http://www.securitybulletin.net????

[UnknownUser]

hssp://www.securitybulletin.....net/

This site comes up everytime I click IE. How do I get rid of it? [smiley=angry.gif]

[Dilbert]

Could you please download HijackThis, run it on the infected PC, save the logfile, zip it with WinZip, and attach the zip file to your next post? We'll be able to take a look and suggest fixes from there.

[UnknownUser]

Could you please download HijackThis, run it on the infected PC, save the logfile, zip it with WinZip, and attach the zip file to your next post? We'll be able to take a look and suggest fixes from there.

[dl65]

UnknownUser..... You appear to have been hijacked .........
Before we continue with hijackthis .......  I would like you to D/L and install Ewido V3.5 ... get it at http://www.filehippo.com/download_ewido/    once you have it installed , get the latest updates .....and then  D/L and install CCleaner.... http://www.filehippo.com/download_ccleaner/  Now turn off system restore and reboot into safe mode .... Once in safe mode , run "Cleaner" and "Issues" ......You can safely remove anything cleaner finds. Then when you run "issues" if any are found , yopu will be prompted to backup....... do do and once backed up click fix selected ..........
Now run Ewido ........ do the complete scan .. When thats complete, reboot back into normal mode and post a new hijackthis log and we will proceed.

dl65  

[UnknownUser]

UnknownUser..... You appear to have been hijacked .........
Before we continue with hijackthis .......  I would like you to D/L and install Ewido V3.5 ... get it at http://www.filehippo.com/download_ewido/    once you have it installed , get the latest updates .....and then  D/L and install CCleaner.... http://www.filehippo.com/download_ccleaner/  Now turn off system restore and reboot into safe mode .... Once in safe mode , run "Cleaner" and "Issues" ......You can safely remove anything cleaner finds. Then when you run "issues" if any are found , yopu will be prompted to backup....... do do and once backed up click fix selected ..........
Now run Ewido ........ do the complete scan .. When thats complete, reboot back into normal mode and post a new hijackthis log and we will proceed.

dl65  

Ok, did that.

[dl65]

UnknownUser  ......Ok ,lets see what we can do......
In your running processes .........

C:\Documents and Settings\Compaq_Administrator\My Documents\[highlight]??sks\c?rss.exe [/highlight]

C:\WINDOWS\[highlight]ALCXMNTR.EXE  [/highlight]

Go to the location shown and remove the highlighted items.

Now .......Using hijackthis...... mark for removal the following :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.216.65.219:8080

R3 - URLSearchHook: (no name) - {1AD0F193-640D-6B8B-7976-34B6791DAC98} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\ICROSO~1\nopdb.exe" -vt yax    
 
 O4 - HKCU\..\Run: [Zwhzglwr] C:\Documents and Settings\Compaq_Administrator\My Documents\??sks\c?rss.exe  

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162    

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab  

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

ok .......  mark the above for removal and then click on fix checked .

Now reboot and see if your homepage is as it should be ........

Then post a fresh hijackthis logfile.

dl65  

[UnknownUser]

UnknownUser  ......Ok ,lets see what we can do......
In your running processes .........

C:\Documents and Settings\Compaq_Administrator\My Documents\[highlight]??sks\c?rss.exe [/highlight]

C:\WINDOWS\[highlight]ALCXMNTR.EXE  [/highlight]

Go to the location shown and remove the highlighted items.

Now .......Using hijackthis...... mark for removal the following :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 168.216.65.219:8080

R3 - URLSearchHook: (no name) - {1AD0F193-640D-6B8B-7976-34B6791DAC98} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\COMPAQ~1\MYDOCU~1\ICROSO~1\nopdb.exe" -vt yax    
 
 O4 - HKCU\..\Run: [Zwhzglwr] C:\Documents and Settings\Compaq_Administrator\My Documents\??sks\c?rss.exe  

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162    

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab  

O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)

ok .......  mark the above for removal and then click on fix checked .

Now reboot and see if your homepage is as it should be ........

Then post a fresh hijackthis logfile.

dl65  

Both highlighted files weren't there. :-?

[dl65]

 UnknownUser.....Thays good , perhaps you are rid of them now......
Is you homepage opening at the one you want ?

dl65  

[Fed]

Have you set your options to show hidden files etc?

[UnknownUser]

UnknownUser.....Thays good , perhaps you are rid of them now......
Is you homepage opening at the one you want ?

dl65  

No.

Have you set your options to show hidden files etc?

Yes.

[GX1_Man]

Did you try to reset your home page to what you want? (Tools/Internet Options)

[dl65]

Please post another hijackthis log .......

dl65  

[UnknownUser]

Did you try to reset your home page to what you want? (Tools/Internet Options)

Yes.

Please post another hijackthis log .......

dl65  

[Fed]

The files are still there.... Did you carry out the following?...

Windows XP

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

[UnknownUser]

The files are still there.... Did you carry out the following?...

Windows XP

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.

I found the A one but I couldn't find the other. Heres a screen...

http://img397.imageshack.us/img397/6729/untitled16fz.png