Help - Search - Members - Calendar
Full Version: NETSEARCHSOFT HIJACK!!! SOMEBODY PLEASE HELP ME
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
imhijacked
May 4 2004, 03:17 AM
SOMEBODY PLEASE HELP ME GET RID OF THIS CRAP!!!!!!! I'VE TRIED SO MANY THINGS AND I'M JUST GETTING MORE AND MORE ANGRY EVERY SINGLE DAY!!!!!!!! ANY HELP WOULD BE GREAT!!!!!!!!!!!!



Logfile of HijackThis v1.97.7
Scan saved at 11:16:33 PM, on 5/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\GridWin\DaleFast.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [yfqgtrj] rundll32 C:\WINDOWS\System32\yfqgtrj.dll,Init 1
O4 - HKLM\..\Run: [math load] C:\PROGRA~1\GridWin\DaleFast.exe
O4 - HKLM\..\RunOnce: [*yfqgtrj] rundll32 C:\WINDOWS\System32\yfqgtrj.dll,Init 1
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F3B0AD-D450-46B5-9179-6686A5603476}: NameServer = 198.235.216.111 209.226.175.223
LoPhatPhuud
May 5 2004, 11:27 PM
Please keep all your posts in one thread. I deleted your other posts.

Reboot in Safe Mode* and run HiJackThis.

Check the following items in HijackThis.
O4 - HKLM\..\Run: [yfqgtrj] rundll32 C:\WINDOWS\System32\yfqgtrj.dll,Init 1
O4 - HKLM\..\Run: [math load] C:\PROGRA~1\GridWin\DaleFast.exe
O4 - HKLM\..\RunOnce: [*yfqgtrj] rundll32 C:\WINDOWS\System32\yfqgtrj.dll,Init 1
Close all windows except HijackThis and click Fix checked:

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
C:\WINDOWS\System32\yfqgtrj.dll
C:\PROGRA~1\GridWin\DaleFast.exe


*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show hidden files/folders as per the instructions here http://www.tacktech.com/display.cfm?ttid=190

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot.


If you have items turned off in msconfig, please turn them all on before pospting a new HiJackThis log.

Post another HiJackThis log in this thread for review.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.