huge uncurable spyware attack

**leonidas** · 03-29-2005, 08:33 PM

I was stupid tried to install Nod32, thinkig that a working version had finally been released, so now, as my antivirus protection was inexistant I've just had an attack:

ad-aware & spybot( both updated) can't remove the shit ( something named isearch highjacking)

Norton corp 8.1 neither (updated)

and neither can microsoft antispyware ( updated)

That shit distroyed my windows firewall, fucked up my firefox, put me a search bar in the desktop, slowed down my computer, & pooped sum icons on my desktop.

what should I do?

**100%** · 03-29-2005, 08:47 PM

remove anyweird items from your startup -use this http://www.windowsstartup.com/download.php or something else
kill anyweird processes from from taskmanager (ctrl alt delete)
ten run spyware again
also
hijackthis log - download here http://www.majorgeeks.com/download3155.html

**leonidas** · 03-29-2005, 09:13 PM

doesn't work ):

**tesco** · 03-29-2005, 09:17 PM

post the hijackthis! log or have it analyzed here: www.hijackthis.de

**leonidas** · 03-29-2005, 09:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:20:32, on 29/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\0\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\fp4403hqe.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

**leonidas** · 03-29-2005, 09:36 PM

so I've downloaded hijack this, had analised my computer, and had analised the log file so I get this (see image enclosed)

I cant remove the shit from the window task manager, nor with the "Startup Inspector for Windows" 15 percent told me.

**leonidas** · 03-29-2005, 10:01 PM

i've never seen something like this, even with run---msconfig , it doesn't work!!!

**leonidas** · 03-29-2005, 10:05 PM

anyone here ?

**S!X** · 03-29-2005, 10:22 PM

boot into safe mode and try to remove all that shit with your spyware apps. It might work may not.

**100%** · 03-29-2005, 10:24 PM

open your hosts file with notepad
the hosts file is here (it is simply a file called "hosts"
Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

delete these lines
69.20.16.183 search.netscape.com
69.20.16.183 ieautosearch
69.20.16.183 auto.search.msn.com

and save.

Thread: huge uncurable spyware attack

Thread Tools

Bookmarks

Bookmarks

Posting Permissions