 PM

mbam-log-2009-03-18 (19-19-17).txt

Scan type: Quick Scan

Objects scanned: 93352

Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\UACbdveiqxf.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\Lindsey\Local Settings\Temp\UAC9b9b.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\UAC66a4.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACubrxdksf.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACvwubkrwx.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UACysiullop.log (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\UACmfxylkya.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.