Help - Search - Members - Calendar
Full Version: Mypoiskovik comes back...
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Eric92
Apr 5 2004, 07:34 PM
Even after fixing it with Hijack, it is re-installed at next boot-up.
Does someone knows where to look for the root cause of this
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security Professional\NISSERV.EXE
C:\Program Files\Norton Internet Security Professional\SymPxSvc.exe
C:\Program Files\Norton Internet Security Professional\ATRACK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mypoiskovik.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = My Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security Professional\IAMAPP.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: i-CABLE Easy Access.lnk = C:\Program Files\EasyAccess\starkit.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

Thanks
LoPhatPhuud
Apr 5 2004, 08:17 PM
Please post your ENTIRE HiJackThis log. There is header informtion we need and probably more info after the 09 entries.

Also, if you have used MSConfig to turn any entries off, turn everything back on and reboot before running HiJackThis. This is essential to diagnosing and removing spyware.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.