My computer has been hijacked HELP REQUIRED

Browntoa

we will get there in the end !!

you do realise that Bitcomet (and the lack of antivirus) was the probable source of this (also the downloading of a "codec" for Windows Media Player to view certain video content )

Luffy321

What can i say i love anime which is the reason why i have bitcomet and different types of codec. Here is the SMitFraudFix log:

SmitFraudFix v2.219

Scan done at 20:41:08.10, 02/09/2007
Run from C:\Documents and Settings\Compaq_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\wmpdev.dll Deleted
C:\WINDOWS\wmphost.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\!!7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer=15.243.128.51 15.243.160.51


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Well my computer seems to be back to normal but after waking up this morning i fear that this trojan will keep reappearing.
Again thanks for you help

Browntoa

if all looks ok now then go to control panel then "system" , click on the "system restore" tab and turn it off and on

then if you have not already done so , download www.ccleaner.com (think you need to remember to untick the box to install Yahoo toolbar) and run it to clear all your temp files etc

then download a real firewall

http://www.personalfirewall.comodo.com/

you will need to allow permission for stuff to access the net the first time they are used (if you are not sure what is trying to access the internet then google the file/program name) and tick the little box to allow the program to always have access

Browntoa

you can see why we asked you to start your own thread now, your (multiple) infection was harder to deal with than the other and each clean is more or less bespoke, it's like peeling an orange layer by layer, you are not sure what is underneath !!

hopefully things are clean now but just to be sure run off a hijackthis log tomorrow and let me know if you have problems

if all clean then just remember to scan in safe mode with the antivirus + superantispayware (after updating them) from time to time

Luffy321

yea i see why this needed it own thread my computer was riddled with filth. This infection could not of come at a worst time since im just about househunt on the internet for accommodation at university but thank to you it looks all clear now. I will install the firewall and post the hijack log tomorrow. Is there anyway i can repay for your dedication to my case?

Browntoa

thanks is all I need

I've learnt stuff on this thread, this new variant is the first one i've seen that stops you going to safe mode , there seems to be a spate of them looking around

hopefully everythings all ok now

Luffy321

Thanks again