Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: help to remove trojan ISearchTech.YSB

  1. #1
    Junior Member Rasasi's Avatar
    Join Date
    Nov 2005
    Posts
    0

    Default help to remove trojan ISearchTech.YSB

    Please who can help me to remove this trojan in my systeme. I've scaned my pc with spybot but the trojan still exist. Spybot is enable to remove it. Some one can help me to Remove it please.
    NB: My spybot is updated, and i've the last version of it.:(

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi Rasasi, Welcome to the forum

    Please read this
    http://forums.spybot.info/showthread.php?t=288

  3. #3
    Junior Member Rasasi's Avatar
    Join Date
    Nov 2005
    Posts
    0

    Default trojan ISearchTech.YSB

    Thank you LonnyRJones for your advice, but the trojan ISearchTech.YSB is still in my computer, can you help me to remove it please.
    i'used spybot and the others software but no positif result:(

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    Post a hijackthis log as mention in that link please

  5. #5
    Junior Member Rasasi's Avatar
    Join Date
    Nov 2005
    Posts
    0

    Default trojan ISearchTech.YSB

    HI LonnyRJones

    logfile hijacjthis-v1.99.1:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:32:21, on 27/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\VM_STI.EXE
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Menara\dslmon.exe
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\palstart.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Paltalk Messenger\paltalk.exe
    E:\YOUSSEF\Logiciels\Anti Spay\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecu...th.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE INTEX USB PC Camera
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: palstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C407BD5E-B98B-4847-98CB-711E1883F77D}: NameServer = 212.217.1.4 212.217.0.13
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

    thank you for your help.

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Im not seeing anything yet

    Post an SSD report please
    Open SpyBot 1.4, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools,and view report, ensure all the options are select near the bottom except
    Uncheck[ ] do not report disabled or known legitimate Items,
    uncheck[ ] Include a list of services in report.
    Uncheck[ ] Include uninstall list in report.
    Now select (near the top) view report, Press export, in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button , navigate to and attach or post that report please.

  7. #7
    Junior Member Rasasi's Avatar
    Join Date
    Nov 2005
    Posts
    0

    Default trojan ISearchTech.YSB

    HI LonnyRJones:

    SpybotSD.Report:

    thank you for your help

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    Lets try this first, if its still there afterwards we can try it another way

    Launch Notepad (not wordpad), and copy and paste the Bolded below into a new text file.
    Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar]

    Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

  9. #9
    Junior Member Rasasi's Avatar
    Join Date
    Nov 2005
    Posts
    0

    Default trojan ISearchTech.YSB

    HI LonnyRJones:

    it's still here.
    this is the report.
    thank you.

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    You realize its not harmfull, ?
    Its just a leftover, SSD and other programs cannot remove it becouse the reg entries permisions are messed up ?

    Are you familur (comfortable) with regedit ? if not i suggest we ignore the item.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •