Help, I can't get this damned thing off my cpu!

Discussion in 'Computers and The Internet' started by Kilgore Trout, Jan 15, 2005.

  1. Kilgore Trout

    Kilgore Trout Senior Member

    I've had the "about:blank" trojan program on my machine before, but I was able to get rid of it by using the system restore tool. Seems this time it attacked the restore program. When I try to run it, it restarts and then tells me it can't do it. It seems to have messed with my adaware program, too. Now when I try to run adaware, it freezes. WTF!?
    Help? Anyone?
     
  2. Lodui

    Lodui One Man Orgy

    I'd try some of the anti-trojan software.

    Heres a free one... I heard it was ok.

    http://www.tomcoyote.org/hjt/? target=

    If that doesn't work, I think that about blank thing is somewhere in system32

    If ya google, about: blank trojan, you can probably find someone to tell 'ya what to delete.

    Just boot into safe mode and delete the crap outta it.
     
  3. Shockw4ve

    Shockw4ve Member

    What you have is called a BHO (browser helper object). I guess in your case it isn't helping much though, so you would call it a browser hijacker. It isn't a trojan. A lot of people get trojans, viruses, and spyware confused. I'd much rather have what you have than a virus on my system. You shouldn't have too much of a problem getting that off of your system. This page should be able to guide you through the process. http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
     
  4. gdhmomchild

    gdhmomchild Duct tape abuser

    I just usually look up whats affecting my computer and can usually find a program that addresses it. I've had alot of success with a 2(a squared) I use it along with the other programs to debug. It's gotten rid of things that adaware and others haven't at times
     
  5. Kilgore Trout

    Kilgore Trout Senior Member

    Thanks for the tips. I'll give it a try.
     
  6. Trotsky311

    Trotsky311 Hip Forums Supporter HipForums Supporter

  7. SASSINC

    SASSINC Member

  8. gdhmomchild

    gdhmomchild Duct tape abuser

    lol, yeah.. I have about 7 different things I can run. The ones I use most are Adaware, Spybot search and destroy, a squared, Swat it, and avg anti-virus, all of those are freeware
     
  9. Kilgore Trout

    Kilgore Trout Senior Member

    I tried the spyware programs to no avail. Here is the logfile from hijack this:


    Logfile of HijackThis v1.99.0
    Scan saved at 11:24:29 PM, on 1/19/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    C:\WINDOWS\system32\sdkdy.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\WINDOWS\iewv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\Documents and Settings\Mike\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xyfkd.dll/sp.html#44768
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\fsyvf0dy.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mike\Application Data\Mozilla\Profiles\default\fsyvf0dy.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {D62AF7AD-07CE-E9A0-FD1B-568C456795DE} - C:\WINDOWS\netfx.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iewv.exe] C:\WINDOWS\iewv.exe
    O4 - HKLM\..\Run: [7.tmp] C:\DOCUME~1\Mike\LOCALS~1\Temp\7.tmp.exe 1 10001
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.21 V1.10\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.awmdabest.com (HKLM)
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\qjndrbql.exe
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/6ee5e191/enter.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105779506670
    O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://timeentry.muohio.edu/WFC/plugins/j2re-1_3_1_02-win.exe
    O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: VAIO Media Music Server - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\system32\sdkdy.exe


    (I do see one that says about:blank. Is it ok to delete it?)

    (I hope none of those say "gay porn" or anything like that.)
    :&
     
  10. gdhmomchild

    gdhmomchild Duct tape abuser

    one thing you may have to do is turn off yer system restore, get rid of it, then turn it back on. i had a nasty that wouldn't go away till i did. there's a help file in windows about it. aboutblank..delete!!!
     
  11. Shockw4ve

    Shockw4ve Member

    Post your hijack this log in the forum that I suggested. They will be much more qualified to help you because they specialize in analyzing hijack this logs. They are much more qualified to help you. You don't want someone giving you suggestions, even though they have the best intentions in mind, that could up doing more harm than good. I'm not an expert on Hijack This logs, but it looks to me like your system could use a good cleaning. Just post your log on the forum I suggested and they should be able to get you cleaned out.
     
  12. Kilgore Trout

    Kilgore Trout Senior Member

    What forum?
     
  13. Zer0_II

    Zer0_II Member

Share This Page


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice