Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HijackThis cannot remove thos items

Status
Not open for further replies.
markask

markask

Programmer
Apr 28, 2005
167
GB
Hi,

When doing search, say in google, I got some pop windows.
I use HijackThis+ and got a list of items might need be deleted. I deleted them by HijackThis but they come back quickly. Can you help me!

The bossible virus list:

---------
Nasty :
--------
R3 - Default URLSearchHook is missing
Nasty Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed.

----------------------
Possibly nasty
----------------------
O4 - HKLM\..\Run: [winld32.exe] C:\WINDOWS\winld32.exe
Possibly nasty
Hit rate: 12 % (result) It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.

--------------
Unknown:
--------------
C:\WINDOWS\system32\addax32.exe
Unknown running process. (addax32.exe)
This is a unknown process.

C:\WINDOWS\winld32.exe
Unknown running process. (winld32.exe)
This is a unknown process.

O2 - BHO: Class - {02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86} - C:\WINDOWS\msvv32.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86] - Result: ) has been checked. Hit rate: -1 % Unknown application.

O2 - BHO: Class - {723A508C-C0DA-A207-D99C-49CB499D8E4B} - C:\WINDOWS\mfcou32.dll
Unknown Entries found in this registry zone are potentially nasty. This application ([723A508C-C0DA-A207-D99C-49CB499D8E4B] - Result: ) has been checked. Hit rate: -1 % Unknown application.

O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addax32.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (addax32.exe)
 
Sort by date Sort by votes
faq608-4650
Download the indicated tools and try running them in Safe Mode.

Then follow with the online Antivirus scans in Normal Mode.
 
Upvote 0 Downvote
No.....now my IE6 browser cannot work (by the virus?), I am using FireFox.
The online scans need IE browser?
 
Upvote 0 Downvote
Hi,

After remove some virus I can use IE(the virus come back very quickly and I need to delete some to use IE again)
I tried Panda online scan, it said I have got 42 items but can only remove 2 of them for me. I then open the "dos" window under safe mode and deleted all the 40 items. After re open my windows, virus still running.....
 
Upvote 0 Downvote
Sometimes it is best to start from scratch... meaning, you may be heading to a clean install here...

When a system gets logged down with spyware, Virii, Trojans, worms, etc. like yours (42 items, whew that's a h*ll of lot), it seems that you are not completely doing your homework right...

1.) Updated AntiVirus program... ie. AVG Free, Panda, McAffee, Norton, etc... always running...

2.) Firewall installed and running... ie. ZoneAlarm Personal, Kerio Personal, Tiny, etc...

3.) ActiveX, JavaScript and Scripting turned off (Turned on only for Websites that are trusted like MicroSoft etc.)...

4.) don't open any Mail attachments that you don't know where they come from...

5.) installed and running of AntiSpyware programs, like MS Antispyware, SpyBot S&D, AdAware, etc...

these are just a few tips to stay 90% (there is no 100% if your on the internet and surfing dubios sites) clean...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Upvote 0 Downvote
A technique I've found useful when dealing with active tasks that try and reload themselves is to reboot into safe mode then run HijackThis and fix the problems. Be aware though that you won't be able to log onto the internet whilst in safe mode (as it doesn't activate the networking subsystems of Windows).

You don't say which version of Windows you are running, but for Windows 95/98/XP (which all use the "C:\WINDOWS" folder as the default operating system base) press F8 when you get the "Starting Windows <version>" onscreen and choose Safe mode.
Once the items have been removed, run a full virus scan with whatever applications you have and clean everything. Likewise with anti adware/spyware/malware stuff like Spybot S&D or Microsoft Antispyware.
Once finished, reboot.

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CCX008
  • Locked
  • Question
Barowwsoe2save , how can I remove this stubborn virus !! 3
Replies
10
Views
257
goombawaho
goombawaho
lvis001
  • Locked
  • Question
Cannot remove &quot;pup.bprotector&quot; 1
Replies
6
Views
183
goombawaho
goombawaho
MrMode
  • Locked
  • Question
Can anyone tell me what to remove with hijack this?
Replies
2
Views
136
MrMode
MrMode
lowKut
  • Locked
  • Question
Cannot Deploy LiveUpate Policy to Clients
Replies
3
Views
104
symthomas
symthomas
gezster
  • Locked
  • Question
How do I remove the Fake SCANDISK virus 2
Replies
5
Views
110
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top