PDA

View Full Version : Homepage hijacker



JesseM
2008-01-10, 22:03
I am fairly new to all this, but have been using spybot S&D for a month or so. I have a problem removing the last part. It will not let me do anything with it. in the description it says files added by BADSECTOR trojan and GOLDUN trojan. Also it says it is a homepage hijacker. Please Help?
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-12-27 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-09 Includes\Cookies.sbi
2008-01-09 Includes\Revision.sbi
2007-11-06 Includes\Tracks.uti
2007-12-26 Includes\Dialer.sbi
2007-12-26 Includes\Hijackers.sbi
2007-10-04 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2008-01-09 Includes\Malware.sbi
2007-10-24 Includes\PUPS.sbi
2008-01-09 Includes\Security.sbi
2008-01-09 Includes\TrojansC.sbi
2007-11-07 Includes\Spybots.sbi
2008-01-09 Includes\SpybotsC.sbi
2007-12-12 Includes\Trojans.sbi
2008-01-09 Includes\SecurityC.sbi
2008-01-09 Includes\PUPSC.sbi
2008-01-09 Includes\MalwareC.sbi
2008-01-09 Includes\KeyloggersC.sbi
2008-01-09 Includes\HijackersC.sbi
2008-01-09 Includes\DialerC.sbi
2008-01-09 Includes\HeavyDuty.sbi
2008-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, ashMaiSv
command: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
file: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
size: 247160
MD5: 36088BA16E85C081D7BC48725872D540

Located: HK_LM:Run, avast! Web Scanner
command: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
file: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
size: 345464
MD5: 86ACF7955F4DB72880F61D724A97855A

Located: HK_LM:Run, devldr16.exe
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD

Located: HK_LM:Run, KiweeHook
command: "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
file: C:\Program Files\Kiwee Toolbar\kwtbaim.exe
size: 62776
MD5: 8613DFFF54B81595284AF5B02975AE9F

Located: HK_LM:RunServices, avast!
command: C:\Program Files\Alwil Software\Avast4\ashServ.exe
file: C:\Program Files\Alwil Software\Avast4\ashServ.exe
size: 140664
MD5: DBBB6E20EC8C38902C4935B249AEBE2A

Located: HK_LM:RunServices, KB891711
command: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
file: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
size: 9088
MD5: CBD841775A04E82B2828FC301AAFEE70

Located: HK_LM:RunServices, KB918547
command: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
file: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
size: 8256
MD5: E5C7486D02E0D17E11C840694A5C55B5

Located: HK_LM:RunServices, SchedulingAgent
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570

Located: HK_LM:Run, AudioHQ (DISABLED)
command: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
file: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
size: 204800
MD5: BC07BD65FE5AAD56297B6232CFA4B39C

Located: HK_LM:Run, devldr16.exe (DISABLED)
command: C:\WINDOWS\SYSTEM\devldr16.exe
file: C:\WINDOWS\SYSTEM\devldr16.exe
size: 37888
MD5: C8BE4F29715876C64D1FD55B60E41CAD

Located: HK_LM:Run, LexStart (DISABLED)
command: lexstart.exe
file: C:\WINDOWS\SYSTEM\lexstart.exe
size: 40960
MD5: A884981FB187A8F89D927C9AB54B8A2E

Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz (DISABLED)
command: nwiz.exe /install
file: C:\WINDOWS\SYSTEM\nwiz.exe
size: 352256
MD5: DAB0C2A9F24E3F7503BA75B1BDF748EF

Located: HK_LM:Run, PCHealth (DISABLED)
command: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe
size: 24848
MD5: 37556315E7DADD5EE414B5A438B7843D

Located: HK_LM:Run, Speed racer (DISABLED)
command: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
file: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
size: 5632
MD5: 8C21A9D01B5F44556ED27BA2964D1FF9

Located: HK_LM:Run, SystemTray (DISABLED)
command: SysTray.Exe
file: C:\WINDOWS\SYSTEM\SysTray.Exe
size: 36864
MD5: A29D4E875BC3ED7042A9159A89B597DB

Located: HK_LM:Run, TaskMonitor (DISABLED)
command: C:\WINDOWS\taskmon.exe
file: C:\WINDOWS\taskmon.exe
size: 28672
MD5: A23BCA4B69AC68FD410B6AFCCB11AF07

Located: HK_LM:Run, TCASUTIEXE (DISABLED)
command: TCAUDIAG -off
file: C:\WINDOWS\SYSTEM\TCAUDIAG.exe
size: 1327616
MD5: 56F9907D4642CEC91E89743C33477E72

Located: HK_LM:Run, UpdReg (DISABLED)
command: C:\WINDOWS\Updreg.exe
file: C:\WINDOWS\Updreg.exe
size: 86016
MD5: 73B627359F27C2FBC85590FF7808281B

Located: HK_LM:RunServices, *StateMgr (DISABLED)
command: C:\WINDOWS\System\Restore\StateMgr.exe
file: C:\WINDOWS\System\Restore\StateMgr.exe
size: 24848
MD5: 02282C55DC8B1BF1FF1180C98D7337D6

Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
command: mstask.exe
file: C:\WINDOWS\SYSTEM\mstask.exe
size: 126976
MD5: 6770EAF1DFB8D3C952DCA22CD956F570

Located: HK_CU:Run, SpybotSD TeaTimer
where: .DEFAULT...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, Yahoo! Pager
where: .DEFAULT...
command: "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
file: C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe
size: 3096576
MD5: DADBB773F3D2315DCF04B7FD86A1E5F2

Located: Startup (user), VersionTrackerPro.lnk (DISABLED)
where: C:\WINDOWS\Start Menu\Programs\StartUp...
command: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
file: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
size: 53248
MD5: 55240D350658714E38C032FB6C92ABCF

Located: System.ini, Shell
where: C:\WINDOWS\system.ini...
command: Explorer.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

tashi
2008-01-11, 04:32
Hello.

This is the malware removal forum and the procedure is here: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Copy/paste the logs requested into a new topic. I will close this one as helpers look for zero response, and in this busy forum they are more likely to pick up a topic that has the information required. :)

Questions regarding Spybot-S&D support can be asked here: Spybot-S&D Forums (http://forums.spybot.info/forumdisplay.php?f=4)

Cheers. :)