browser hijack how to get rid??

  hinchie Y2K III 09:35 18 Aug 2004
Locked

hi all, mt browser has been hijacked by a link to click here or something like that. however it has latched onto internet explorer and browser hijack blaster has not noticed it?? it has left a icon on my desktop to the url or similiar above. the icon is blue with an orange x in it and is called ww15. any ideas on how to get rid folks?

thanks
Mark

  MAJ 10:39 18 Aug 2004

Probably the best way to get rid of hi-jackers is to download and run "HijackThis" click here and post the log file. I'm not sure if PCA allow HJT log files or if they'll display properly on this forum, though, hinchie Y2K III.

  hinchie Y2K III 13:57 18 Aug 2004

Logfile of HijackThis v1.97.7
Scan saved at 13:54:25, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\hpnra.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NoAds\NoAds.exe
C:\Documents and Settings\Mark\Application Data\wict.exe
C:\WINDOWS\System32\vxyxxjg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Urrs] C:\Documents and Settings\Mark\Application Data\wict.exe
O4 - HKCU\..\Run: [Woitre] C:\WINDOWS\System32\vxyxxjg.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Corel Network monitor worker (HKLM)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Corel Network monitor worker (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - click here
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - click here
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - click here
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here

  MAJ 14:42 18 Aug 2004

Put HJT.exe into a folder on it's own, hinchie Y2K III, that will keep all it's backup and log files in that folder rather than all over your desktop. I don't recognise the file "wict.exe" but if you recognise it then leave it.

Now press Ctrl, Alt and Delete to bring up the Task manager, click the Processes tab and end the Process on the "wict.exe" (if you don't recognise it) and "vxyxxjg.exe" files. Then search for and delete those two files (or move them to a another folder as a backup, just in case).

Then run HJT again (from it's new folder) and tick these entries in HJT, then close all browser windows (that's important) and click the "Fixed Checked" button in HJT.

O4 - HKCU\..\Run: [Urrs] C:\Documents and Settings\Mark\Application Data\wict.exe

O4 - HKCU\..\Run: [Woitre] C:\WINDOWS\System32\vxyxxjg.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - click here (make sure you get the correct one here, it's the "MediaTicketsInstaller.cab" entry).

I don't see a hijacker as such, your hijacker software must have dealt with it. To get rid of the desktop icon, try deleting it from Safe Mode.

  Fruit Bat /\0/\ 17:16 18 Aug 2004

Noads is a con

Its spyware and a hijacker into the bargain. delete as describe by MAJ

  hinchie Y2K III 09:24 25 Aug 2004

hi all done the above... i looked at the target of this file ww15 and this is what i got...
"C:\Program Files\InternetExplorer\IEXPLORE.EXE" click here

can i just delete internet explorer and let windows create a new one? or will it knack up?

forgot to mention running windows xp pro

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone