Results 1 to 2 of 2

Thread: Homepage hijacker

  1. 2008-01-10, 21:03 #1
    JesseM
    JesseM is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    1

    Exclamation Homepage hijacker

    I am fairly new to all this, but have been using spybot S&D for a month or so. I have a problem removing the last part. It will not let me do anything with it. in the description it says files added by BADSECTOR trojan and GOLDUN trojan. Also it says it is a homepage hijacker. Please Help?
    --- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

    2007-12-27 unins000.exe (51.46.0.0)
    2007-08-31 blindman.exe (1.0.0.6)
    2007-08-31 SDMain.exe (1.0.0.4)
    2007-08-31 SDUpdate.exe (1.0.6.4)
    2007-08-31 SDWinSec.exe (1.0.0.8)
    2007-08-31 SpybotSD.exe (1.5.1.15)
    2007-08-31 TeaTimer.exe (1.5.0.9)
    2007-08-31 Update.exe (1.4.0.5)
    2007-08-31 advcheck.dll (1.5.3.0)
    2007-04-02 aports.dll (2.1.0.0)
    2007-04-02 DelZip179.dll (1.79.5.3)
    2007-08-31 SDHelper.dll (1.5.0.8)
    2007-08-31 Tools.dll (2.1.2.0)
    2008-01-09 Includes\Cookies.sbi
    2008-01-09 Includes\Revision.sbi
    2007-11-06 Includes\Tracks.uti
    2007-12-26 Includes\Dialer.sbi
    2007-12-26 Includes\Hijackers.sbi
    2007-10-04 Includes\Keyloggers.sbi
    2004-11-29 Includes\LSP.sbi
    2008-01-09 Includes\Malware.sbi
    2007-10-24 Includes\PUPS.sbi
    2008-01-09 Includes\Security.sbi
    2008-01-09 Includes\TrojansC.sbi
    2007-11-07 Includes\Spybots.sbi
    2008-01-09 Includes\SpybotsC.sbi
    2007-12-12 Includes\Trojans.sbi
    2008-01-09 Includes\SecurityC.sbi
    2008-01-09 Includes\PUPSC.sbi
    2008-01-09 Includes\MalwareC.sbi
    2008-01-09 Includes\KeyloggersC.sbi
    2008-01-09 Includes\HijackersC.sbi
    2008-01-09 Includes\DialerC.sbi
    2008-01-09 Includes\HeavyDuty.sbi
    2008-12-24 Plugins\TCPIPAddress.dll

    Located: HK_LM:Run, ashMaiSv
    command: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    file: C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    size: 247160
    MD5: 36088BA16E85C081D7BC48725872D540

    Located: HK_LM:Run, avast! Web Scanner
    command: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    file: C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    size: 345464
    MD5: 86ACF7955F4DB72880F61D724A97855A

    Located: HK_LM:Run, devldr16.exe
    command: C:\WINDOWS\SYSTEM\devldr16.exe
    file: C:\WINDOWS\SYSTEM\devldr16.exe
    size: 37888
    MD5: C8BE4F29715876C64D1FD55B60E41CAD

    Located: HK_LM:Run, KiweeHook
    command: "C:\Program Files\Kiwee Toolbar\kwtbaim.exe"
    file: C:\Program Files\Kiwee Toolbar\kwtbaim.exe
    size: 62776
    MD5: 8613DFFF54B81595284AF5B02975AE9F

    Located: HK_LM:RunServices, avast!
    command: C:\Program Files\Alwil Software\Avast4\ashServ.exe
    file: C:\Program Files\Alwil Software\Avast4\ashServ.exe
    size: 140664
    MD5: DBBB6E20EC8C38902C4935B249AEBE2A

    Located: HK_LM:RunServices, KB891711
    command: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    file: C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    size: 9088
    MD5: CBD841775A04E82B2828FC301AAFEE70

    Located: HK_LM:RunServices, KB918547
    command: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    file: C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
    size: 8256
    MD5: E5C7486D02E0D17E11C840694A5C55B5

    Located: HK_LM:RunServices, SchedulingAgent
    command: mstask.exe
    file: C:\WINDOWS\SYSTEM\mstask.exe
    size: 126976
    MD5: 6770EAF1DFB8D3C952DCA22CD956F570

