Page 3 of 6 FirstFirst 123456 LastLast
Results 21 to 30 of 52

Thread: I've Got Winhound

  1. #21
    Member
    Join Date
    Dec 2005
    Posts
    0

    Default need more help, please

    Can't figure out how to add two missing files with Hijackthis. Am wondering if some of the programs I've installed to get rid of winhound are running in the background and causing the 6 min. startup time...Ewido, for instance?

  2. #22
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    No Ewido wouldnt couse that, do this please
    Download and run blacklite
    F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
    click > scan then > next, next again then exit
    there will be a new txt near blacklite. post it please.

  3. #23
    Member
    Join Date
    Dec 2005
    Posts
    0

    Default Backlite

    Lonny,
    I've run backlite. It shows nothing hidden...and I know you must find this frustrating, but I can't get the process log to copy and paste.
    I believe the commands you gave me were scan-next-next-exit. All I'm able to do is scan-next-exit. I can view the process long, but can't copy.

    also note: I've found I'm unable to change my desktop color. It changed to white and won't let me change it back...even after turn-off or re-start. Maybe my desktop is still hijacked?

  4. #24
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file, with nor\tepad not wordpad
    Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
    Code:
    Windows Registry Editor Version 5.00
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
    "WallpaperFileTime"=-
    "WallpaperLocalFileTime"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ForceActiveDesktopOn"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
    "Wallpaper"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    "NoHTMLWallPaper"=-
    "NoAddingComponents"=-
    "NoChangingWallpaper"=-
    "NoComponents"=-
    "NoDeletingComponets"=-
    "NoEditingComponents"=-
    Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

    Log off then back on again to windows

    Maybe a rootkillrevieler report will shows something
    Download unzip then scan with RootkitRevealer
    http://www.sysinternals.com/utilitie...trevealer.html
    when its done go file > save, attach or post the log back here in your next reply
    Not to worry, normal there are a few of item shown.
    It's an intensive scan, I suggest you disconnect from the internet and leave the PC alone until its finished.
    Since the log might be very large, Please edit out items in
    C:\RECYCLER\NPROTECT if there.
    c:\windows\temps
    c:\documents and settings\your name\---- temporary internet files.
    And C:\System Volume Information, before posting

  5. #25
    Member
    Join Date
    Dec 2005
    Posts
    0

    Default rootkillrevealer

    Lonny

    Log turned out to be very small

    HKLM\SOFTWARE\WinHound.com\WinHound\WinHound\License* 12/10/2005 8:24 PM 0 bytes Key name contains embedded nulls (*)
    D: 0 bytes Error mounting volume


    What next? By the way...would it matter if I'd done much of the scanning that we've done with systems restore in the 'off' position?
    Thanks

  6. #26
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Its shouldnt matter about system restore, usualy when all is cleaned we suggest turning it off reboot then back on again, that clears or flushs all the old restore points.

    That leftover winhound item cant(shouldnt) be cousing the problems you describe, I can describe how to manualy delete it but only if your already familur and confident with regedit, otherwise i think we should move onto something else.

  7. #27
    Member
    Join Date
    Dec 2005
    Posts
    0

    Default Next

    I'm not familiar. Maybe we should move on...but I'll try it if you think that's best.

  8. #28
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Is your desktop back to normal now ?

    Check in device manager for exclimation marks, if any are there write down the error numbers for us
    start > settings > control panel > system > hardware > device manager

    any other odd problems ? mention them even if they seam unrelated.

  9. #29
    Member
    Join Date
    Dec 2005
    Posts
    0

    Default Not back to normal

    Desktop not back to normal.
    no exclamation marks

    besktop background is white and unable to change it.

    and it still whirs like a sewing maching when I start up.
    no other obvious problems.

  10. #30
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Did you make and merge the registy file mention in post 24 ?
    http://forums.spybot.info/showpost.p...8&postcount=24

    Did you recieve a successfull message ?

    Post a startup list from hijackthis
    Start Hijackthis click config misc tools >
    plcase a check in [X] list also minor sections
    and [X] list empty sections, then click gernerate startuplist log.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •