trojan horse startpage pt3 for Nellie2

  march 08:51 02 May 2005
Locked

Nellie2

Have run the programs as you said and done the logs,

after I checked in add/remove programs & search assistant uninstall is not there;

the browser page is reset to what it should be;

avg antivirus did not come up with warning about trojanhorse startpage virus;

dont know what I did wrong with SpSeHjfix but after I ran it I clicked on log as you said but nothing came up;

will now post the log from Hijack this;
Pt 1 Hijack this logfile

Logfile of HijackThis v1.99.1

Scan saved at 08:03:30, on 02/05/05

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PQSC\PROGRAM\CPCTRAY.EXE

C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\MK9805.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS
SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

  march 08:52 02 May 2005

Pt 2 hjt log

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT
5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE

O4 - HKLM\..\Run: [InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [CHotKey] mk9805.exe

O4 - HKLM\..\Run: [AVG7_EMC]
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

  march 08:54 02 May 2005

Pt 3 hjt log

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

End of hjt log scan


what do you want me to do about the SpSeHjfix log?

will wait for your instuctions

thankyou for now

march

  Nellie2 10:07 02 May 2005

Don't worry too much about the SpSeHjfix log

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Reboot and post one more log (hopefully) just for a check over!

  march 10:23 02 May 2005

done as you asked; this is the new log

Pt1

Logfile of HijackThis v1.99.1
Scan saved at 10:11:05, on 02/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PQSC\PROGRAM\CPCTRAY.EXE

C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE

C:\WINDOWS\MK9805.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE

C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

C:\WINDOWS\SYSTEM\W98EJECT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

  march 10:24 02 May 2005

Pt 2

O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE

O4 - HKLM\..\Run: [InstantAccess]
C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h

O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - HKLM\..\Run: [CHotKey] mk9805.exe

O4 - HKLM\..\Run: [AVG7_EMC]
C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE

O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE

O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

O4 - Startup: w98Eject.lnk = C:\WINDOWS\System\w98eject.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

  march 10:25 02 May 2005

end of log,

  Nellie2 11:27 02 May 2005

That looks okay dokay to me!

Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following :

click here - Spyware Blaster - It will prevent most spyware from ever being installed.

click here - Spyware Guard - It offers realtime protection from spyware installation attempts.

click here - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

I also recommend reading this article written by Tony Klein click here

  march 11:57 02 May 2005

what a relief


my utmost thanks for your patience & expertise, time & help in this Nellie2

I am going to install all your suggestions & read the article,

You are a real star

my grateful thanks to stalion & to VoG™ for getting in touch with you on my behalf and for their patience with me with all the mistakes I made along the way; didn't make it easy did I?

I hope you manage to get in the garden today

Best wishes to all

A very relieved computer novice salutes you all

march xxx

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Android Oreo News: Release Date & New Features

Best Photo Editing Software for iPad

iMac 21.5-inch (2017) review

Comparatif : quelle est la meilleure batterie externe 2017 ?