PDA

View Full Version : HijackThis help sought



timmy5953
07-08-2006, 05:28 PM
I'm helping a friend whose cmptr is having some odd problems -Win 98SE op system.
Thru this forum, i got onto HijackThis and have done a scan, then an analysis [http://www.hijackthis.de/index.php?langselect=english].

Results = mostly "Safe" but had a few "Unknowns", some "Possibly nasty" entries and 2 "Nasty- Must be fixed" entries. Its these last 2 Id like to fix, but seek guidance/confirmation that a "fix" is a sensible plan, and if so, the steps to follow.

Instead of posting the full report, here is the SHort Summary -
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - Unknown
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL - Nasty
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE - Unknown
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\SYSTEM\anti_troj.exe - Unknown
O4 - HKCU\..\Run: [key2] C:\WINDOWS\SYSTEM\winlog.exe - Nasty
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL - Possibly nasty

the full report is at -
http://www.hijackthis.de/logfiles/ee19bbfa3dde6baccdf3f3f73807f372.html

So the next steps are --?? all help appreciated.

pctek
07-08-2006, 07:09 PM
The next step is to remove all those entries.
And run some other antispyware programs too.

SurferJoe46
08-08-2006, 04:37 AM
............... this too:

C:\WINDOWS\TEMP\HIJACKTHIS.EXE Check with an antivirus scanner

Notice that HJT is in a TEMP file area?

timmy5953
08-08-2006, 11:05 AM
The next step is to remove all those entries
do you mean every one of them, or just the `nasty' and/or `possibly nasty'?

does removal put them in the RecycleBin? [if result of removal = calamity, i guess i cd restore them all & then try removing one by one, noting effects as i go]


............... this too:

C:\WINDOWS\TEMP\HIJACKTHIS.EXE Check with an antivirus scanner
i'll follow this advice too. i notice theres also a copy of HJT sitting where it proably sh/be in the PROGRAMS folder.

thanx for help so far.

pctek
08-08-2006, 11:19 AM
do you mean every one of them, or just the `nasty' and/or `possibly nasty'?

I meant all of them that you listed in your post.
But yes, nasty and possibly nasty.

Pancake
08-08-2006, 03:48 PM
These are the two that would be causing problems..delete them.The rest can stay.

C:\WINDOWS\SYSTEM\anti_troj.exe
C:\WINDOWS\SYSTEM\winlog.exe

It looks like you are running Hijack This from a temporary location.This needs to have its own folder. Download HijackThis Self-installer (http://www.thespykiller.co.uk/files/HJTsetup.exe)
This is a complete installer that installs HijackThis on the computer to C:\Program Files\HijackThis.

timmy5953
09-08-2006, 11:58 AM
Eddy - the link you posted -

http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection

is well worth a read by all who want a better knowledge of malware etc. thanks.

All responders - i will get back to my friends cmptr later this week & work thru the probs using yr much appreciated advice