We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
My computer has been hijacked HELP REQUIRED
Options
Comments
-
we will get there in the end !!
you do realise that Bitcomet (and the lack of antivirus) was the probable source of this (also the downloading of a "codec" for Windows Media Player to view certain video content)
Ex forum ambassador
Long term forum member0 -
What can i say i love anime which is the reason why i have bitcomet and different types of codec. Here is the SMitFraudFix log:
SmitFraudFix v2.219
Scan done at 20:41:08.10, 02/09/2007
Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\wmpdev.dll Deleted
C:\WINDOWS\wmphost.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Well my computer seems to be back to normal but after waking up this morning i fear that this trojan will keep reappearing.
Again thanks for you help0 -
if all looks ok now then go to control panel then "system" , click on the "system restore" tab and turn it off and on
then if you have not already done so , download www.ccleaner.com (think you need to remember to untick the box to install Yahoo toolbar) and run it to clear all your temp files etc
then download a real firewall
http://www.personalfirewall.comodo.com/
you will need to allow permission for stuff to access the net the first time they are used (if you are not sure what is trying to access the internet then google the file/program name) and tick the little box to allow the program to always have accessEx forum ambassador
Long term forum member0 -
you can see why we asked you to start your own thread now, your (multiple) infection was harder to deal with than the other and each clean is more or less bespoke, it's like peeling an orange layer by layer, you are not sure what is underneath !!
hopefully things are clean now but just to be sure run off a hijackthis log tomorrow and let me know if you have problems
if all clean then just remember to scan in safe mode with the antivirus + superantispayware (after updating them) from time to timeEx forum ambassador
Long term forum member0 -
yea i see why this needed it own thread my computer was riddled with filth. This infection could not of come at a worst time since im just about househunt on the internet for accommodation at university but thank to you it looks all clear now. I will install the firewall and post the hijack log tomorrow. Is there anyway i can repay for your dedication to my case?0
-
thanks is all I need
I've learnt stuff on this thread, this new variant is the first one i've seen that stops you going to safe mode , there seems to be a spate of them looking around
hopefully everythings all ok nowEx forum ambassador
Long term forum member0 -
Thanks again0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards