Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hijacked by Find-Any 1

Status
Not open for further replies.
Ngolem

Ngolem

Programmer
Aug 23, 2001
2,724
CA
This is similar to the CoolSearch virus but an updated CWShredder does nothing to it.

I have a Win95 machine so much of this virus didn't install properly but still it has hijacked my browser....

Can anyone help me get rid of this crap?

Jim Broadbent

The quality of the answer is directly proportional to the quality of the problem statement!
 
Sort by date Sort by votes
Download HijackThis and run it, then look at the FAQs in this forum by myself and THoey on how to read the log.

John
 
Upvote 0 Downvote
Thanks for the direction....I read the Faq on interpreting the logfile, butI am basically a newbie at this. Below is the logfile from HijackThis.

The references to "any-find" seem obvious to fix but I am not sure of the others. BTW I got my version of the IE from
eznsearch and its logo appears at the top of the browser...I suppose this could go too.

Any comments on other things found in this logfile are welcome.....thanks for your help.

******************************************************

Logfile of HijackThis v1.97.7
Scan saved at 9:24:35 AM, on 3/25/04
Platform: Windows 95 B (Win9x 4.00.1111)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LOADWC.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\OLEHELP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\TEMP\NEW FOLDER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EZN
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [CookieWall] C:\PROGRAM FILES\ANALOGX\COOKIEWALL\COOKIE.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\SVCHOST.EXE
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.eznsearch.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -

Jim Broadbent

The quality of the answer is directly proportional to the quality of the problem statement!
 
Upvote 0 Downvote
Hi

First, open task manager and see if you can terminate olehelp.exe, then fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\olehelp.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.eznsearch.com
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
I would also run a good virus scanner over the computer, you don't seem to have any running in the background.

John
 
Upvote 0 Downvote
everything seems great now.....thanks

Jim Broadbent

The quality of the answer is directly proportional to the quality of the problem statement!
 
Upvote 0 Downvote
Jim,
Just saw your latest thread.
I think you're well on your way to having the material for a book-something like Adventures of the Novice Computer User. I think you got this one fixed up a little easier than some of the earlier ones.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
773
Yoko Littner
Yoko Littner
kjv1611
  • Locked
  • Question
AdwCleaner - Any Good? 1
Replies
2
Views
142
kjv1611
kjv1611
javierdlm001
  • Locked
  • Question
"Win32.Downloader.gen" found as Malware by Spybot
Replies
3
Views
172
2ffat
2ffat
Ngolem
  • Locked
  • Question
plagued by PUPS 3
Replies
9
Views
198
kjv1611
kjv1611
goombawaho
  • Locked
  • Question
Does any A-V stop the FBI/MoneyPak malwar?
Replies
13
Views
248
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top