    Located: HK_LM:Run, AudioHQ (DISABLED)
    command: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    file: C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    size: 204800
    MD5: BC07BD65FE5AAD56297B6232CFA4B39C

    Located: HK_LM:Run, devldr16.exe (DISABLED)
    command: C:\WINDOWS\SYSTEM\devldr16.exe
    file: C:\WINDOWS\SYSTEM\devldr16.exe
    size: 37888
    MD5: C8BE4F29715876C64D1FD55B60E41CAD

    Located: HK_LM:Run, LexStart (DISABLED)
    command: lexstart.exe
    file: C:\WINDOWS\SYSTEM\lexstart.exe
    size: 40960
    MD5: A884981FB187A8F89D927C9AB54B8A2E

    Located: HK_LM:Run, NvCplDaemon (DISABLED)
    command: RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_LM:Run, nwiz (DISABLED)
    command: nwiz.exe /install
    file: C:\WINDOWS\SYSTEM\nwiz.exe
    size: 352256
    MD5: DAB0C2A9F24E3F7503BA75B1BDF748EF

    Located: HK_LM:Run, PCHealth (DISABLED)
    command: C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    file: C:\WINDOWS\PCHealth\Support\PCHSchd.exe
    size: 24848
    MD5: 37556315E7DADD5EE414B5A438B7843D

    Located: HK_LM:Run, Speed racer (DISABLED)
    command: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    file: C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    size: 5632
    MD5: 8C21A9D01B5F44556ED27BA2964D1FF9

    Located: HK_LM:Run, SystemTray (DISABLED)
    command: SysTray.Exe
    file: C:\WINDOWS\SYSTEM\SysTray.Exe
    size: 36864
    MD5: A29D4E875BC3ED7042A9159A89B597DB

    Located: HK_LM:Run, TaskMonitor (DISABLED)
    command: C:\WINDOWS\taskmon.exe
    file: C:\WINDOWS\taskmon.exe
    size: 28672
    MD5: A23BCA4B69AC68FD410B6AFCCB11AF07

    Located: HK_LM:Run, TCASUTIEXE (DISABLED)
    command: TCAUDIAG -off
    file: C:\WINDOWS\SYSTEM\TCAUDIAG.exe
    size: 1327616
    MD5: 56F9907D4642CEC91E89743C33477E72

    Located: HK_LM:Run, UpdReg (DISABLED)
    command: C:\WINDOWS\Updreg.exe
    file: C:\WINDOWS\Updreg.exe
    size: 86016
    MD5: 73B627359F27C2FBC85590FF7808281B

    Located: HK_LM:RunServices, *StateMgr (DISABLED)
    command: C:\WINDOWS\System\Restore\StateMgr.exe
    file: C:\WINDOWS\System\Restore\StateMgr.exe
    size: 24848
    MD5: 02282C55DC8B1BF1FF1180C98D7337D6

    Located: HK_LM:RunServices, SchedulingAgent (DISABLED)
    command: mstask.exe
    file: C:\WINDOWS\SYSTEM\mstask.exe
    size: 126976
    MD5: 6770EAF1DFB8D3C952DCA22CD956F570

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: .DEFAULT...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1460560
    MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

    Located: HK_CU:Run, Yahoo! Pager
    where: .DEFAULT...
    command: "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
    file: C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe
    size: 3096576
    MD5: DADBB773F3D2315DCF04B7FD86A1E5F2

    Located: Startup (user), VersionTrackerPro.lnk (DISABLED)
    where: C:\WINDOWS\Start Menu\Programs\StartUp...
    command: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
    file: C:\WINDOWS\Installer\{C1EDC38F-2760-4A4E-9CED-95B53024134C}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe
    size: 53248
    MD5: 55240D350658714E38C032FB6C92ABCF

    Located: System.ini, Shell
    where: C:\WINDOWS\system.ini...
    command: Explorer.exe
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!
  2. 2008-01-11, 03:32 #2
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello.

    This is the malware removal forum and the procedure is here: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Copy/paste the logs requested into a new topic. I will close this one as helpers look for zero response, and in this busy forum they are more likely to pick up a topic that has the information required.

    Questions regarding Spybot-S&D support can be asked here: Spybot-S&D Forums

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules