| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 71487 | 2006-08-07 06:28:00 | HijackThis help sought | timmy5953 (6846) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 476789 | 2006-08-07 06:28:00 | I'm helping a friend whose cmptr is having some odd problems -Win 98SE op system. Thru this forum, i got onto HijackThis and have done a scan, then an analysis [www.hijackthis.de Results = mostly "Safe" but had a few "Unknowns", some "Possibly nasty" entries and 2 "Nasty- Must be fixed" entries. Its these last 2 Id like to fix, but seek guidance/confirmation that a "fix" is a sensible plan, and if so, the steps to follow. Instead of posting the full report, here is the SHort Summary - C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - Unknown O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL - Nasty O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - Unknown O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\SYSTEM\anti_troj.exe - Unknown O4 - HKCU\..\Run: [key2] C:\WINDOWS\SYSTEM\winlog.exe - Nasty O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty the full report is at - www.hijackthis.de So the next steps are --?? all help appreciated. |
timmy5953 (6846) | ||
| 476790 | 2006-08-07 08:09:00 | The next step is to remove all those entries. And run some other antispyware programs too. |
pctek (84) | ||
| 476791 | 2006-08-07 17:37:00 | ............... this too: C:\WINDOWS\TEMP\HIJACKTHIS.EXE Check with an antivirus scanner Notice that HJT is in a TEMP file area? |
SurferJoe46 (51) | ||
| 476792 | 2006-08-08 00:05:00 | The next step is to remove all those entries do you mean every one of them, or just the `nasty' and/or `possibly nasty'? does removal put them in the RecycleBin? [if result of removal = calamity, i guess i cd restore them all & then try removing one by one, noting effects as i go] ............... this too: C:\WINDOWS\TEMP\HIJACKTHIS.EXE Check with an antivirus scanner i'll follow this advice too. i notice theres also a copy of HJT sitting where it proably sh/be in the PROGRAMS folder. thanx for help so far. |
timmy5953 (6846) | ||
| 476793 | 2006-08-08 00:19:00 | do you mean every one of them, or just the `nasty' and/or `possibly nasty'? I meant all of them that you listed in your post. But yes, nasty and possibly nasty. |
pctek (84) | ||
| 476794 | 2006-08-08 04:48:00 | These are the two that would be causing problems..delete them.The rest can stay. C:\WINDOWS\SYSTEM\anti_troj.exe C:\WINDOWS\SYSTEM\winlog.exe It looks like you are running Hijack This from a temporary location.This needs to have its own folder. Download HijackThis Self-installer (www.thespykiller.co.uk) This is a complete installer that installs HijackThis on the computer to C:\Program Files\HijackThis. |
Pancake (6359) | ||
| 476795 | 2006-08-09 00:58:00 | Eddy - the link you posted - wiki.castlecops.com is well worth a read by all who want a better knowledge of malware etc. thanks. All responders - i will get back to my friends cmptr later this week & work thru the probs using yr much appreciated advice |
timmy5953 (6846) | ||
| 1 | |||||