Jump to content

HijackThis won't open


KGN2
 Share

Recommended Posts

I've been infected with the "Attention ! Spyware alert" virus and I tried running HijackThis, but I get the message "Security Warning: Application cannot be executed. The file hijackthis.exe is infected. Do you want to activate your antivirus software now?"

What steps do I take to remove it?

Link to post
Share on other sites

Welcome to the forum.

See if following this guide works.

Make sure you run rkill and then immediately run MBAM as desribed.

Most important....update MBAM before you run it.

The link below explains how to rename MBAM if needed:

http://forums.malwarebytes.org/index.php?s...st&p=274963

Post the logs back here, Good Luck....MrC

Link to post
Share on other sites

Welcome to the forum.

See if following this guide works.

Make sure you run rkill and then immediately run MBAM as desribed.

Most important....update MBAM before you run it.

The link below explains how to rename MBAM if needed:

http://forums.malwarebytes.org/index.php?s...st&p=274963

Post the logs back here, Good Luck....MrC

I restarted in safe mode with administrator privileges and followed the instructions for fix.reg, yet it still won't let me connect. Oh, I forgot to mention this, but MBAM won't update. Is there a location that I can manually download the malware list from?

Link to post
Share on other sites

Follow the directions in step #2 here and see if that doesn't fix your connection.

The download link for the latest definitions is here and they were also listed in the tutorial.

Let me know, MrC

I ran "fixme.bat" and I dos prompt box came up with the message: "Error: The system was unable to find the specified registry key or value", however I get get three "The operation completed successfully" messages. I restarted in safe mode with administrator privileges, yet it still won't let me connect.

Link to post
Share on other sites

Update and run MBAM if you can or.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Update and run MBAM if you can or.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Quick question, should I do a full scan or a quick scan.

Also, thanks for your time and patience, I really appreciate you taking your time to help me with this.

Link to post
Share on other sites

Are you able to get online now?

---------------

OK, please do this:

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O4 - HKCU\..\Run: [rxkdeygc] C:\DOCUME~1\BRIANC~1\LOCALS~1\Temp\uvntsgipr\fkpchtgsjmo.exe

Click on Fix Checked when finished and exit HijackThis.

------------------------

Then please do this:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://oldtimer.geekstogo.com/OTL.scr

Save it to your desktop.

Double click on the icon on your desktop.

Under the Custom Scan box paste this in:

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

/md5start

explorer.exe

winlogon.exe

wininit.exe

userinit.exe

/md5stop

Under the Standard Registry box change it to All.

Check the boxes beside LOP Check and Purity Check.

Click the Scan All Users checkbox.

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

MrC

Link to post
Share on other sites

You live not that far from me.

-------------------------

Is this something you downloaded?

C:\Documents and Settings\Brian Callahan\Desktop\trojankiller2088-setup.exe

------------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - File not found
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

------------------

Update and run a full scan with MBAM and post the results.

Be back tomorrow am, MrC

Link to post
Share on other sites

TrojanKiller was something I downloaded and installed on the recommendation one another board that it would wipe out the infection. Had I been able to get it to run, it might have worked. Should I get rid of it?

Here's the OTL log

All processes killed
========== OTL ==========
HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes

User: All Users

User: Brian Callahan
->Temp folder emptied: 421877312 bytes
->Temporary Internet Files folder emptied: 123692034 bytes
->Java cache emptied: 104594838 bytes
->FireFox cache emptied: 108267936 bytes
->Google Chrome cache emptied: 364964385 bytes
->Flash cache emptied: 80138 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34519 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33696392 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91237600 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 185808 bytes
RecycleBin emptied: 25878498 bytes

Total Files Cleaned = 1,216.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01292011_151355

OTLnew.log

mbam_log_2011_01_29__16_16_01_.txt

Link to post
Share on other sites

Everything seems to be back to normal, thank you for your time and patience. When I restarted in normal mode I got the following OLT log which I'm posing just in case there's something I overlooked.

All processes killed
========== OTL ==========
HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1616436302-157516105-2855111138-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 150183 bytes

User: All Users

User: Brian Callahan
->Temp folder emptied: 421877312 bytes
->Temporary Internet Files folder emptied: 123692034 bytes
->Java cache emptied: 104594838 bytes
->FireFox cache emptied: 108267936 bytes
->Google Chrome cache emptied: 364964385 bytes
->Flash cache emptied: 80138 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34519 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33696392 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91237600 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 185808 bytes
RecycleBin emptied: 25878498 bytes

Total Files Cleaned = 1,216.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01292011_151355

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.